Title :
A Rigorous Approach to Uncovering Security Policy Violations in UML Designs
Author :
Yu, Lijun ; France, Robert ; Ray, Indrakshi ; Ghosh, Sudipto
Author_Institution :
Colorado State Univ., Fort Collins, CO
Abstract :
There is a need for rigorous analysis techniques that developers can use to uncover security policy violations in their UML designs. There are a few UML analysis tools that can be used for this purpose, but they either rely on theorem-proving mechanisms that require sophisticated mathematical skill to use effectively, or they are based on model-checking techniques that require a ldquoclosed-worldrdquo view of the system (i.e., a system in which there are no inputs from external sources). In this paper we show how alight weight, scenario-based UML design analysis approach we developed can be used to rigorously analyze a UML design to uncover security policy violations. In the method, a UML design class model, in which security policies and operation specifications are expressed in the Object Constraint Language (OCL), is analyzed against a set of scenarios describing behaviors that adhere to and that violate security policies. The method includes a technique for generating scenarios. We illustrate how the method can be applied through an example involving role-based access control policies.
Keywords :
Unified Modeling Language; formal specification; object-oriented languages; security of data; Object Constraint Language; UML design analysis approach; UML design class model; operation specifications; role-based access control policies; security policy violations; Access control; Computer security; Design engineering; Design methodology; Law; Legal factors; Mathematical model; Object oriented modeling; USA Councils; Unified modeling language;
Conference_Titel :
Engineering of Complex Computer Systems, 2009 14th IEEE International Conference on
Conference_Location :
Potsdam
Print_ISBN :
978-0-7695-3702-3
DOI :
10.1109/ICECCS.2009.16
