Secrecy UML method for model transformations

Authors:
Waël Hassan;Nadera Slimani;Kamel Adi;Luigi Logrippo
Affiliations:
University of Ottawa, Ottawa, Ontario;Université du Québec en Outaouais, Gatineau, Québec, Canada;Université du Québec en Outaouais, Gatineau, Québec, Canada;Université du Québec en Outaouais, Gatineau, Québec, Canada
Venue:
ABZ'10 Proceedings of the Second international conference on Abstract State Machines, Alloy, B and Z
Year:
2010

Citing 3
Cited 2

Model driven security: From UML models to access control infrastructures

ACM Transactions on Software Engineering and Methodology (TOSEM)
Reasoning on UML class diagrams

Artificial Intelligence
UML2Alloy: a challenging model transformation

MODELS'07 Proceedings of the 10th international conference on Model Driven Engineering Languages and Systems

From ASTD access control policies to WS-BPEL processes deployed in a SOA environment

WISS'10 Proceedings of the 2010 international conference on Web information systems engineering
Enforcing ASTD Access-Control Policies with WS-BPEL Processes in SOA Environments

International Journal of Systems and Service-Oriented Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper introduces the subject of secrecy models development by transformation, with formal validation. In an enterprise, constructing a secrecy model is a participatory exercise involving policy makers and implementers. Policy makers iteratively provide business governance requirements, while policy implementers formulate rules of access in computer-executable terms. The process is error prone and may lead to undesirable situations thus threatening the security of the enterprise. At each iteration, a security officer (SO) needs to guarantee business continuity by ensuring property preservation; as well, he needs to check for potential threats due to policy changes. This paper proposes a method that is meant to address both aspects: the formal analysis of transformation results and the formal proof that transformations are property preserving. UML is used for expressing and transforming models [1], and the Alloy analyzer is used to perform integrity checks [3]. Governance requirements dictate a security policy, that regulates access to information. This policy is implemented by means of secrecy models. Hence, the SO defines the mandatory secrecy rules as a part of enterprise governance model in order to implement security policy. For instance, a secrecy rule may state: higher-ranking officers have read rights to information at lower ranks. Automation helps reduce design errors of combined and complex secrecy models [2]. However, current industry practices do not include precise methods for constructing and validating enterprise governance models. Our research proposes a formal transformation method to construct secrecy models by way of applying transformations to a base UML model (BM). For example, starting from the BM, with only three primitives: Subject/Verb/Object, we can generate RBAC0 in addition to SecureUML [2] model. By way of examples and by means of formal analysis we intend to show that, using our method, a SO is able to build different types of secrecy models and validate them for consistency, in addition to detecting scenarios resulting from unpreserved properties.