Abstract
Secure data sharing between computational systems is a necessity to many workflows across domains such as healthcare informatics, law enforcement and national security. While there exist many approaches towards securing data for the purpose of dissemination, the vast majority follows the traditional thought of security engineering that occurs as the last step of the overall software engineering process. In this paper we extend the Unified Modeling Language (UML) standard to: (1) modeling tree-structured data and associated schemas and (2) information security via role-based, lattice-based, and discretionary access control; both push it towards the forefront of the software development life-cycle. Tree structured data and associated schemas are dominant in information modeling and exchange formats including: the eXtensible Markup Language (XML), JavaScript Object Notation (JSON), etc. New UML artifacts for tree-structured data and schemas would allow the modeling of generalized information solutions from which XML, JSON, RDF, etc., could be generated; this is akin to generating different object-oriented programming language code from UML class diagrams. This UML extension also allows security experts to model and define information security requirements at the schema level as well, before code is written. The end-result is the assurance of information security for the purpose of sharing across computational systems.
Keywords
- Unify Modeling Language
- Resource Description Framework
- Security Policy
- Access Control Model
- Clinical Document Architecture
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
HITECH act enforcement interim final rule (2014). http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/hitechenforcementifr.html
UML ISO standard. Object Management Group (2014). http://www.omg.org/spec/UML/
Annas, G.J.: HIPAA regulations—a new era of medical-record privacy? N. Engl. J. Med. 348, 1486–1490 (2003)
Baumer, D., Earp, J.B., Payton, F.C.: Privacy of medical records: IT implications of HIPAA, pp. 137–152 (2006)
Bernauer, M., Kappel, G., Kramler, G.: Representing XML schema in UML–A comparison of approaches, pp. 767–769 (2004)
Bernauer, M., Kappel, G., Kramler, G.: Representing XML schema in UML-an UML profile for XML schema (2003)
Boudreau, T., Glick, J., Greene, S., Spurlin, V., Woehr, J.J.: NetBeans: The Definitive Guide. O’Reilly Media Inc., Sebastopol (2002)
Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E., Yergeau, F.: Extensible markup language (XML) (1998)
Crockford, D.: JSON: the fat-free alternative to XML (2006)
Damiani, E., Capitani, De, di Vimercati, S., Paraboschi, S., Samarati, P.: Design and implementation of an access control processor for XML documents. Comput. Netw. 33, 59–75 (2000)
Damiani, E., Fansi, M., Gabillon, A., Marrara, S.: A general approach to securely querying XML. Comput. Stand. Interfaces 30, 379–389 (2008)
Dolin, R.H., Alschuler, L., Boyer, S., Beebe, C., Behlen, F.M., Biron, P.V., Shvo, A.S.: HL7 clinical document architecture, release 2. J. Am. Med. Inform. Assoc. 13, 30–39 (2006)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inform. Syst. Secur. 4, 224–274 (2001)
Ferranti, J.M., Musser, R.C., Kawamoto, K., Hammond, W.: The clinical document architecture and the continuity of care record: A critical analysis. J. Am. Med. Inform. Assoc. 13, 245–252 (2006)
Fowler, M.: UML distilled: a brief guide to the standard object modeling language. Addison-Wesley Professional, Boston (2004)
Guideline, M.: Model minimum uniform crash criteria. 811, 631 (2012)
Klyne, G., Carroll, J.J., McBride, B.: Resource description framework (RDF): Concepts and abstract syntax. 10 (2004)
Lee, M., Kim, H., Kim, J., Lee, J.: StarUML 5.0 developer guide’ (2005)
McGuinness, D.L., Van Harmelen, F.: OWL web ontology language overview. 10, 10 (2004)
Merkow, M.: cXML: a new taxonomy for E-commerce (1999)
Moore, B., Dean, D., Gerber, A., Wagenknecht, G., Vanderheyden, P.: Eclipse development. 379 (2004)
OFX, Open Financial Exchange Specification
Ogle, J.H., Alluri, P., Sarasua, W.: MMUCC and MIRE: the role of segmentation in safety analysis (2011)
Pavlich-Mariscal, J., Michel, L., Demurjian, S.: Enhancing UML to model custom security aspects (2007)
Pavlich-Mariscal, Jaime A., Michel, Laurent, Demurjian, Steven A.: A formal enforcement framework for role-based access control using aspect-oriented programming. In: Briand, Lionel C., Williams, Clay (eds.) MoDELS 2005. LNCS, vol. 3713, pp. 537–552. Springer, Heidelberg (2005)
Pavlich-Mariscal, J.A., Demurjian, S.A., Michel, L.D.: A framework for security assurance of access control enforcement code. Comput. Secur. 29, 770–784 (2010)
Poernomo, I.: The meta-object facility typed, pp. 1845–1849 (2006)
Ramirez, A., Vanpeperstraete, P., Rueckert, A., Odutola, K., Bennett, J., Tolke, L., van der Wulp, M.: ArgoUML user manual: a tutorial and reference description (2003)
Randolph, N., Gardner, D., Anderson, C., Minutillo, M.: Professional Visual Studio 2010. Wiley, Hoboken (2010)
Sandhu, R.S.: Lattice-based access control models. Computer 26, 9–19 (1993)
Sandhu, R.S., Samarati, P.: Access control: principle and practice. IEEE Commun. Mag. 32, 40–48 (1994)
Warmer, J.B., Kleppe, A.G.: The object constraint language: Precise modeling with uml (addison-wesley object technology series) (1998)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
De la Rosa Algarín, A., Demurjian, S.A. (2016). Extending the UML Standards to Model Tree-Structured Data and Their Access Control Requirements. In: Chen, L., McGrew, D., Mitchell, C. (eds) Security Standardisation Research. SSR 2016. Lecture Notes in Computer Science(), vol 10074. Springer, Cham. https://doi.org/10.1007/978-3-319-49100-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-49100-4_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49099-1
Online ISBN: 978-3-319-49100-4
eBook Packages: Computer ScienceComputer Science (R0)