Formal access control analysis in the software development process

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Formal access control analysis in the software development process

Full text

Pdf (927 KB)

Source

Workshop on Formal Methods in Security Engineering archive
Proceedings of the 2003 ACM workshop on Formal methods in security engineering table of contents

Washington, D.C.

Pages: 67 - 76

Year of Publication: 2003

ISBN:1-58113-781-8

Authors

Manuel Koch	Freie Universität Berlin, Germany
Francesco Parisi-Presicce	George Mason University, VA

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 8, Downloads (12 Months): 95, Citation Count: 1

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1035429.1035437 What is a DOI?

ABSTRACT

Security is a crucial aspect in any modern software system. To ensure security in the final product, security requirements must be considered in the entire software development process. We evaluate in this paper how security requirements can be integrated into the analysis phase of an object-oriented software development process. Our approach is model driven by providing models for security aspects related to the models for functional requirements. We investigate how the security models can be generated from the functional models. We give a graph-based formal semantics to the security models and present verification concepts which ensure the security requirements in the models.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Gerald Brose, Raccoon - An Infrastructure For Managing Access Control in CORBA, Proceedings of the IFIP TC6 / WG6.1 Third International Working Conference on New Developments in Distributed Applications and Interoperable Systems, p.273-288, September 17-19, 2001
	2	Gerald Brose, Manageable access control for CORBA, Journal of Computer Security, v.10 n.4, p.301-337, December 2002
	3	G. Brose, M. Koch, and K. P. Löhr. Integrating Access Control Design into the Software Development Process. In Proc. of 6th Internat. Conf. on Integrated Design and Process Technology (IDPT), 2002.
	4	Andrea Corradini , Hartmut Ehrig , Michael Löwe , Ugo Montanari , Julia Padberg, The Category of Typed Graph Grammars and its Adjunctions with Categories, Selected papers from the 5th International Workshop on Graph Gramars and Their Application to Computer Science, p.56-74, November 13-18, 1994
	5	Premkumar T. Devanbu , Stuart Stubblebine, Software engineering for security: a roadmap, Proceedings of the Conference on The Future of Software Engineering, p.227-239, June 04-11, 2000, Limerick, Ireland [doi>10.1145/336512.336559]
	6	H. Ehrig , R. Heckel , M. Korff , M. Löwe , L. Ribeiro , A. Wagner , A. Corradini, Algebraic approaches to graph transformation. Part II: single pushout approach and comparison with double pushout approach, Handbook of graph grammars and computing by graph transformation: volume I. foundations, World Scientific Publishing Co., Inc., River Edge, NJ, 1997
	7	Pete Epstein , Ravi Sandhu, Towards a UML based approach to role engineering, Proceedings of the fourth ACM workshop on Role-based access control, p.135-143, October 28-29, 1999, Fairfax, Virginia, United States [doi>10.1145/319171.319184]
	8	R. Heckel and A. Wagner. Ensuring consistency of conditional graph grammars - a constructive approach. In Proc. SEGRAGRA'95, no. 2. Electronic Notes of TCS, 1995. http://www.elsevier.nl/locate/entcs/volume2.html.
	9	Jan Jürjens, UMLsec: Extending UML for Secure Systems Development, Proceedings of the 5th International Conference on The Unified Modeling Language, p.412-425, September 30-October 04, 2002
	10	Manuel Koch , Luigi V. Mancini , Francesco Parisi-Presicce, Conflict Detection and Resolution in Access Control Policy Specifications, Proceedings of the 5th International Conference on Foundations of Software Science and Computation Structures, p.223-237, April 08-12, 2002
	11	M. Koch , L. V. Mancini , F. Parisi-Presicce, On the specification and evolution of access control policies, Proceedings of the sixth ACM symposium on Access control models and technologies, p.121-130, May 2001, Chantilly, Virginia, United States [doi>10.1145/373256.373280]
	12	Manuel Koch , Luigi V. Mancini , Francesco Parisi-Presicce, A graph-based formalism for RBAC, ACM Transactions on Information and System Security (TISSEC), v.5 n.3, p.332-365, August 2002 [doi>10.1145/545186.545191]
	13	M. Koch and F. Parisi-Presicce. Access Control Policy Specification in UML. In Proc. of UML2002 Workshop on Critical Systems Development with UML, Technical University of Munich, TUM-10208, 63-78, Sept 2002.
	14	Butler W. Lampson, Protection, ACM SIGOPS Operating Systems Review, v.8 n.1, p.18-24, January 1974 [doi>10.1145/775265.775268]
	15	Torsten Lodderstedt , David A. Basin , Jürgen Doser, SecureUML: A UML-Based Modeling Language for Model-Driven Security, Proceedings of the 5th International Conference on The Unified Modeling Language, p.426-441, September 30-October 04, 2002
	16	Bashar Nuseibeh , Steve Easterbrook, Requirements engineering: a roadmap, Proceedings of the Conference on The Future of Software Engineering, p.35-46, June 04-11, 2000, Limerick, Ireland [doi>10.1145/336512.336523]
	17	OMG. OMG Unified Modeling Language Specification, V.1.4, 2001.
	18	OMG. Model driven architecture, 2003. http://www.omg.org/mda/.
	19	Grzegorz Rozenberg, Handbook of graph grammars and computing by graph transformation: volume I. foundations, World Scientific Publishing Co., Inc., River Edge, NJ, 1997