• DocumentCode
    2651360
  • Title

    Rigorous Analysis of UML Access Control Policy Models

  • Author

    Sun, Wuliang ; France, Robert ; Ray, Indrakshi

  • Author_Institution
    Dept. of Comput. Sci., Colorado State Univ., Fort Collins, CO, USA
  • fYear
    2011
  • fDate
    6-8 June 2011
  • Firstpage
    9
  • Lastpage
    16
  • Abstract
    The use of the Unified Modeling Language (UML)for specifying security policies is attractive because it is expressive and has a wide user base in the software industry. However, there are very few mature tools that support rigorous analysis of UML models. Alloy is a formal specification language that has been used to rigorously analyze security policies, but few practitioners have the background needed to develop good Alloy models. We propose a new approach to policy analysis in which designers use UML at the front-end to describe their security policies and the Alloy Analyzer is used at the backend to analyze the modeled properties. The UML-to-Alloy and Alloy-to-UML transformations obviate the need for security designers to understand the Alloy specification language. The proposed approach supports the analysis of both functional and structural aspects of security policies.
  • Keywords
    Unified Modeling Language; authorisation; formal specification; Alloy Analyzer; Alloy specification language; Alloy-to-UML transformation; UML access control; UML-to-Alloy transformation; Unified Modeling Language; formal specification language; software industry; Access control; Analytical models; Metals; Software; Transforms; Unified modeling language; Alloy; LRBAC; UML;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Policies for Distributed Systems and Networks (POLICY), 2011 IEEE International Symposium on
  • Conference_Location
    Pisa
  • Print_ISBN
    978-1-4244-9879-6
  • Electronic_ISBN
    978-0-7695-4330-7
  • Type

    conf

  • DOI
    10.1109/POLICY.2011.30
  • Filename
    5976790