Usability of Security Specification Approaches for UML Design: A Survey.

Talhi, Chamseddine; Mouheb, Djedjiga; Lima, Vitor; Debbabi, Mourad; Wang, Lingyu; Pourzandi, Makan

doi:10.5381/jot.2009.8.6.a1

Cited by 12 publications

(9 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This summary would highlight the application of Features in representing the characteristics and properties of the Access control model taken for representing the ACPs of an application. [30] and [31] , that defines the following technical criteria is used for analysis. Certain criteria are newly proposed in this paper that would enhance the qualitative analysis.…”

Section: 7 B Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Can “Feature” Be Used to Model The Changing Access Control Policies?

Kumari¹,

Chithralekha²

2012

IJORCS

View full text Add to dashboard Cite

Access control policies [ACPs] regulate the access to data and resources in information systems. These ACPs are framed from the functional requirements and the Organizational security & privacy policies. It was found to be beneficial, when the ACPs are included in the early phases of the software development leading to secure development of information systems. Many approaches are available for including the ACPs in requirements and design phase. They relied on U ML artifacts, Aspects and also Feature for this purpose. But the earlier modeling approaches are limited in expressing the evolving ACPs due to organizational policy changes and business process modifications. In this paper, we analyze, whether "Feature"-defined as an increment in program functionality can be used as a modeling entity to represent the Evolving Access control requirements. We discuss the two prominent approaches that use Feature in modeling ACPs. Also we have a comparative analysis to find the suitability of Features in the context of changing ACPs. We conclude with our findings and provide directions for further research.

show abstract

Section: 7 B Discussionmentioning

confidence: 99%

“…4 1 B Factors that focus on representation of ACPs-Applicability 1. Expressiveness [31]: Refers to the ability of representing security policies as models. This is an important criterion that would make the modeling approach successful.…”

Section: 7 B Discussionmentioning

confidence: 99%

Can “Feature” Be Used to Model The Changing Access Control Policies?

Kumari¹,

Chithralekha²

2012

IJORCS

View full text Add to dashboard Cite

show abstract

“…We don't know of any other paper surveying and analyzing RBAC supported techniques with similar criteria as ours. Another survey of security design techniques [27] employs different criteria such as expressitivity, tool support, verifiability and complexity but does not focus on RBAC. However, a paper [28] have discussed the formalisms and methods for the validation of RBAC policies.…”

Section: A a Summary Of Formal Techniquesmentioning

confidence: 99%

Evaluating RBAC Supported Techniques and their Validation and Verification

Qamar

Ledru

Idani

2011

2011 Sixth International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

International audienceThis paper evaluates the security specification techniques that employ Role Based Access Control (RBAC) variants. RBAC offers a special kind of access control mechanism based on the use of roles to grant permissions. Its variants include role hierarchy and separation of duty (SoD) constraints. The overall management of a RBAC supported system is made through its administrative, review and supporting system functions. In this paper, a summary of semi-formal and formal techniques employing RBAC is provided along with their benefits and limitations. Here, semi-formal techniques refer to UML+OCL while formal ones are based on Alloy. This paper may guide through the process of selecting an appropriate technique to specify security rules. This is done by analyzing the degree of coverage of RBAC including some extensions like SoD and role hierarchy. We also investigate the use of validation and verification tools in these techniques. We find that formal techniques are more amenable to automated analysis as compared to semi-formal ones. Semi-formal techniques are rich in specifying RBAC variants but have prototypic tools. Session based dynamic aspects of RBAC have been partly covered in both techniques

show abstract

“…For the SeMF approach, the first implementation has been based on ArgoUML and utilized UML Profiles for usability reasons (cf. [39]) in order to provide a graphical representation [40]. However, this implementation displayed a couple of drawbacks:…”

Section: Development Approach and Implementationmentioning

confidence: 99%

Supporting Security Engineering at Design Time with Adequate Tooling

Eichler

Fuchs

Lincke

2012

2012 IEEE 15th International Conference on Computational Science and Engineering

View full text Add to dashboard Cite

Abstract-Security engineering is considered to be a challenging task in order to build systems that remain dependable in the face of malice, error, or mischance. Recent approaches propose the application of domain specific modeling languages (DSMLs) in order to facilitate security engineering activities. To support the development and application of adequate DSMLs, agile approaches and frameworks to provide appropriate tooling are needed. In this paper, we document our experiences developing modeling tools for two different DSMLs in the domain of security engineering. We sketch the language and implementation requirements for our modeling tools, design and implementation considerations, and report on pitfalls and remaining issues with regard to the development of modeling tools based on our experiences.

show abstract

Usability of Security Specification Approaches for UML Design: A Survey.

Cited by 12 publications

References 23 publications

Can “Feature” Be Used to Model The Changing Access Control Policies?

Can “Feature” Be Used to Model The Changing Access Control Policies?

Evaluating RBAC Supported Techniques and their Validation and Verification

Supporting Security Engineering at Design Time with Adequate Tooling

Contact Info

Product

Resources

About