Abstract
SecTOOL is a case tool for security engineering. It comes as an extension to traditional UML tools, taking into account access control requirements. In particular, it supports the developer in eliciting access control information from UML diagrams for the early phases, starting with requirements analysis and use case diagrams. Access control policies coded in VPL or XACML are generated from the diagrams; vice versa, textually coded policies can be visualized in UML diagrams. Design and usage of the tool are described, emphasizing its platform independence through XACML.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Alam, M., Breu, R., Breu, M.: Model–Driven Security for Web Services. In: Proceedings of the 8th Int. Multi-Topic Conference, pp. 498–505. IEEE, Los Alamitos (2004)
Basin, D., Doser, J., Lodderstedt, T.: Model–Driven Security: from UML Models to Access Control Infrastructures. Journal of ACM Transactions on Software Engineering and Methodology (2005)
Breu, R., Hafner, M., Weber, B., Alam, M., Breu, M.: Towards Model Driven Security of Inter-Organizational Workflows. In: Proceedings of the Workshops on Specification and Automated Processing of Security Requirements, pp. 255–267 (2004)
Brose, G.: Access Control Management in Distributed Object Systems. PhD thesis, Freie Universität Berlin (2001)
Brose, G.: Raccoon — An Infrastructure for Managing Access Control in CORBA. In: Proc. Int. Conference on Distributed Applications and Interoperable Systems (DAIS). Kluwer, Dordrecht (2001)
Brose, G.: Manageable Access Control for CORBA. Journal of Computer Security 4, 301–337 (2002)
Brose, G., Koch, M., Löhr, K.-P.: Integrating Access Control Design into the Software Development Process. In: Proc. of 6th Int. Conference on Integrated Design and Process Technology (IDPT) (2002)
Fink, T., Koch, M., Oancea, C.: Specification and Enforcement of Access Control in Heterogeneous Distributed Applications. In: Jeckle, M., Zhang, L.-J. (eds.) ICWS-Europe 2003. LNCS, vol. 2853, pp. 88–100. Springer, Heidelberg (2003)
Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)
Jürjens, J.: Towards Development of Secure Systems Using UMLsec. In: Hussmann, H. (ed.) FASE 2001. LNCS, vol. 2029, pp. 187–200. Springer, Heidelberg (2001)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: Foundations for a Graph-Based Approach to the Specification of Access Control Policies. In: Honsell, F., Miculan, M. (eds.) FOSSACS 2001. LNCS, vol. 2030, p. 287. Springer, Heidelberg (2001)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 426. Springer, Heidelberg (2002)
Interactive Objects. Arcstyler (2005), www.io-software.com
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kolarczyk, S., Koch, M., Löhr, KP., Pauls, K. (2006). SecTOOL – Supporting Requirements Engineering for Access Control. In: Müller, G. (eds) Emerging Trends in Information and Communication Security. ETRICS 2006. Lecture Notes in Computer Science, vol 3995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11766155_18
Download citation
DOI: https://doi.org/10.1007/11766155_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34640-1
Online ISBN: 978-3-540-34642-5
eBook Packages: Computer ScienceComputer Science (R0)