Subject-oriented programming: a critique of pure objects
OOPSLA '93 Proceedings of the eighth annual conference on Object-oriented programming systems, languages, and applications
ACM Computing Surveys (CSUR) - Special issue: position statements on strategic directions in computing research
N degrees of separation: multi-dimensional separation of concerns
Proceedings of the 21st international conference on Software engineering
Towards a UML based approach to role engineering
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Security Through Aspect-Oriented Programming
Proceedings of the IFIP TC11 WG11.4 First Annual Working Conference on Network Security: Advances in Network and Distributed Systems Security
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Role-Based Access Control Framework for Network Enterprises
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
MAC and UML for secure software design
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
authUML: a three-phased framework to analyze access control specifications in use cases
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Verifiable composition of access control and application features
Proceedings of the tenth ACM symposium on Access control models and technologies
An Aspect-Oriented Approach for Software Security Hardening: from Design to Implementation
Proceedings of the 2009 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the Eighth SoMeT_09
A framework for composable security definition, assurance, and enforcement
MoDELS'05 Proceedings of the 2005 international conference on Satellite Events at the MoDELS
A formal enforcement framework for role-based access control using aspect-oriented programming
MoDELS'05 Proceedings of the 8th international conference on Model Driven Engineering Languages and Systems
| Hi-index | 0.00 |
During the past decade, there has been an explosion in the complexity of software applications, with an increasing emphasis on software design via model-driven architectures, patterns, and models such as the unified modeling language (UML). Despite this, the integration of security concerns throughout the product life cycle has lagged, resulting in software infrastructures that are untrustworthy in terms of their ability to authenticate users and to limit them to their authorized application privileges. To address this issue, we present an approach to integrate role-based access control (RBAC) into UML at design-time for permission assignment and enforcement. Specifically, we introduce a new UML artifact, the role slice, supported via a new UML role-slice diagram, to capture RBAC privileges at design time within UML. Once captured, we demonstrate the utilization of aspect-oriented programming (AOP) techniques for the automatic generation of security enforcement code. Overall, we believe that our approach is an important step to upgrading security to be an indispensable part of the software process.