Leveraging UML for security engineering and enforcement in a collaboration on duty and adaptive workflow model that extends NIST RBAC

Authors:
Solomon Berhe;Steven Demurjian;Swapna Gokhale;Jaime Pavlich-Mariscal;Rishi Saripalle
Affiliations:
Department of Computer Science & Engineering, University of Connecticut, Storrs, CT;Department of Computer Science & Engineering, University of Connecticut, Storrs, CT;Department of Computer Science & Engineering, University of Connecticut, Storrs, CT;Pontificia Universidad Javeriana, Bogota, Colombia and Universidad Catolica del Norte, Antofagasta, Chile;Department of Computer Science & Engineering, University of Connecticut, Storrs, CT
Venue:
DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
Year:
2011

Citing 12
Cited 0

An introduction to object-oriented programming (2nd ed.)

An introduction to object-oriented programming (2nd ed.)
Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
The specification and enforcement of authorization constraints in workflow management systems

ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
The NIST model for role-based access control: towards a unified standard

RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Role-based authorization constraints specification

ACM Transactions on Information and System Security (TISSEC)
Secure Systems Development with UML

Secure Systems Development with UML
Role-Based access control consistency validation

Proceedings of the 2006 international symposium on Software testing and analysis
On mutually exclusive roles and separation-of-duty

ACM Transactions on Information and System Security (TISSEC)
A Meta-Model Based Approach to UML Modelling

UKSIM '08 Proceedings of the Tenth International Conference on Computer Modeling and Simulation
Emerging Trends in Health Care Delivery: Towards Collaborative Security for NIST RBAC

Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Role-based access control (RBAC) in Java via proxy objects using annotations

Proceedings of the 15th ACM symposium on Access control models and technologies
Flexible workflow incorporated with RBAC

CSCWD'05 Proceedings of the 9th international conference on Computer Supported Cooperative Work in Design II

Quantified Score

Hi-index	0.00

Visualization

Abstract

To facilitate collaboration in the patient-centered medical home (PCMH), our prior work extended the NIST role-based access control (RBAC) model to yield a formal collaboration on duty and adaptive workflow (COD/AWF) model. The next logical step is to place this work into the context of an integrated software process for security engineering from design through enforcement. Towards this goal, we promote a secure software engineering process that leverages an extended unified modeling language (UML) to visualize COD/AWF policies to achieve a solution that separates concerns while still providing the means to securely engineer dynamic collaborations for applications such as the PCMH. Once defined, these collaboration UML diagrams can be utilized to generate the corresponding aspect oriented policy code upon which the enforcement mechanism can be applied to at runtime.