ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
authUML: a three-phased framework to analyze access control specifications in use cases
Full text PdfPdf (911 KB)
Source Workshop on Formal Methods in Security Engineering archive
Proceedings of the 2003 ACM workshop on Formal methods in security engineering table of contents
Washington, D.C.
Pages: 77 - 86  
Year of Publication: 2003
ISBN:1-58113-781-8
Authors
Khaled Alghathbar  George Mason University, VA, King Saud University, Saudi Arabia
Duminda Wijesekera  George Mason University, VA
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 5,   Downloads (12 Months): 23,   Citation Count: 5
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1035429.1035438
What is a DOI?

ABSTRACT

Security requirements of a software product need to receive attention throughout its development life cycle. authUML is a framework based on logic programming that analyzes access control requirements in the requirements phase of the life cycle to ensure that they are consistent, complete and conflict-free. The framework is a customized version of Flexible Authorization Framework (FAF) of Jajodia et al. [9] suitable for Unified Modeling Language (UML) based requirement engineering. Our approach analyzes requirements on two levels: Use Cases and the conceptual operations [19]. authUML specifies policies to prevent inconsistent, incomplete and conflicting requirements before the developers proceed to the following phases of the development life cycle.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
K. Alghathbar, D. Wijesekera. Modeling Dynamic Role-based Access Constraints using UML. In proc. of the 1st International Conference on Software Engineering Research & Applications (ICSERA'03), San Francisco, CA. June 2003.
 
2
K. R. Apt , H. A. Blair , A. Walker, Towards a theory of declarative knowledge, Foundations of deductive databases and logic programming, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1988
 
3
Grady Booch , James Rumbaugh , Ivar Jacobson, The Unified Modeling Language user guide, Addison Wesley Longman Publishing Co., Inc., Redwood City, CA, 1999
 
4
G. Brose, M. Koch, K.-P. Löhr. Integrating Access Control Design into the Software Development Process. In the Proceedings of the sixth biennial world conference on the Integrated Design and Process Technology (IDPT), Pasadena, CA. June 2002.
 
5
Gerald Brose, A Typed Access Control Model for CORBA, Proceedings of the 6th European Symposium on Research in Computer Security, p.88-105, October 04-06, 2000
 
6
D. D. Clark, D. R. Wilson. A Comparison of Commercial and Military Computer Security Policies. IEEE Symposium on Security and Privacy 1987: 184-19.
7
Premkumar T. Devanbu , Stuart Stubblebine, Software engineering for security: a roadmap, Proceedings of the Conference on The Future of Software Engineering, p.227-239, June 04-11, 2000, Limerick, Ireland  [doi>10.1145/336512.336559]
 
8
John E. Dobson, John A. McDermid: A Framework for Expressing Models of Security Policy. IEEE Symposium on Security and Privacy 1989: 229-241
 
9
E. Fernandez-Medina, A. Martinez, C. Medina, And M. Piattini. Integrating Multilevel Security in the Database Design Process. In the Proceedings of the sixth biennial world conference on the Integrated Design and Process Technology (IDPT), Pasadena, CA. June 2002.
 
10
Dov M. Gabbay , Anthony Hunter, Making inconsistency respectable: a logical framework for inconsistency in reasoning, Proceedings of the International Workshop on Fundamentals of Artificial Intelligence Research, p.19-32, September 08-13, 1991
 
11
Dov M. Gabbay , Anthony Hunter, Making Inconsistency Respectable: Part 2 - Meta-level handling of inconsistency, Proceedings of the European Conference on Symbolic and Quantitative Approaches to Reasoning and Uncertainty, p.129-136, November 08-10, 1993
 
12
M. Gelfond, V. Lifschitz. 1988. The stable model semantics for logic programming. In Proceedings, 5th International Conference and Symposium on Logic Programming. Seattle, Wash. pp. 1070-1080.
13
Sushil Jajodia , Pierangela Samarati , Maria Luisa Sapino , V. S. Subrahmanian, Flexible support for multiple access control policies, ACM Transactions on Database Systems (TODS), v.26 n.2, p.214-260, June 2001  [doi>10.1145/383891.383894]
 
14
Jan Jürjens, Towards Development of Secure Systems Using UMLsec, Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering, p.187-200, April 02-06, 2001
 
15
Torsten Lodderstedt , David A. Basin , Jürgen Doser, SecureUML: A UML-Based Modeling Language for Model-Driven Security, Proceedings of the 5th International Conference on The Unified Modeling Language, p.426-441, September 30-October 04, 2002
 
16
B. Nuseibeh, S. Easterbrook and A. Russo; "Making Respectable in Software Development", Journal of Systems and Software, 56(11), November 2001, Elsevier Science Publishers
 
17
Object Management Group. OMG Unified Modeling Language Specification, Version 1.4, 2001 http://www.omg.org/technology/documents/formal/uml. htm.
 
18
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
 
19
Shane Sendall, Alfred Strohmeier: From Use Cases to System Operation Specifications. UML 2000: 1-15.
 
20
S. Sendall. Specifying Reactive System Behavior, Ph.D. thesis, Swiss Federal Institute of Technology Lausanne (EPFL), May 2002
 
21
Jos Warmer , Anneke Kleppe, The object constraint language: precise modeling with UML, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1998

CITED BY  5
Thuong Doan , Steven Demurjian , T. C. Ting , Andreas Ketterl, MAC and UML for secure software design, Proceedings of the 2004 ACM workshop on Formal methods in security engineering, October 29-29, 2004, Washington DC, USA
Khaled Alghathbar, Validating the enforcement of access control policies and separation of duty principle in requirement engineering, Information and Software Technology, v.49 n.2, p.142-157, February, 2007
Gail-Joon Ahn , Hongxin Hu, Towards realizing a formal RBAC model in real systems, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Eduardo Fernández-Medina , Jan Jurjens , Juan Trujillo , Sushil Jajodia, Editorial: Model-Driven Development for secure information systems, Information and Software Technology, v.51 n.5, p.809-814, May, 2009
Manar H. Alalfi , James R. Cordy , Thomas R. Dean, A verification framework for access control in dynamic web applications, Proceedings of the 2nd Canadian Conference on Computer Science and Software Engineering, May 19-21, 2009, Montreal, Quebec, Canada

INDEX TERMS

Primary Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.1 Requirements/Specifications

Additional Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.4 Software/Program Verification

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Languages, Security


Keywords:
Security engineering, access control policies, semi-formal methods, use cases

Collaborative Colleagues:
Khaled Alghathbar: colleagues
Duminda Wijesekera: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player