Role-Based Access Control Models
Computer
On the increasing importance of constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Towards a UML based approach to role engineering
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Towards Development of Secure Systems Using UMLsec
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
A Proposal for a Formal OCL Semantics in Isabelle/HOL
TPHOLs '02 Proceedings of the 15th International Conference on Theorem Proving in Higher Order Logics
Model driven security for process-oriented systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Modelling secure multiagent systems
AAMAS '03 Proceedings of the second international joint conference on Autonomous agents and multiagent systems
Evaluating UML using a generic quality framework
UML and the unified process
Using uml to visualize role-based access control constraints
Proceedings of the ninth ACM symposium on Access control models and technologies
MAC and UML for secure software design
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Formal access control analysis in the software development process
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
authUML: a three-phased framework to analyze access control specifications in use cases
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Verifiable composition of access control and application features
Proceedings of the tenth ACM symposium on Access control models and technologies
Towards an architectural treatment of software security: a connector-centric approach
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
A threat-driven approach to modeling and verifying secure software
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
QSIC '05 Proceedings of the Fifth International Conference on Quality Software
Information flow property preserving transformation of UML interaction diagrams
Proceedings of the eleventh ACM symposium on Access control models and technologies
Using model-based security analysis in component-oriented system development
Proceedings of the 2nd ACM workshop on Quality of protection
Information and Software Technology
Access control and audit model for the multidimensional modeling of data warehouses
Decision Support Systems
A risk-driven security analysis method and modelling language
BT Technology Journal
Model-based security analysis in seven steps --- a guided tour to the CORAS method
BT Technology Journal
ACM-SE 45 Proceedings of the 45th annual southeast regional conference
Using FDAF to bridge the gap between enterprise and software architectures for security
Science of Computer Programming
Science of Computer Programming
Model Driven Development of Security Aspects
Electronic Notes in Theoretical Computer Science (ENTCS)
Developing secure data warehouses with a UML extension
Information Systems
Towards security monitoring patterns
Proceedings of the 2007 ACM symposium on Applied computing
X-FEDERATE: A Policy Engineering Framework for Federated Access Management
IEEE Transactions on Software Engineering
A Threat Model Driven Approach for Security Testing
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Secure information systems engineering: a manifesto
International Journal of Electronic Security and Digital Forensics
Rubacon: automated support for model-based compliance engineering
Proceedings of the 30th international conference on Software engineering
Constraint based role based access control in the SECTET-framework: A model-driven approach
Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Journal of Systems and Software
Syntactic Validation of Web Services Security Policies
ICSOC '07 Proceedings of the 5th international conference on Service-Oriented Computing
CAiSE '08 Proceedings of the 20th international conference on Advanced Information Systems Engineering
A Model-Based Framework for Security Policy Specification, Deployment and Testing
MoDELS '08 Proceedings of the 11th international conference on Model Driven Engineering Languages and Systems
A constraint based role based access control in the SECTET a model-driven approach
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
A model-based aspect-oriented framework for building intrusion-aware software systems
Information and Software Technology
Model-Based Development of firewall rule sets: Diagnosing model inconsistencies
Information and Software Technology
Experimental comparison of attack trees and misuse cases for security threat identification
Information and Software Technology
An adaptive security model using agent-oriented MDA
Information and Software Technology
Editorial: Model-Driven Development for secure information systems
Information and Software Technology
Modeling and analysis of security trade-offs - A goal oriented approach
Data & Knowledge Engineering
Towards a Modernization Process for Secure Data Warehouses
DaWaK '09 Proceedings of the 11th International Conference on Data Warehousing and Knowledge Discovery
Reusable security use cases for mobile grid environments
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
An Aspect-Oriented Approach for Software Security Hardening: from Design to Implementation
Proceedings of the 2009 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the Eighth SoMeT_09
Security Policy Definition Framework for SOA-Based Systems
WISE '09 Proceedings of the 10th International Conference on Web Information Systems Engineering
Moving from Requirements to Design Confronting Security Issues: A Case Study
OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part II
Model-Driven Configuration of SELinux Policies
OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part II
An MDA approach to Access Control Specifications Using MOF and UML Profiles
Electronic Notes in Theoretical Computer Science (ENTCS)
Defining and transforming security rules in an MDA approach for DWs
International Journal of Business Intelligence and Data Mining
Analysis of Secure Mobile Grid Systems: A systematic approach
Information and Software Technology
Model driven development of secure XML data warehouses: a case study
Proceedings of the 2010 EDBT/ICDT Workshops
Integrating security and systems engineering: towards the modelling of secure information systems
CAiSE'03 Proceedings of the 15th international conference on Advanced information systems engineering
Security in business process engineering
BPM'03 Proceedings of the 2003 international conference on Business process management
MoDELS'06 Proceedings of the 2006 international conference on Models in software engineering
Mal-activity diagrams for capturing attacks on business processes
REFSQ'07 Proceedings of the 13th international working conference on Requirements engineering: foundation for software quality
A semantic paradigm for component-based specification integrating a notion of security risk
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
A comparison of two approaches to safety analysis based on use cases
ER'07 Proceedings of the 26th international conference on Conceptual modeling
Defining security architectural patterns based on viewpoints
ICCSA'07 Proceedings of the 2007 international conference on Computational science and its applications - Volume Part III
Challenges of secure and reliable data management in heterogeneous environments
Proceedings of the First International Workshop on Digital Engineering
Constructing authorization systems using assurance management framework
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Analyzing security architectures
Proceedings of the IEEE/ACM international conference on Automated software engineering
Security-driven model-based dynamic adaptation
Proceedings of the IEEE/ACM international conference on Automated software engineering
Tool support for code generation from a UMLsec property
Proceedings of the IEEE/ACM international conference on Automated software engineering
Enforcing trust in embedded systems using models
Proceedings of the International Workshop on Security and Dependability for Resource Constrained Embedded Systems
Towards the secure modelling of OLAP users behaviour
SDM'10 Proceedings of the 7th VLDB conference on Secure data management
Controlling security of software development with multi-agent system
KES'10 Proceedings of the 14th international conference on Knowledge-based and intelligent information and engineering systems: Part IV
Introducing mitigation use cases to enhance the scope of test cases
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Using special use cases for security in the software development life cycle
WISA'10 Proceedings of the 11th international conference on Information security applications
Secure business process model specification through a UML 2.0 activity diagram profile
Decision Support Systems
Systematic development of UMLsec design models based on security requirements
FASE'11/ETAPS'11 Proceedings of the 14th international conference on Fundamental approaches to software engineering: part of the joint European conferences on theory and practice of software
A decade of model-driven security
Proceedings of the 16th ACM symposium on Access control models and technologies
Challenges in model-based evolution and merging of access control policies
Proceedings of the 12th International Workshop on Principles of Software Evolution and the 7th annual ERCIM Workshop on Software Evolution
Tool support for UML-based specification and verification of role-based access control properties
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Towards a better integration of patterns in secure component-based systems design
ICCSA'11 Proceedings of the 2011 international conference on Computational science and Its applications - Volume Part V
A feature-based approach for modeling role-based access control systems
Journal of Systems and Software
Enforcing S&D pattern design in RCES with modeling and formal approaches
Proceedings of the 14th international conference on Model driven engineering languages and systems
Combining UML, ASTD and B for the formal specification of an access control filter
Innovations in Systems and Software Engineering
Towards a MOF/QVT-Based domain architecture for model driven security
MoDELS'06 Proceedings of the 9th international conference on Model Driven Engineering Languages and Systems
A graphical approach to risk identification, motivated by empirical investigations
MoDELS'06 Proceedings of the 9th international conference on Model Driven Engineering Languages and Systems
Capturing security requirements in business processes through a UML 2.0 activity diagrams profile
CoMoGIS'06 Proceedings of the 2006 international conference on Advances in Conceptual Modeling: theory and practice
SecTOOL: supporting requirements engineering for access control
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Field access analysis for enforcing access control policies
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
From inter-organizational workflows to process execution: generating BPEL from WS-CDL
OTM'05 Proceedings of the 2005 OTM Confederated international conference on On the Move to Meaningful Internet Systems
Development and runtime support for situation-aware security in autonomic computing
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
A framework for specifying and managing security requirements in collaborative systems
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Towards a UML 2.0 extension for the modeling of security requirements in business processes
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Realizing Model Transformation Chain interoperability
Software and Systems Modeling (SoSyM)
A verifiable modeling approach to configurable role-based access control
FASE'10 Proceedings of the 13th international conference on Fundamental Approaches to Software Engineering
Deriving implementation-level policies for usage control enforcement
Proceedings of the second ACM conference on Data and Application Security and Privacy
Web service engineering – advancing a new software engineering discipline
ICWE'05 Proceedings of the 5th international conference on Web Engineering
Security and trust requirements engineering
Foundations of Security Analysis and Design III
Role slices: a notation for RBAC permission assignment and enforcement
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Ontology-Based RBAC specification for interoperation in distributed environment
ASWC'06 Proceedings of the First Asian conference on The Semantic Web
A practical application of our MDD approach for modeling secure XML data warehouses
Decision Support Systems
Modeling social and individual trust in requirements engineering methodologies
iTrust'05 Proceedings of the Third international conference on Trust Management
Realizing model driven security for inter-organizational workflows with WS-CDL and UML 2.0
MoDELS'05 Proceedings of the 8th international conference on Model Driven Engineering Languages and Systems
A generic XACML based declarative authorization scheme for java
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Using dependent CORAS diagrams to analyse mutual dependency
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Deriving correspondence relationships to guide a multi-view heterogeneous composition
MODELS'09 Proceedings of the 2009 international conference on Models in Software Engineering
Model driven security for inter-organizational workflows in e-government
TCGOV'05 Proceedings of the 2005 international conference on E-Government: towards Electronic Democracy
Evaluation of the unified modeling language for security requirements analysis
WISA'05 Proceedings of the 6th international conference on Information Security Applications
A metamodel of the b modeling of access-control policies: work in progress
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
TAM2: automated threat analysis
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Design, Implementation and Verification of MILS Systems
Software—Practice & Experience
Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment
Information and Software Technology
An advanced approach for modeling and detecting software vulnerabilities
Information and Software Technology
Domain-Specific multi-modeling of security concerns in service-oriented architectures
WS-FM'11 Proceedings of the 8th international conference on Web Services and Formal Methods
A metamodel-based approach for analyzing security-design models
MODELS'07 Proceedings of the 10th international conference on Model Driven Engineering Languages and Systems
Modelling and analysing resilience as a security issue within UML
Proceedings of the 2nd International Workshop on Software Engineering for Resilient Systems
How to select a security requirements method? a comparative study with students and practitioners
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Towards model-driven development of access control policies for web applications
Proceedings of the Workshop on Model-Driven Security
Security asset elicitation for collaborative models
Proceedings of the Workshop on Model-Driven Security
Proceedings of the Workshop on Model-Driven Security
MDSE@R: model-driven security engineering at runtime
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Secure by Design: Developing Secure Software Systems from the Ground Up
International Journal of Secure Software Engineering
Comparing Misuse Case and Mal-Activity Diagrams for Modelling Social Engineering Attacks
International Journal of Secure Software Engineering
Model-driven adaptive delegation
Proceedings of the 12th annual international conference on Aspect-oriented software development
Formalization of design patterns for security anddependability
Proceedings of the 4th international ACM Sigsoft symposium on Architecting critical systems
Building high assurance secure applications using security patterns for capability-based platforms
Proceedings of the 2013 International Conference on Software Engineering
Enforcement of entailment constraints in distributed service-based business processes
Information and Software Technology
Comparing attack trees and misuse cases in an industrial setting
Information and Software Technology
Information and Software Technology
Adaptable, model-driven security engineering for SaaS cloud-based applications
Automated Software Engineering
Hi-index | 0.00 |
We present a modeling language for the model-driven development of secure, distributed systems based on the Unified Modeling Language (UML). Our approach is based on role-based access control with additional support for specifying authorization constraints. We show how UMLcan be used to specify information related to access control in the overall design of an application and how this information can be used to automatically generate complete access control infrastructures. Our approach can be used to improve productivity during the development of secure distributed systems and the quality of the resulting systems.