Abstract
Access control is one of the most efficient ways to restrict resource access violations. However, in software development process, programs may not be fully complied with access policies represented in specifications. In this paper, we present an approach to verify the access policies compliance between a SecureUML model and its software program. We extract access control rules specified in SecureUML model, analyze source code of its program and propose an algorithm to check the compliance between two paradigms. Our approach can help programmers to detect some resource access violations and to improve the quality of software systems.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mead, N.R., Allen, J.H., Barnum, S., Ellison, R.J., McGraw, G.: Software Security Engineering: A Guide for Project Managers. Addison-Wesley Professional (2004)
Ferraiolo, D., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control. Artech House (2003)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-based modeling language for model-driven security. In: International Conference on the Unified Modeling Language, pp. 426–441. Springer (2002)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 224–274 (2001)
Sandhu, R.S., Coynek, E.J., Feinsteink, H.L., Youmank, C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)
Basin, D., Doser, J., Lodderstedt, T.: Model driven security: from UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol. (TOSEM) 15(1), 39–91 (2006)
Matulevičius, R., Dumas, M.: A comparison of secureUML and UMLsec for rolebased access control. In: Proceedings of the 9th Conference on Databases and Information Systems, pp. 171–185 (2010)
Boadu, E.O., Armah, G.K.: Role-based access control (RBAC) based in hospital management. Int. J. Softw. Eng. Knowl. Eng. 3, 53–67 (2014)
Fisler, K., Krishnamurthi, S., Meyerovich, L.A., Tschantz, M.C.: Verification and change-impact analysis of access-control policies. In: Proceedings of the 27th International Conference on Software Engineering, pp. 196–205. ACM (2005)
Clarke, E., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pp. 168–176. Springer (2004)
Qamar, N., Ledru, Y., Idani, A.: Validation of security-design models using z. In: International Conference on Formal Engineering Methods, pp. 259–274. Springer (2011)
Qamar, N., Faber, J., Ledru, Y., Liu, Z.: Automated reviewing of healthcare security policies. In: International Symposium on Foundations of Health Informatics Engineering and Systems, pp. 176–193. Springer (2012)
Gunter, T.D., Terry, N.P.: The emergence of national electronic health record architectures in the United States and Australia: models, costs, and questions. J. Med. Internet Res. 7(1), e3 (2005)
Kierkegaard, P.: Electronic health record: wiring Europes healthcare. Comput. Law Secur. Rev. 27(5), 503–515 (2011)
M. University: Soot: a Java optimization framework. https://www.sable.mcgill.ca/soot/index.html (2012)
Acknowledgements
This research is funded by Vietnam National Foundation for Science and Technology Development (NAFOSTED) under grant number 102.03-2014.40.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Below is source code snippets of the sample program.
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Luong, TN., To, VK., Truong, NT. (2017). Checking Compliance of Program with SecureUML Model. In: Król, D., Nguyen, N., Shirai, K. (eds) Advanced Topics in Intelligent Information and Database Systems. ACIIDS 2017. Studies in Computational Intelligence, vol 710. Springer, Cham. https://doi.org/10.1007/978-3-319-56660-3_42
Download citation
DOI: https://doi.org/10.1007/978-3-319-56660-3_42
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-56659-7
Online ISBN: 978-3-319-56660-3
eBook Packages: EngineeringEngineering (R0)