Abstract | ||
---|---|---|
We have previously proposed SecureUML, an expressive UML-based language for constructing security-design models, which are models that combine design specifications for distributed systems with specifications of their security policies. Here, we show how to automate the analysis of such models in a semantically precise and meaningful way. In our approach, models are formalized together with scenarios that represent possible run-time instances. Queries about properties of the security policy modeled are expressed as formulas in UML's Object Constraint Language. The policy may include both declarative aspects, i.e., static access-control information such as the assignment of users and permissions to roles, and programmatic aspects, which depend on dynamic information, namely the satisfaction of authorization constraints in a given scenario. We show how such properties can be evaluated, completely automatically, in the context of the metamodel of the security-design language. We demonstrate, through examples, that this approach can be used to formalize and check non-trivial security properties. The approach has been implemented in the SecureMOVA tool and all of the examples presented have been checked using this tool. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1016/j.infsof.2008.05.011 | Information & Software Technology |
Keywords | Field | DocType |
dynamic information,non-trivial security property,security-design language,securemova tool,ocl,static access-control information,expressive uml-based language,authorization constraint,security policy,secureuml,formal analysis,uml,security-design model,automated analysis,object constraint language,security policies,metamodels,access control,distributed system | Data mining,Programming language,Unified Modeling Language,Computer science,Authorization,Security design,Security properties,Security policy,Object Constraint Language,Metamodeling | Journal |
Volume | Issue | ISSN |
51 | 5 | Information and Software Technology |
Citations | PageRank | References |
73 | 2.18 | 10 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
David A. Basin | 1 | 4930 | 281.93 |
Manuel Clavel | 2 | 1061 | 66.26 |
Jürgen Doser | 3 | 793 | 38.89 |
Marina Egea | 4 | 307 | 15.16 |