David Basin
Jürgen Doser
Abstract
We present a new approach to building secure systems. In our approach, which we call Model Driven Security, designers specify system models along with their security requirements and use tools to automatically generate system architectures from the models, including complete, configured access control infrastructures. Rather than fixing one particular modeling language for this process, we propose a general schema for constructing such languages that combines languages for modeling systems with languages for modeling security. We present several instances of this schema that combine (both syntactically and semantically) different UML modeling languages with a security modeling language for formalizing access control requirements. From models in the combined languages, we automatically generate access control infrastructures for server-based applications, built from declarative and programmatic access control mechanisms. The modeling languages and generation process are semantically well-founded and are based on an extension of Role-Based Access Control. We have implemented this approach in a UML-based CASE-tool and report on experiments.
- Ahn, G.-J. and Sandhu, R. S. 1999. The RSL99 language for role-based separation of duty constraints. In Proceedings of the 4th ACM Workshop on Role-based Access Control. ACM Press, 43--54.]] Google Scholar
- Ahn, G.-J. and Sandhu, R. S. 2000. Role-based authorization constraints specification. ACM Trans. Inform. Syst. Security 3, 4 (November), 207--226.]] Google Scholar
- Ahn, G.-J. and Shin, M. E. 2000. UML-based representation of role-based access control. In 9th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2000). IEEE Computer Society, 195--200.]] Google Scholar
- Ahn, G.-J. and Shin, M. E. 2001. Role-based authorization constraints specification using object constraint language. In 10th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2001). IEEE Computer Society, 157--162.]] Google Scholar
- Akehurst, D. and Kent, S. 2002. A relational approach to defining transformations in a metamodel. In UML 2002---The Unified Modeling Language. Model Engineering, Languages, Concepts, and Tools. 5th International Conference, Dresden, Germany, September/October 2002, Proceedings. LNCS, vol. 2460. Springer Verlag, 243--258.]] Google Scholar
- Beckert, B., Keller, U., and Schmitt, P. H. 2002. Translating the Object Constraint Language into first-order predicate logic. In Proceedings of the Second Verification Workshop: VERIFY'02 (Copenhagen, Denmark, July 25--26, 2002), S. Autexier and H. Mantel, Eds. DIKU technical reports, vol. 02-07. 113--123.]]Google Scholar
- Bell, D. E. and LaPadula, L. J. 1976. Secure computer systems: Unified exposition and multics interpretation. Tech. Rep. MTR-2997, The Mitre Corporation. March.]]Google Scholar
- Beyer, D. 2001. C# COM+ Programming, Book and CD-ROM (October 15, 2001) ed. John Wiley & Sons.]] Google Scholar
- Brewer, D. and Nash, M. 1989. The chinese wall security policy. In Proceedings of the 1989 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 206--214.]]Google Scholar
- Chen, F. and Sandhu, R. S. 1996. Constraints for role-based access control. In Proceedings of the 1st ACM Workshop on Role-based Access Control. ACM Press, 39--46.]] Google Scholar
- Damianou, N. 2002. A policy framework for management of distributed systems. Ph.D. thesis, Imperial College, University of London.]]Google Scholar
- Damianou, N., Dulay, N., Lupu, E., and Sloman, M. 2001. The ponder policy specification language. In Policies for Distributed Systems and Networks (POLICY 2001), M. Sloman, J. Lobo, and E. C. Lupu, Eds. Number 1995 in LNCS. Springer-Verlag, 18--38.]] Google Scholar
- Epstein, P. and Sandhu, R. S. 1999. Towards a UML based approach to role engineering. In Proceedings of the 4th ACM Workshop on Role-based Access Control. ACM Press, 135--143.]] Google Scholar
- Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., and Chandramouli, R. 2001. Proposed NIST standard for role-based access control. ACM Trans. Inform. Syst. Security (TISSEC) 4, 3, 224--274.]] Google Scholar
- Frankel, D. S. 2003. Model Driven Architecture#8482; : Applying MDA#8482; to Enterprise Computing. John Wiley & Sons.]] Google Scholar
- Goguen, J. A. and Meseguer, J. 1992. Order-sorted algebra I: equational deduction for multiple inheritance, overloading, exceptions and partial operations. Theor. Comput. Sci. 105, 2 (November), 217--273.]] Google Scholar
- Hubert, R. 2001. Convergent Architecture: Building Model Driven J2EE Systems with UML. John Wiley & Sons.]] Google Scholar
- Hunter, J. 2001. Java Servlet Programming, 2nd Edition. O'Reilly & Associates.]] Google Scholar
- Jaeger, T. 1999. On the increasing importance of constraints. In Proceedings of 4th ACM Workshop on Role-based Access Control. ACM Press, 33--42.]] Google Scholar
- Jürjens, J. 2001. Towards development of secure systems using UMLsec. In Fundamental Approaches to Software Engineering (FASE/ETAPS 2001), H. Hussmann, Ed. Number 2029 in LNCS. Springer-Verlag, 187--200.]] Google Scholar
- Kiczales, G., Lamping, J., Menhdhekar, A., Maeda, C., Lopes, C., Loingtier, J.-M., and Irwin, J. 1997. Aspect-oriented programming. In Proceedings European Conference on Object-Oriented Programming, M. Akşit and S. Matsuoka, Eds. Vol. 1241. Springer-Verlag, 220--242.]]Google Scholar
- Krasner, G. E. and Pope, S. T. 1988. A cookbook for using the model-view controller user interface paradigm in smalltalk-80. J. Object Oriented Prog. 1, 3, 26--49.]] Google Scholar
- Lodderstedt, T. 2003. Model driven security: from UML models to access control architectures. Ph.D. thesis, University of Freiburg, Germany.]]Google Scholar
- Mayfield, T., Roskos, J. E., Welke, S. R., and Boone, J. M. 1991. Integrity in automated information systems. Tech. Rep. 79--91, National Computer Security Center. September.]]Google Scholar
- Monson-Haefel, R. 2001. Enterprise JavaBeans (3rd Edition). O'Reilly & Associates.]] Google Scholar
- Object Management Group 2002. Meta-Object Facility (MOF#8482;), version 1.4. Object Management Group. http://www.omg.org/technology/documents/formal/mof.htm.]]Google Scholar
- Rumbaugh, J., Jacobson, I., and Booch, G. 1998. The Unified Modeling Language Reference Manual. Addison-Wesley.]] Google Scholar
- von der Beeck, M. 1994. A comparison of statechart variants. In Formal Techniques in Real-Time and Fault-Tolerant Systems, H. Langmaack, W.-P. de Roever, and J. Vytopil, Eds. LNCS, vol. 863. Springer Verlag, 128--148.]] Google Scholar
Index Terms
- Model driven security: From UML models to access control infrastructures
Recommendations
Model driven security for process-oriented systems
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologiesModel Driven Architecture is an approach to increasing the quality of complex software systems based on creating high-level system models and automatically generating system architectures from the models. We show how this paradigm can be specialized to ...
A UML profile for role-based access control
SIN '09: Proceedings of the 2nd international conference on Security of information and networksWhen building an access control aware system, integrating access control specifications into the development process is problematic. Even if security modeling is structured at the early phases of development, security mechanisms are placed into the ...
A diagrammatic approach to model transformations
EATIS '08: Proceedings of the 2008 Euro American Conference on Telematics and Information SystemsThe raise of the abstraction level of programming languages has resulted in the usage of models and model transformations in software development processes. As a consequence of the usage of models as input to model transformation tools, there is a need ...
Reviews
Holger Giese
This paper reports on early stage research on the processing of background textual materials to identify key concepts for composing requirements of a respective solution system. As an example, it reports on processing the text (44,000 words, 65 pages) of automatic traffic control notes, conversations, interviews, and so on to predict key unified modeling language (UML) classes of the system. This processing is referred to in the title as "early phase requirements engineering." The reported processing tools essentially order words in the text on the basis of word frequencies, and compare them with a variety of statistics on the words in various directories. The low power of these techniques probably explains the term "shallow knowledge" in the title. Some more powerful techniques are cited in the references; highly sophisticated text abstracting, indexing, and classification techniques are available, and can be used in a similar way. The paper does not discuss attaining the "deep understanding" mentioned in the title, but it does describe the results of the example. Interestingly, one of the reasons for selecting the automatic traffic control example is that the first author is a domain expert in this area, and could evaluate the value of the results of the processing. Automatic traffic control is a critical system, and would require deep investigation to formulate its requirements. Thus, how is the automatic processing likely to save an investigator's time__?__ Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments