Title :
Integration of Access Control Policy Design into Software Development
Author_Institution :
Sch. of Comput. Sci. & Technol., China Univ. of Min. & Technol., Xuzhou, China
Abstract :
Security is an important part especially in complex software systems, but now it is not considered as an essential part in software development. There would be many difficulties and mismatches if security mechanisms are added to existing systems afterwards, so it is proposed to integrate the design of access control policy into software development. In this paper, UML is used to model access control policy, and then a compiler is designed as a plug-in component of UML tools to export the model result to XACML for complex distributed system. The mechanism supports the automatic generation of a XACML specification based on an extended RBAC.
Keywords :
Unified Modeling Language; authorisation; software architecture; UML tools; XACML specification; access control policy design; complex software systems; extended RBAC; security mechanisms; software development; Access control; Computational intelligence; Documentation; Information security; Object oriented modeling; Permission; Programming; Software design; Software systems; Unified modeling language; RBAC; UML; XACML; policy design;
Conference_Titel :
Computational Intelligence and Security, 2009. CIS '09. International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-5411-2
DOI :
10.1109/CIS.2009.250
