Integrating Access Control into UML for Secure Software Modeling and Analysis

2012 ◽  
pp. 69-88
Author(s):  
Thuong Doan ◽  
Steven Demurjian ◽  
Laurent Michel ◽  
Solomon Berhe
Keyword(s):  
Access Control ◽  
Unified Modeling Language ◽  
Role Based Access Control ◽  
Software Modeling ◽  
Sequence Diagrams ◽  
Modeling And Analysis ◽  
Unified Modeling ◽  
Software Applications ◽  
Secure Software ◽  
Role Based

Access control models are often an orthogonal activity when designing, implementing, and deploying software applications. Role-based access control (RBAC) which targets privileges based on responsibilities within an application and mandatory access control (MAC) that emphasizes the protection of information via security tags are two dominant approaches in this regard. The integration of access control into software modeling and analysis is often loose and significantly lacking, particularly when security is such a high-priority concern in applications. This paper presents an approach to integrate RBAC and MAC into use-case, class, and sequence diagrams of the unified modeling language (UML), providing a cohesive approach to secure software modeling that elevates security to a first-class citizen in the process. To insure that a UML design with security does not violate RBAC or MAC requirements, design-time analysis checks security constraints whenever a new UML element is added or an existing UML element is modified, while post-design analysis checks security constraints across the entire design for conflicts and inconsistencies. These access control extensions and security analyses have been prototyped within a UML tool.

Integrating Access Control into UML for Secure Software Modeling and Analysis

2010 ◽  
Vol 1 (1) ◽  
pp. 1-19 ◽  
Author(s):  
Thuong Doan ◽  
Steven Demurjian ◽  
Laurent Michel ◽  
Solomon Berhe
Keyword(s):  
Access Control ◽  
Unified Modeling Language ◽  
Role Based Access Control ◽  
Software Modeling ◽  
Sequence Diagrams ◽  
Modeling And Analysis ◽  
Unified Modeling ◽  
Software Applications ◽  
Secure Software ◽  
Role Based

Access control models are often an orthogonal activity when designing, implementing, and deploying software applications. Role-based access control (RBAC) which targets privileges based on responsibilities within an application and mandatory access control (MAC) that emphasizes the protection of information via security tags are two dominant approaches in this regard. The integration of access control into software modeling and analysis is often loose and significantly lacking, particularly when security is such a high-priority concern in applications. This article presents an approach to integrate RBAC and MAC into use-case, class, and sequence diagrams of the unified modeling language (UML), providing a cohesive approach to secure software modeling that elevates security to a first-class citizen in the process. To insure that a UML design with security does not violate RBAC or MAC requirements, design-time analysis checks security constraints whenever a new UML element is added or an existing UML element is modified, while post-design analysis checks security constraints across the entire design for conflicts and inconsistencies. These access control extensions and security analyses have been prototyped within a UML tool.

Leveraging UML for Access Control Engineering in a Collaboration on Duty and Adaptive Workflow Model that Extends NIST RBAC

2016 ◽  
pp. 96-124
Author(s):  
Solomon Berhe ◽  
Steven A. Demurjian ◽  
Jaime Pavlich-Mariscal ◽  
Rishi Kanth Saripalle ◽  
Alberto De la Rosa Algarín
Keyword(s):  
Access Control ◽  
Unified Modeling Language ◽  
Role Based Access Control ◽  
Patient Centered ◽  
Control Engineering ◽  
Unified Modeling ◽  
Adaptive Workflow ◽  
Software Engineering Process ◽  
Role Based ◽  
Integrated Software

To facilitate collaboration in emerging domains such as the Patient-Centered Medical Home (PCMH), the authors' prior work extended the NIST Role-Based Access Control (RBAC) model to yield a formal Collaboration on Duty and Adaptive Workflow (CoD/AWF) model. The next logical step is to place this work into the context of an integrated software process for security engineering from design through enforcement. Towards this goal, the authors promote a secure software engineering process that leverages an extended Unified Modeling Language (UML) to visualize CoD/AWF policies to achieve a solution that separates concerns while still providing the means to securely engineer dynamic collaborations for applications such as the PCMH.

Leveraging UML for Access Control Engineering in a Collaboration on Duty and Adaptive Workflow Model that Extends NIST RBAC

2021 ◽  
pp. 916-939
Author(s):  
Solomon Berhe ◽  
Steven A. Demurjian ◽  
Jaime Pavlich-Mariscal ◽  
Rishi Kanth Saripalle ◽  
Alberto De la Rosa Algarín
Keyword(s):  
Access Control ◽  
Unified Modeling Language ◽  
Role Based Access Control ◽  
Patient Centered ◽  
Control Engineering ◽  
Unified Modeling ◽  
Adaptive Workflow ◽  
Software Engineering Process ◽  
Role Based ◽  
Integrated Software

To facilitate collaboration in emerging domains such as the Patient-Centered Medical Home (PCMH), the authors' prior work extended the NIST Role-Based Access Control (RBAC) model to yield a formal Collaboration on Duty and Adaptive Workflow (CoD/AWF) model. The next logical step is to place this work into the context of an integrated software process for security engineering from design through enforcement. Towards this goal, the authors promote a secure software engineering process that leverages an extended Unified Modeling Language (UML) to visualize CoD/AWF policies to achieve a solution that separates concerns while still providing the means to securely engineer dynamic collaborations for applications such as the PCMH.

scholarly journals Implementasi Diagram UML (Unified Modelling Language) Pada Perancangan Sistem Informasi Penggajian

2021 ◽  
Vol 7 (1) ◽  
pp. 106-111
Author(s):  
Setiaji Setiaji ◽  
Ricki Sastra
Keyword(s):  
Information System ◽  
Code Generation ◽  
Unified Modeling Language ◽  
Modeling Language ◽  
Software Modeling ◽  
Sequence Diagrams ◽  
Research Information ◽  
Unified Modeling ◽  
Existing Problems ◽  
Program Testing

Companies need an information system that supports and can provide fast and accurate data. This research was conducted as an effort to improve the existing payroll system so that it is more effective and efficient. At this time several companies engaged in the payroll system services are still at their maximum, starting from recording attendance to payroll, making it possible when the process takes place there are errors in payroll, inaccurate reports made and late in searching for the required data. The research information system uses object-oriented Unified Modeling Language (UML) software modeling. Researchers use Unified Modeling Language modeling with the aim that the desired system can be provided properly so that problems in the existing system are resolved. This uml modeling process begins with analyzing the system's needs and implementing it in usecase traffic diagrams by making class diagrams, sequence diagrams, and activity diagrams. UML software modeling also provides benefits in software development and is able to monitor the flow or system flow expected by the company. This research also uses the approach waterfall method, namely analysis, design, code generation program, testing and maintenance in designing. This information system design is the best solution to solve problems that exist in the payroll system. The payroll system that utilizes software to support the process provides a very effective contribution to the company and the development process will still be carried out for existing problems.

Sign in / Sign up

Export Citation Format

Share Document