ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Model driven security for process-oriented systems
Full text PdfPdf (245 KB)
Source Symposium on Access Control Models and Technologies archive
Proceedings of the eighth ACM symposium on Access control models and technologies table of contents
Como, Italy
SESSION: RBAC for Collaborative Environments table of contents
Pages: 100 - 109  
Year of Publication: 2003
ISBN:1-58113-681-1
Authors
David Basin  ETH Zurich, Zurich, Switzerland
Jürgen Doser  University of Freiburg, Freiburg, Germany
Torsten Lodderstedt  University of Freiburg, Freiburg, Germany
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 19,   Downloads (12 Months): 107,   Citation Count: 17
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues   peer to peer  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/775412.775425
What is a DOI?

ABSTRACT

Model Driven Architecture is an approach to increasing the quality of complex software systems based on creating high-level system models and automatically generating system architectures from the models. We show how this paradigm can be specialized to what we call Model Driven Security. In our specialization, a designer builds a system model along with security requirements, and automatically generates from this a complete, configured security infrastructure.We propose a modular approach to constructing modeling languages supporting this process, which combines languages for modeling system design with languages for modeling security. We present an application to constructing systems from process models, where we combine a UML-based process design language with a security modeling language for formalizing access control requirements. From models in the combined language, we automatically generate security architectures for distributed applications.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Vijayalakshmi Atluri , Wei-kuang Huang, An Authorization Model for Workflows, Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security, p.44-64, September 25-27, 1996
2
Elisa Bertino , Elena Ferrari , Vijay Atluri, The specification and enforcement of authorization constraints in workflow management systems, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.65-104, Feb. 1999  [doi>10.1145/300830.300837]
3
Pete Epstein , Ravi Sandhu, Towards a UML based approach to role engineering, Proceedings of the fourth ACM workshop on Role-based access control, p.135-143, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319184]
4
David F. Ferraiolo , Ravi Sandhu , Serban Gavrila , D. Richard Kuhn , Ramaswamy Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.224-274, August 2001  [doi>10.1145/501978.501980]
 
5
David Frankel, Model Driven Architecture: Applying MDA to Enterprise Computing, John Wiley & Sons, Inc., New York, NY, 2002
 
6
Richard Hubert , David A. Taylor, Convergent Architecture: Building Model-Driven J2EE Systems with UML (OMG Press), John Wiley & Sons, Inc., New York, NY, 2001
 
7
Jason Hunter , William Crawford, Java Servlet Programming, O'Reilly & Associates, Inc., Sebastopol, CA, 2001
8
Trent Jaeger, On the increasing importance of constraints, Proceedings of the fourth ACM workshop on Role-based access control, p.33-42, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319175]
 
9
Jan Jürjens, UMLsec: Extending UML for Secure Systems Development, Proceedings of the 5th International Conference on The Unified Modeling Language, p.412-425, September 30-October 04, 2002
 
10
Savith Kandala , Ravi Sandhu, Secure role-based workflow models, Proceedings of the fifteenth annual working conference on Database and application security, p.45-58, July 15-18, 2001, Niagara, Ontario, Canada
 
11
Torsten Lodderstedt , David A. Basin , Jürgen Doser, SecureUML: A UML-Based Modeling Language for Model-Driven Security, Proceedings of the 5th International Conference on The Unified Modeling Language, p.426-441, September 30-October 04, 2002
 
12
Richard Monson-Haefel, Enterprise JavaBeans, O'Reilly & Associates, Inc., Sebastopol, CA, 1998
 
13
James Rumbaugh , Ivar Jacobson , Grady Booch, The Unified Modeling Language reference manual, Addison-Wesley Longman Ltd., Essex, UK, 1998

CITED BY  17
Eduardo B. Fernandez , Xiaohong Yuan, Securing analysis patterns, Proceedings of the 45th annual southeast regional conference, March 23-24, 2007, Winston-Salem, North Carolina
José-F Martínez , Vicente Hernández , Miguel-A Valero , Ana Gómez , Emilia Pérez , Iván Pau , Hugo Álvarez , Laura Vadillo, Security services provision for telematic services at the knowledge and information society, Proceedings of the 2007 Euro American conference on Telematics and information systems, May 14-17, 2007, Faro, Portugal
Brian Subirana , Malcolm Bain, Legal programming, Communications of the ACM, v.49 n.9, September 2006
Tine Verhanneman , Frank Piessens , Bart De Win , Wouter Joosen, Requirements traceability to support evolution of access control, ACM SIGSOFT Software Engineering Notes, v.30 n.4, July 2005
J. McDermott, Visual security protocol modeling, Proceedings of the 2005 workshop on New security paradigms, September 20-23, 2005, Lake Arrowhead, California
 
David Basin , Manuel Clavel , Jürgen Doser , Marina Egea, Automated analysis of security-design models, Information and Software Technology, v.51 n.5, p.815-831, May, 2009
 
Shih-Chien Chou , An-Feng Liu , Chien-Jung Wu, Preventing information leakage within workflows that execute among competing organizations, Journal of Systems and Software, v.75 n.1-2, p.109-123, 15 February 2005
Fredrik Seehusen , Ketil Stølen, Information flow property preserving transformation of UML interaction diagrams, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
 
Eduardo Fernández-Medina , Jan Jurjens , Juan Trujillo , Sushil Jajodia, Editorial: Model-Driven Development for secure information systems, Information and Software Technology, v.51 n.5, p.809-814, May, 2009
Tom Ritter , Rudolf Schreiner , Ulrich Lang, Integrating security policies via Container Portable Interceptors, Proceedings of the 4th workshop on Reflective and adaptive middleware systems, November 28-December 02, 2005, Grenoble, France
 
Shih-Chien Chou , Wei-Chuan Hsu , Wei-Kuang Lo, DPE/PAC: decentralized process engine with product access control, Journal of Systems and Software, v.76 n.3, p.207-219, June 2005
 
Komminist Weldemariam , Adolfo Villafiorita, Modeling and analysis of procedural security in (e)voting: the Trentino's approach and experiences, Proceedings of the conference on Electronic voting technology, p.1-10, July 28-29, 2008, San Jose, CA
Carlos González Martínez , Emilia Pérez Belleboni , Sergio Sánchez García , Ana Gómez Oliva y , Jesús Moreno Blázquez, Use of web service orchestration strategies in operations on digital democracy platform, Proceedings of the 2007 Euro American conference on Telematics and information systems, May 14-17, 2007, Faro, Portugal
Mohammad Gias Uddin , Mohammad Zulkernine, UMLtrust: towards developing trust-aware software, Proceedings of the 2008 ACM symposium on Applied computing, March 16-20, 2008, Fortaleza, Ceara, Brazil
Christian Wolter , Andreas Schaad , Christoph Meinel, Task-based entailment constraints for basic workflow patterns, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
 
Christian Wolter , Michael Menzel , Andreas Schaad , Philip Miseldine , Christoph Meinel, Model-driven business process security requirement specification, Journal of Systems Architecture: the EUROMICRO Journal, v.55 n.4, p.211-223, April, 2009
 
J. McDermott , G. Allwein, A formalism for visual security protocol modeling, Journal of Visual Languages and Computing, v.19 n.2, p.153-181, April, 2008

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)

Additional Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.1 Requirements/Specifications
          Subjects: Languages; Tools; Methodologies (e.g., object-oriented, structured)
      D.2.2 Design Tools and Techniques
          Subjects: Computer-aided software engineering (CASE); Object-oriented design methods


General Terms:
Design, Languages, Security


Keywords:
RBAC, UML, metamodeling, model driven architecture, security engineering

Collaborative Colleagues:
David Basin: colleagues
Jürgen Doser: colleagues
Torsten Lodderstedt: colleagues

Peer to Peer - Readers of this Article have also read:

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player