A model transformation semantics and analysis methodology for SecureUML

Authors:
Achim D. Brucker;Jürgen Doser;Burkhart Wolff
Affiliations:
Information Security, eth Zurich, Zurich, Switzerland;Information Security, eth Zurich, Zurich, Switzerland;Information Security, eth Zurich, Zurich, Switzerland
Venue:
MoDELS'06 Proceedings of the 9th international conference on Model Driven Engineering Languages and Systems
Year:
2006

Citing 8
Cited 5

A behavioral notion of subtyping

ACM Transactions on Programming Languages and Systems (TOPLAS)
Role-Based Access Control Models

Computer
Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
Information Flow Control and Applications - Bridging a Gap

FME '01 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods for Increasing Software Productivity
A verification approach to applied system security

International Journal on Software Tools for Technology Transfer (STTT) - Special section on formal methods for industrial critical systems
Model driven security: From UML models to access control infrastructures

ACM Transactions on Software Engineering and Methodology (TOSEM)
Isabelle/HOL: a proof assistant for higher-order logic

Isabelle/HOL: a proof assistant for higher-order logic
Secure Systems Development with UML

Secure Systems Development with UML

An aspect-oriented methodology for designing secure applications

Information and Software Technology
From Access Control Policies to an Aspect-Based Infrastructure: A Metamodel-Based Approach

Models in Software Engineering
Extending access control models with break-glass

Proceedings of the 14th ACM symposium on Access control models and technologies
SecureBPMN: modeling and enforcing access control requirements in business processes

Proceedings of the 17th ACM symposium on Access Control Models and Technologies
From misuse cases to mal-activity diagrams: bridging the gap between functional security analysis and design

Software and Systems Modeling (SoSyM)

Quantified Score

Hi-index	0.00

Visualization

Abstract

SecureUML is a security modeling language for formalizing access control requirements in a declarative way. It is equipped with a uml notation in terms of a uml profile, and can be combined with arbitrary design modeling languages. We present a semantics for SecureUML in terms of a model transformation to standard uml/ocl. The transformation scheme is used as part of an implementation of a tool chain ranging from front-end visual modeling tools over code-generators to the interactive theorem proving environment hol-ocl. The methodological consequences for an analysis of the generated ocl formulae are discussed.