Extensive validation of OCL models by integrating SAT solving into USE
TOOLS'11 Proceedings of the 49th international conference on Objects, models, components, patterns
Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL
Information and Software Technology
From UML and OCL to relational logic and back
MODELS'12 Proceedings of the 15th international conference on Model Driven Engineering Languages and Systems
Hi-index | 0.00 |
Organizations with stringent security requirements like banks or hospitals frequently adopt role-based access control (RBAC) principles to simplify their internal permission management. Authorization constraints represent a fundamental advanced RBAC concept enabling precise restrictions on access rights. Thereby, the complexity of the resulting security policies increases so that tool support for comfortable creation and adequate validation is required. We propose a new approach to developing and analyzing RBAC policies using UML for modeling RBAC core concepts and OCL to realize authorization constraints. Dynamic (i. e., time-dependent) constraints, their visual representation in UML and their analysis are of special interest. The approach results in a domain-specific language for RBAC which is highly configurable and extendable with respect to new RBAC concepts and classes of authorization constraints and allows the developer to validate RBAC policies in an effective way. The approach is supported by a UML and OCL validation tool.