A UML profile for role-based access control

Çaǧdaş Cirit*, Feza Buzluca

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

11 Citations (Scopus)

Abstract

When building an access control aware system, integrating access control specifications into the development process is problematic. Even if security modeling is structured at the early phases of development, security mechanisms are placed into the system at the final phases. This late integration affects security and maintainability of the resulting system in a bad way. In this paper, we present a solution for this problem. We propose a Unified Modeling Language (UML) Profile for Role-Based Access Control (RBAC), with which access control specifications can be modeled graphically together with problem domain specifications from the beginning of the design phase, making it possible to extend security integration over entire development process. We employed significant RBAC constraints like static and dynamic separation of duties into the profile and introduced how Object Constraint Language (OCL) is used to validate well-formedness and meaning of information models against the RBAC.

Original languageEnglish
Title of host publicationSIN'09 - Proceedings of the 2nd International Conference on Security of Information and Networks
Pages83-92
Number of pages10
DOIs
Publication statusPublished - 2009
Event2nd International Conference on Security of Information and Networks, SIN'09 - Famagusta, Cyprus
Duration: 6 Oct 200910 Oct 2009

Publication series

NameSIN'09 - Proceedings of the 2nd International Conference on Security of Information and Networks

Conference

Conference2nd International Conference on Security of Information and Networks, SIN'09
Country/TerritoryCyprus
CityFamagusta
Period6/10/0910/10/09

Keywords

  • Model driven architecture
  • Model validation
  • Object constraint language
  • Role-based access control
  • Security engineering
  • Stereotype
  • Tagged value
  • Unified modeling language profile

Fingerprint

Dive into the research topics of 'A UML profile for role-based access control'. Together they form a unique fingerprint.

Cite this