Model checking security policy model using both UML static and dynamic diagrams
Proceedings of the 4th international conference on Security of information and networks
Property-testing real-world authorization systems
Proceedings of the 18th ACM symposium on Access control models and technologies
Using model types to support contract-aware model substitutability
ECMFA'13 Proceedings of the 9th European conference on Modelling Foundations and Applications
Hi-index | 0.00 |
The use of the Unified Modeling Language (UML)for specifying security policies is attractive because it is expressive and has a wide user base in the software industry. However, there are very few mature tools that support rigorous analysis of UML models. Alloy is a formal specification language that has been used to rigorously analyze security policies, but few practitioners have the background needed to develop good Alloy models. We propose a new approach to policy analysis in which designers use UML at the front-end to describe their security policies and the Alloy Analyzer is used at the backend to analyze the modeled properties. The UML-to-Alloy and Alloy-to-UML transformations obviate the need for security designers to understand the Alloy specification language. The proposed approach supports the analysis of both functional and structural aspects of security policies.