Leveraging UML for Access Control Engineering in a Collaboration on Duty and Adaptive Workflow Model that Extends NIST RBAC

2021 ◽  
pp. 916-939
Author(s):  
Solomon Berhe ◽  
Steven A. Demurjian ◽  
Jaime Pavlich-Mariscal ◽  
Rishi Kanth Saripalle ◽  
Alberto De la Rosa Algarín
Keyword(s):  
Access Control ◽  
Unified Modeling Language ◽  
Role Based Access Control ◽  
Patient Centered ◽  
Control Engineering ◽  
Unified Modeling ◽  
Adaptive Workflow ◽  
Software Engineering Process ◽  
Role Based ◽  
Integrated Software

To facilitate collaboration in emerging domains such as the Patient-Centered Medical Home (PCMH), the authors' prior work extended the NIST Role-Based Access Control (RBAC) model to yield a formal Collaboration on Duty and Adaptive Workflow (CoD/AWF) model. The next logical step is to place this work into the context of an integrated software process for security engineering from design through enforcement. Towards this goal, the authors promote a secure software engineering process that leverages an extended Unified Modeling Language (UML) to visualize CoD/AWF policies to achieve a solution that separates concerns while still providing the means to securely engineer dynamic collaborations for applications such as the PCMH.

Leveraging UML for Access Control Engineering in a Collaboration on Duty and Adaptive Workflow Model that Extends NIST RBAC

2016 ◽  
pp. 96-124
Author(s):  
Solomon Berhe ◽  
Steven A. Demurjian ◽  
Jaime Pavlich-Mariscal ◽  
Rishi Kanth Saripalle ◽  
Alberto De la Rosa Algarín
Keyword(s):  
Access Control ◽  
Unified Modeling Language ◽  
Role Based Access Control ◽  
Patient Centered ◽  
Control Engineering ◽  
Unified Modeling ◽  
Adaptive Workflow ◽  
Software Engineering Process ◽  
Role Based ◽  
Integrated Software

To facilitate collaboration in emerging domains such as the Patient-Centered Medical Home (PCMH), the authors' prior work extended the NIST Role-Based Access Control (RBAC) model to yield a formal Collaboration on Duty and Adaptive Workflow (CoD/AWF) model. The next logical step is to place this work into the context of an integrated software process for security engineering from design through enforcement. Towards this goal, the authors promote a secure software engineering process that leverages an extended Unified Modeling Language (UML) to visualize CoD/AWF policies to achieve a solution that separates concerns while still providing the means to securely engineer dynamic collaborations for applications such as the PCMH.

Integrating Access Control into UML for Secure Software Modeling and Analysis

2012 ◽  
pp. 69-88
Author(s):  
Thuong Doan ◽  
Steven Demurjian ◽  
Laurent Michel ◽  
Solomon Berhe
Keyword(s):  
Access Control ◽  
Unified Modeling Language ◽  
Role Based Access Control ◽  
Software Modeling ◽  
Sequence Diagrams ◽  
Modeling And Analysis ◽  
Unified Modeling ◽  
Software Applications ◽  
Secure Software ◽  
Role Based

Access control models are often an orthogonal activity when designing, implementing, and deploying software applications. Role-based access control (RBAC) which targets privileges based on responsibilities within an application and mandatory access control (MAC) that emphasizes the protection of information via security tags are two dominant approaches in this regard. The integration of access control into software modeling and analysis is often loose and significantly lacking, particularly when security is such a high-priority concern in applications. This paper presents an approach to integrate RBAC and MAC into use-case, class, and sequence diagrams of the unified modeling language (UML), providing a cohesive approach to secure software modeling that elevates security to a first-class citizen in the process. To insure that a UML design with security does not violate RBAC or MAC requirements, design-time analysis checks security constraints whenever a new UML element is added or an existing UML element is modified, while post-design analysis checks security constraints across the entire design for conflicts and inconsistencies. These access control extensions and security analyses have been prototyped within a UML tool.

Integrating Access Control into UML for Secure Software Modeling and Analysis

2010 ◽  
Vol 1 (1) ◽  
pp. 1-19 ◽  
Author(s):  
Thuong Doan ◽  
Steven Demurjian ◽  
Laurent Michel ◽  
Solomon Berhe
Keyword(s):  
Access Control ◽  
Unified Modeling Language ◽  
Role Based Access Control ◽  
Software Modeling ◽  
Sequence Diagrams ◽  
Modeling And Analysis ◽  
Unified Modeling ◽  
Software Applications ◽  
Secure Software ◽  
Role Based

Access control models are often an orthogonal activity when designing, implementing, and deploying software applications. Role-based access control (RBAC) which targets privileges based on responsibilities within an application and mandatory access control (MAC) that emphasizes the protection of information via security tags are two dominant approaches in this regard. The integration of access control into software modeling and analysis is often loose and significantly lacking, particularly when security is such a high-priority concern in applications. This article presents an approach to integrate RBAC and MAC into use-case, class, and sequence diagrams of the unified modeling language (UML), providing a cohesive approach to secure software modeling that elevates security to a first-class citizen in the process. To insure that a UML design with security does not violate RBAC or MAC requirements, design-time analysis checks security constraints whenever a new UML element is added or an existing UML element is modified, while post-design analysis checks security constraints across the entire design for conflicts and inconsistencies. These access control extensions and security analyses have been prototyped within a UML tool.

Sign in / Sign up

Export Citation Format

Share Document