Articulating and enforcing authorisation policies with UML and OCL

Karsten Sohr, Gail Joon Ahn, Lars Migge

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations

Abstract

Nowadays, more and more security-relevant data are stored on computer systems; security-critical business processes are mapped to their digital pendants. This situation applies to various critical infrastructures requiring that different security requirements must be fulfilled. It demands a way to design and express higher-level security policies for such critical organizations. In this paper we focus on authorisation policies to demonstrate how software engineering techniques can help validate authorisation constraints and enforce access control policies. Our approach leverages features and functionalities of the UML/OCL modeling methods as well as model driven approach to represent and specify authorisation model and constraints. Using our authorisation constraints editor, we articulate role-based authorisation policies. Also, we attempt to validate and enforce such constraints with the USE (UML Specification Environment) tool.

Original languageEnglish (US)
Title of host publicationSESS 2005 - Proceedings of the 2005 Workshop on Software Engineering for Secure Systems - Building Trustworthy Applications
PublisherAssociation for Computing Machinery, Inc
ISBN (Electronic)1595931147, 9781595931146
DOIs
StatePublished - May 15 2005
Externally publishedYes
Event2005 Workshop on Software Engineering for Secure Systems - Building Trustworthy Applications, SESS 2005 - St. Louis, United States
Duration: May 15 2005May 16 2005

Publication series

NameSESS 2005 - Proceedings of the 2005 Workshop on Software Engineering for Secure Systems - Building Trustworthy Applications

Other

Other2005 Workshop on Software Engineering for Secure Systems - Building Trustworthy Applications, SESS 2005
CountryUnited States
CitySt. Louis
Period5/15/055/16/05

ASJC Scopus subject areas

  • Mechanical Engineering
  • Software
  • Automotive Engineering

Fingerprint Dive into the research topics of 'Articulating and enforcing authorisation policies with UML and OCL'. Together they form a unique fingerprint.

  • Cite this

    Sohr, K., Ahn, G. J., & Migge, L. (2005). Articulating and enforcing authorisation policies with UML and OCL. In SESS 2005 - Proceedings of the 2005 Workshop on Software Engineering for Secure Systems - Building Trustworthy Applications (SESS 2005 - Proceedings of the 2005 Workshop on Software Engineering for Secure Systems - Building Trustworthy Applications). Association for Computing Machinery, Inc. https://doi.org/10.1145/1083200.1083215