Towards a UML based approach to role engineering
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
A UML-based aspect-oriented design notation for AspectJ
AOSD '02 Proceedings of the 1st international conference on Aspect-oriented software development
AspectC++: an aspect-oriented extension to the C++ programming language
CRPIT '02 Proceedings of the Fortieth International Conference on Tools Pacific: Objects for internet, mobile and embedded applications
ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
UML-Based Representation of Role-Based Access Control
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Security Engineering with Patterns: Origins, Theoretical Models, and New Applications
Security Engineering with Patterns: Origins, Theoretical Models, and New Applications
Logic in Computer Science: Modelling and Reasoning about Systems
Logic in Computer Science: Modelling and Reasoning about Systems
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
A Static Verification Framework for Secure Peer-to-Peer Applications
ICIW '07 Proceedings of the Second International Conference on Internet and Web Applications and Services
Secure Systems Development with UML
Secure Systems Development with UML
Role slices: a notation for RBAC permission assignment and enforcement
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
For-LySa: UML for authentication analysis
GC'04 Proceedings of the 2004 IST/FET international conference on Global Computing
Hi-index | 0.00 |
Security is a very challenging task in software engineering. Enforcing security policies should be taken care of during the early phases of the software development life cycle to prevent security breaches in the final product. Since security is a crosscutting concern that pervades the entire software, integrating security solutions at the software design level may result in scattering and tangling security features throughout the entire design. To address this issue, we propose in this paper an aspect-oriented approach for specifying and enforcing security hardening solutions. This approach provides software designers with UML-based capabilities to perform security hardening in a clear and organized way, at the UML design level, without the need to be security experts. We also present the SHP profile, a UML-based security hardening language to describe and specify security hardening solutions at the UML design level. Finally, we explore the efficiency and the relevance of our approach by applying it to a real world case study and present the experimental results.