Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Towards Development of Secure Systems Using UMLsec
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
Experience with Embedding Hardware Description Languages in HOL
Proceedings of the IFIP TC10/WG 10.2 International Conference on Theorem Provers in Circuit Design: Theory, Practice and Experience
Role-Based Authorization Constraints Specification Using Object Constraint Language
WETICE '01 Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Model driven security for process-oriented systems
Proceedings of the eighth ACM symposium on Access control models and technologies
MDA Explained: The Model Driven Architecture: Practice and Promise
MDA Explained: The Model Driven Architecture: Practice and Promise
Using Aspects to Design a Secure System
ICECCS '02 Proceedings of the Eighth International Conference on Engineering of Complex Computer Systems
The Object Constraint Language: Getting Your Models Ready for MDA
The Object Constraint Language: Getting Your Models Ready for MDA
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Specification and validation of authorisation constraints using UML and OCL
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
A metamodel-based approach for analyzing security-design models
MODELS'07 Proceedings of the 10th international conference on Model Driven Engineering Languages and Systems
From Access Control Policies to an Aspect-Based Infrastructure: A Metamodel-Based Approach
Models in Software Engineering
Extending access control models with break-glass
Proceedings of the 14th ACM symposium on Access control models and technologies
Lightweight modeling and analysis of security concepts
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
A decade of model-driven security
Proceedings of the 16th ACM symposium on Access control models and technologies
Validation of security policies by the animation of Z specifications
Proceedings of the 16th ACM symposium on Access control models and technologies
A transformation contract to generate aspects from access control policies
Software and Systems Modeling (SoSyM)
Modeling norms in multi-agent systems with NormML
COIN@AAMAS'10 Proceedings of the 6th international conference on Coordination, organizations, institutions, and norms in agent systems
Validation of security-design models using Z
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Idea: towards architecture-centric security analysis of software
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Automatic generation of smart, security-aware GUI models
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
SBMF'11 Proceedings of the 14th Brazilian conference on Formal Methods: foundations and Applications
Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment
Information and Software Technology
Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL
Information and Software Technology
Specifying model changes with UMLchange to support security verification of potential evolution
Computer Standards & Interfaces
Hi-index | 0.00 |
We have previously proposed SecureUML, an expressive UML-based language for constructing security-design models, which are models that combine design specifications for distributed systems with specifications of their security policies. Here, we show how to automate the analysis of such models in a semantically precise and meaningful way. In our approach, models are formalized together with scenarios that represent possible run-time instances. Queries about properties of the security policy modeled are expressed as formulas in UML's Object Constraint Language. The policy may include both declarative aspects, i.e., static access-control information such as the assignment of users and permissions to roles, and programmatic aspects, which depend on dynamic information, namely the satisfaction of authorization constraints in a given scenario. We show how such properties can be evaluated, completely automatically, in the context of the metamodel of the security-design language. We demonstrate, through examples, that this approach can be used to formalize and check non-trivial security properties. The approach has been implemented in the SecureMOVA tool and all of the examples presented have been checked using this tool.