Reconstructing a formal security model

Gail-Joon Ahn, Seung Phil Hong, Michael E. Shin

Research output: Contribution to journalArticle

4 Citations (Scopus)

Abstract

Role-based access control (RBAC) is a flexible approach to access control, which has generated great interest in the security community. The principal motivation behind RBAC is to simplify the complexity of administrative tasks. Several formal models of RBAC have been introduced. However, there are a few works specifying RBAC in a way which system developers or software engineers can easily understand and adopt to develop role-based systems. And there still exists a demand to have a practical representation of well-known access control models for system developers who work on secure system development. In this paper we represent a well-known RBAC model with software engineering tools such as Unified Modeling Language (UML) and Object Constraints Language (OCL) to reduce a gap between security models and system developments. The UML is a general-purpose visual modeling language in which we can specify, visualize, and document the components of a software system. And OCL is part of the UML and has been used for object-oriented analysis and design as a de facto constraints specification language in software engineering arena. Our representation is based on a standard model for RBAC proposed by the National Institute of Standards and Technology. We specify this RBAC model with UML including three views: static view, functional view, and dynamic view. We also describe how OCL can specify RBAC constraints that is one of important aspects to constrain what components in RBAC are allowed to do. In addition, we briefly discuss future directions of this work.

Original languageEnglish (US)
Pages (from-to)649-657
Number of pages9
JournalInformation and Software Technology
Volume44
Issue number11
DOIs
StatePublished - Aug 15 2002
Externally publishedYes

Fingerprint

Access control
Unified Modeling Language
Software engineering
Specification languages
Engineers

Keywords

  • Access control
  • Formal model
  • Role-based
  • UML

ASJC Scopus subject areas

  • Information Systems
  • Software

Cite this

Reconstructing a formal security model. / Ahn, Gail-Joon; Hong, Seung Phil; Shin, Michael E.

In: Information and Software Technology, Vol. 44, No. 11, 15.08.2002, p. 649-657.

Research output: Contribution to journalArticle

Ahn, Gail-Joon ; Hong, Seung Phil ; Shin, Michael E. / Reconstructing a formal security model. In: Information and Software Technology. 2002 ; Vol. 44, No. 11. pp. 649-657.
@article{e91c5ab8dfaf4db185d00cf04abbd76a,
title = "Reconstructing a formal security model",
abstract = "Role-based access control (RBAC) is a flexible approach to access control, which has generated great interest in the security community. The principal motivation behind RBAC is to simplify the complexity of administrative tasks. Several formal models of RBAC have been introduced. However, there are a few works specifying RBAC in a way which system developers or software engineers can easily understand and adopt to develop role-based systems. And there still exists a demand to have a practical representation of well-known access control models for system developers who work on secure system development. In this paper we represent a well-known RBAC model with software engineering tools such as Unified Modeling Language (UML) and Object Constraints Language (OCL) to reduce a gap between security models and system developments. The UML is a general-purpose visual modeling language in which we can specify, visualize, and document the components of a software system. And OCL is part of the UML and has been used for object-oriented analysis and design as a de facto constraints specification language in software engineering arena. Our representation is based on a standard model for RBAC proposed by the National Institute of Standards and Technology. We specify this RBAC model with UML including three views: static view, functional view, and dynamic view. We also describe how OCL can specify RBAC constraints that is one of important aspects to constrain what components in RBAC are allowed to do. In addition, we briefly discuss future directions of this work.",
keywords = "Access control, Formal model, Role-based, UML",
author = "Gail-Joon Ahn and Hong, {Seung Phil} and Shin, {Michael E.}",
year = "2002",
month = "8",
day = "15",
doi = "10.1016/S0950-5849(02)00092-7",
language = "English (US)",
volume = "44",
pages = "649--657",
journal = "Information and Software Technology",
issn = "0950-5849",
publisher = "Elsevier",
number = "11",

}

TY - JOUR

T1 - Reconstructing a formal security model

AU - Ahn, Gail-Joon

AU - Hong, Seung Phil

AU - Shin, Michael E.

PY - 2002/8/15

Y1 - 2002/8/15

N2 - Role-based access control (RBAC) is a flexible approach to access control, which has generated great interest in the security community. The principal motivation behind RBAC is to simplify the complexity of administrative tasks. Several formal models of RBAC have been introduced. However, there are a few works specifying RBAC in a way which system developers or software engineers can easily understand and adopt to develop role-based systems. And there still exists a demand to have a practical representation of well-known access control models for system developers who work on secure system development. In this paper we represent a well-known RBAC model with software engineering tools such as Unified Modeling Language (UML) and Object Constraints Language (OCL) to reduce a gap between security models and system developments. The UML is a general-purpose visual modeling language in which we can specify, visualize, and document the components of a software system. And OCL is part of the UML and has been used for object-oriented analysis and design as a de facto constraints specification language in software engineering arena. Our representation is based on a standard model for RBAC proposed by the National Institute of Standards and Technology. We specify this RBAC model with UML including three views: static view, functional view, and dynamic view. We also describe how OCL can specify RBAC constraints that is one of important aspects to constrain what components in RBAC are allowed to do. In addition, we briefly discuss future directions of this work.

AB - Role-based access control (RBAC) is a flexible approach to access control, which has generated great interest in the security community. The principal motivation behind RBAC is to simplify the complexity of administrative tasks. Several formal models of RBAC have been introduced. However, there are a few works specifying RBAC in a way which system developers or software engineers can easily understand and adopt to develop role-based systems. And there still exists a demand to have a practical representation of well-known access control models for system developers who work on secure system development. In this paper we represent a well-known RBAC model with software engineering tools such as Unified Modeling Language (UML) and Object Constraints Language (OCL) to reduce a gap between security models and system developments. The UML is a general-purpose visual modeling language in which we can specify, visualize, and document the components of a software system. And OCL is part of the UML and has been used for object-oriented analysis and design as a de facto constraints specification language in software engineering arena. Our representation is based on a standard model for RBAC proposed by the National Institute of Standards and Technology. We specify this RBAC model with UML including three views: static view, functional view, and dynamic view. We also describe how OCL can specify RBAC constraints that is one of important aspects to constrain what components in RBAC are allowed to do. In addition, we briefly discuss future directions of this work.

KW - Access control

KW - Formal model

KW - Role-based

KW - UML

UR - http://www.scopus.com/inward/record.url?scp=0037102048&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0037102048&partnerID=8YFLogxK

U2 - 10.1016/S0950-5849(02)00092-7

DO - 10.1016/S0950-5849(02)00092-7

M3 - Article

VL - 44

SP - 649

EP - 657

JO - Information and Software Technology

JF - Information and Software Technology

SN - 0950-5849

IS - 11

ER -