Designing high integrity systems using aspects
Integrity and internal control in information systems V
Using uml to visualize role-based access control constraints
Proceedings of the ninth ACM symposium on Access control models and technologies
Verifiable composition of access control and application features
Proceedings of the tenth ACM symposium on Access control models and technologies
Articulating and enforcing authorisation policies with UML and OCL
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Towards realizing a formal RBAC model in real systems
Proceedings of the 12th ACM symposium on Access control models and technologies
Separating application and security concerns in use case models
Proceedings of the 15th workshop on Early aspects
Automated analysis of security-design models
Information and Software Technology
A UML profile for role-based access control
Proceedings of the 2nd international conference on Security of information and networks
Constructing authorization systems using assurance management framework
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
A decade of model-driven security
Proceedings of the 16th ACM symposium on Access control models and technologies
Specification and validation of authorisation constraints using UML and OCL
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL
Information and Software Technology
A metamodel-based approach for analyzing security-design models
MODELS'07 Proceedings of the 10th international conference on Model Driven Engineering Languages and Systems
Formal specification and management of security policies with collective group obligations
Journal of Computer Security
| Hi-index | 0.00 |
The purpose of access control is to limit the actions on a computer system that a legitimate user can perform. The role-based access control (RBAC) has generated great interest in the security community as a flexible approach in access control. One of important aspects in RBAC is constraints that constrain what components in RBAC are allowed to do. Although researchers have identified useful constraints using formal specification languages such as RCL2000, there still exists a demand to have constraints specification languages for system developers who are working on secure systems development. In this paper we discuss another approach to specify constraints using a de facto constraints specification language in software engineering arena. We use a declarative language, Object Constraints Language (OCL) that is part of the Unified Modeling Language (UML) and has been used in object-oriented analysis and design. We describe how to specify previously identified role-based authorization constraints and future direction of this work is also addressed.