2009
DOI: 10.1016/j.infsof.2008.05.011
|View full text |Cite
|
Sign up to set email alerts
|

Automated analysis of security-design models

Abstract: We have previously proposed SecureUML, an expressive UML-based language for constructing security-design models, which are models that combine design specifications for distributed systems with specifications of their security policies. Here we show how to automate the analysis of such models in a semantically precise and meaningful way. In our approach, models are formalized together with scenarios that represent possible run-time instances. Queries about properties of the security policy modeled are expresse… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
2

Citation Types

0
74
0

Year Published

2010
2010
2023
2023

Publication Types

Select...
5
3

Relationship

0
8

Authors

Journals

citations
Cited by 104 publications
(74 citation statements)
references
References 9 publications
0
74
0
Order By: Relevance
“…SecureUML is a meta-model-based extension of UML that allows for specifying RBAC-requirements for UML class models and state charts. There are also various techniques for analyzing SecureUML models, e. g., [7,11]. While based on the same motivation, UMLsec [16] is not defined using a meta-model.…”
Section: Related Workmentioning
confidence: 99%
“…SecureUML is a meta-model-based extension of UML that allows for specifying RBAC-requirements for UML class models and state charts. There are also various techniques for analyzing SecureUML models, e. g., [7,11]. While based on the same motivation, UMLsec [16] is not defined using a meta-model.…”
Section: Related Workmentioning
confidence: 99%
“…Several works on the validation of RBAC policies based on UML and OCL have been presented [42,30,28,43]. Based upon SecureUML, Basin et al propose an approach to analyzing RBAC policies by stating and evaluating queries like 'Which permissions can a user perform with a given role?'…”
Section: Related Workmentioning
confidence: 99%
“…or 'Are there two roles with the same set of permissions?' [42]. Although not explicitly addressed in this paper, our approach allows the same kind of queries through the query facility of the USE tool [15] into which the model validator is integrated.…”
Section: Related Workmentioning
confidence: 99%
“…Two such specification languages are UMLsec [13], which allows one to formulate security requirements w.r.t. access control and confidentiality, and SecureUML [2], which allows one to model RBAC policies. In addition, Basin et al present an approach to analyzing RBAC policies based on UML meta-modelling [2].…”
Section: Analysis Of Androidmentioning
confidence: 99%
“…access control and confidentiality, and SecureUML [2], which allows one to model RBAC policies. In addition, Basin et al present an approach to analyzing RBAC policies based on UML meta-modelling [2]. Our work currently is focused on checking the intended architecture against the implemented low-level architecture, although analyzing the architecture itself remains future work.…”
Section: Analysis Of Androidmentioning
confidence: 99%