Title :
Rigorous Analysis of UML Access Control Policy Models
Author :
Sun, Wuliang ; France, Robert ; Ray, Indrakshi
Author_Institution :
Dept. of Comput. Sci., Colorado State Univ., Fort Collins, CO, USA
Abstract :
The use of the Unified Modeling Language (UML)for specifying security policies is attractive because it is expressive and has a wide user base in the software industry. However, there are very few mature tools that support rigorous analysis of UML models. Alloy is a formal specification language that has been used to rigorously analyze security policies, but few practitioners have the background needed to develop good Alloy models. We propose a new approach to policy analysis in which designers use UML at the front-end to describe their security policies and the Alloy Analyzer is used at the backend to analyze the modeled properties. The UML-to-Alloy and Alloy-to-UML transformations obviate the need for security designers to understand the Alloy specification language. The proposed approach supports the analysis of both functional and structural aspects of security policies.
Keywords :
Unified Modeling Language; authorisation; formal specification; Alloy Analyzer; Alloy specification language; Alloy-to-UML transformation; UML access control; UML-to-Alloy transformation; Unified Modeling Language; formal specification language; software industry; Access control; Analytical models; Metals; Software; Transforms; Unified modeling language; Alloy; LRBAC; UML;
Conference_Titel :
Policies for Distributed Systems and Networks (POLICY), 2011 IEEE International Symposium on
Conference_Location :
Pisa
Print_ISBN :
978-1-4244-9879-6
Electronic_ISBN :
978-0-7695-4330-7
DOI :
10.1109/POLICY.2011.30
