DocumentCode
2651360
Title
Rigorous Analysis of UML Access Control Policy Models
Author
Sun, Wuliang ; France, Robert ; Ray, Indrakshi
Author_Institution
Dept. of Comput. Sci., Colorado State Univ., Fort Collins, CO, USA
fYear
2011
fDate
6-8 June 2011
Firstpage
9
Lastpage
16
Abstract
The use of the Unified Modeling Language (UML)for specifying security policies is attractive because it is expressive and has a wide user base in the software industry. However, there are very few mature tools that support rigorous analysis of UML models. Alloy is a formal specification language that has been used to rigorously analyze security policies, but few practitioners have the background needed to develop good Alloy models. We propose a new approach to policy analysis in which designers use UML at the front-end to describe their security policies and the Alloy Analyzer is used at the backend to analyze the modeled properties. The UML-to-Alloy and Alloy-to-UML transformations obviate the need for security designers to understand the Alloy specification language. The proposed approach supports the analysis of both functional and structural aspects of security policies.
Keywords
Unified Modeling Language; authorisation; formal specification; Alloy Analyzer; Alloy specification language; Alloy-to-UML transformation; UML access control; UML-to-Alloy transformation; Unified Modeling Language; formal specification language; software industry; Access control; Analytical models; Metals; Software; Transforms; Unified modeling language; Alloy; LRBAC; UML;
fLanguage
English
Publisher
ieee
Conference_Titel
Policies for Distributed Systems and Networks (POLICY), 2011 IEEE International Symposium on
Conference_Location
Pisa
Print_ISBN
978-1-4244-9879-6
Electronic_ISBN
978-0-7695-4330-7
Type
conf
DOI
10.1109/POLICY.2011.30
Filename
5976790
Link To Document