Comprehensive Two-Level Analysis of Static and Dynamic RBAC Constraints with UML and OCL

2011 Fifth International Conference on Secure Software Integration and Reliability Improvement Pub Date : 2011-06-27 DOI:10.1109/SSIRI.2011.18

Mirco Kuhlmann, K. Sohr, Martin Gogolla

{"title":"Comprehensive Two-Level Analysis of Static and Dynamic RBAC Constraints with UML and OCL","authors":"Mirco Kuhlmann, K. Sohr, Martin Gogolla","doi":"10.1109/SSIRI.2011.18","DOIUrl":null,"url":null,"abstract":"Organizations with stringent security requirements like banks or hospitals frequently adopt role-based access control (RBAC) principles to simplify their internal permission management. Authorization constraints represent a fundamental advanced RBAC concept enabling precise restrictions on access rights. Thereby, the complexity of the resulting security policies increases so that tool support for comfortable creation and adequate validation is required. We propose a new approach to developing and analyzing RBAC policies using UML for modeling RBAC core concepts and OCL to realize authorization constraints. Dynamic (i. e., time-dependent) constraints, their visual representation in UML and their analysis are of special interest. The approach results in a domain-specific language for RBAC which is highly configurable and extendable with respect to new RBAC concepts and classes of authorization constraints and allows the developer to validate RBAC policies in an effective way. The approach is supported by a UML and OCL validation tool.","PeriodicalId":224250,"journal":{"name":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Fifth International Conference on Secure Software Integration and Reliability Improvement","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SSIRI.2011.18","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 21

Abstract

Organizations with stringent security requirements like banks or hospitals frequently adopt role-based access control (RBAC) principles to simplify their internal permission management. Authorization constraints represent a fundamental advanced RBAC concept enabling precise restrictions on access rights. Thereby, the complexity of the resulting security policies increases so that tool support for comfortable creation and adequate validation is required. We propose a new approach to developing and analyzing RBAC policies using UML for modeling RBAC core concepts and OCL to realize authorization constraints. Dynamic (i. e., time-dependent) constraints, their visual representation in UML and their analysis are of special interest. The approach results in a domain-specific language for RBAC which is highly configurable and extendable with respect to new RBAC concepts and classes of authorization constraints and allows the developer to validate RBAC policies in an effective way. The approach is supported by a UML and OCL validation tool.

查看原文本刊更多论文

基于UML和OCL的静态和动态RBAC约束综合两层分析

银行或医院等具有严格安全要求的组织经常采用基于角色的访问控制(RBAC)原则来简化其内部权限管理。授权约束代表了一个基本的高级RBAC概念，可以对访问权限进行精确的限制。因此，生成的安全策略的复杂性会增加，因此需要工具支持舒适的创建和充分的验证。我们提出了一种新的方法来开发和分析RBAC策略，使用UML建模RBAC核心概念，使用OCL实现授权约束。动态的(例如，依赖于时间的)约束，它们在UML中的可视化表示和它们的分析是特别有趣的。这种方法为RBAC提供了一种特定于领域的语言，这种语言在新的RBAC概念和授权约束类方面具有高度可配置性和可扩展性，并允许开发人员以有效的方式验证RBAC策略。该方法由UML和OCL验证工具支持。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 Fifth International Conference on Secure Software Integration and Reliability Improvement

自引率

0.00%

发文量