UACML: Unified Access Control Modeling Language

Incorporating security requirements into system design models is receiving increasing interest. Access control requirements are an important part of overall system security requirements. Existing approaches that incorporate access control requirements into system design models have directly been developed on top of specific access control models. In these approaches, there exists a tight-coupling between the modeling language and underlying access control model(s) on which the modeling language is developed. Consequently, these approaches can only support security requirements for the access control model(s) on which they were developed. We propose an alternative approach in this work by adopting a "metamodel of access control" as a basis for developing a UML-based modeling language. The usage of a metamodel of access control offers at least two benefits: (i) our modeling language is able to represent a variety of access control requirements in a generic way and (ii) our modeling language is independent of specific access control models. By using examples, we demonstrate that our approach is useful for developing a generic modeling language of access control that is simple, yet powerful for representing a variety of access control models.