Towards a theory of declarative knowledge
Foundations of deductive databases and logic programming
Role-Based Access Control Models
Computer
The Unified Modeling Language user guide
The Unified Modeling Language user guide
The object constraint language: precise modeling with UML
The object constraint language: precise modeling with UML
Software engineering for security: a roadmap
Proceedings of the Conference on The Future of Software Engineering
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
Software Engineering Economics
Software Engineering Economics
Making inconsistency respectable: a logical framework for inconsistency in reasoning
FAIR '91 Proceedings of the International Workshop on Fundamentals of Artificial Intelligence Research
Towards Development of Secure Systems Using UMLsec
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
Making Inconsistency Respectable: Part 2 - Meta-level handling of inconsistency
ECSQARU '93 Proceedings of the European Conference on Symbolic and Quantitative Approaches to Reasoning and Uncertainty
A Typed Access Control Model for CORBA
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
authUML: a three-phased framework to analyze access control specifications in use cases
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Information and Software Technology
From use cases to system operation specifications
UML'00 Proceedings of the 3rd international conference on The unified modeling language: advancing the standard
| Hi-index | 0.00 |
Validating the compliance of software requirements with the access control policies during the early development life cycle improves the security of the software. It prevents authorizing unauthorized subject during the specification of requirements and analysis before proceeding to other phases where the cost of fixing defects is augmented. This paper provides a logical-based framework that analyzes the authorization requirements specified in the Unified Modeling Language (UML). It ensures that the access requirements are consistent, complete and conflict-free. The framework proposed in this paper is an extension to AuthUML framework. We refine AuthUML and extend it by expanding its analysis to validate the enforcement of the Separation of Duty (SoD) during the requirement engineering. We enhance and extend AuthUML with the necessary phase, predicates and rules. The paper shows the various types of SoD and how each type can be validated. The extension shows the flexibility and scalability of AuthUML to validate new policies. Also, the extension makes AuthUML spans to different phases of the software development process that widen the application of AuthUML.