Skip to main content
SpringerLink
Log in

Extending OCL for Secure Database Development

  • Conference paper
«UML» 2004 — The Unified Modeling Language. Modeling Languages and Applications (UML 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3273))

Included in the following conference series:

Abstract

The Model Driven Architecture (MDA) is becoming an important aspect of software development, since it considers languages and models that can represent an information system at different abstraction levels, and makes it possible a coherent transformation of the system from the domain context into the machine context. In this paper, we present the Object Security Constraint Language V.2. (OSCL2), which is based on the well-known Object Constraint Language V.2. (OCL) of the Unified Modeling Language (UML), and which needs an extension of the UML metamodel. This language is defined to be used in secure database development process, incorporating security information and constraints in a Platform Independent Model (UML class model). This security information and constraints are then translated into a Platform Specific Model (multilevel relational model). Finally, they are implemented in a particular Database Management System (DBMS), such as Oracle9i Label Security. These transformations can be done automatically or semi-automatically using OSCL2 compilers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Booch, G., Rumbaugh, J., Jacobson, I.: The Unified Modeling Language, User Guide. Addison-Wesley, Redwood city (1999)

    Google Scholar 

  2. Charpentier, R., Salois, M.: Security Modelling for C2IS in UML/OCL. In: 8th ICCRTS, Washington DC (2003)

    Google Scholar 

  3. Chung, L., Nixon, B., Yu, E., Mylopoulos, J.: Non-functional requirements in software engineering. Kluwer Academic Publishers, Dordrecht (2000)

    Book  MATH  Google Scholar 

  4. Conallen, J.: Building Web Applications with UML. Object Technology Series. Addison-Wesley, Reading (2000)

    Google Scholar 

  5. Cook, S., Kleppe, A., Mitchell, R., Rumpe, B., Warmer, J., Wills, A.: The Amsterdam Manifesto on OCL. In: Clark, T., Warmer, J. (eds.) Object Modeling with the OCL, pp. 115–149. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  6. Cota, S.: For Certain Eyes Only. DB2 Magazine 9(1), 40–45 (2004)

    Google Scholar 

  7. Database, D.U.: DB2 UDB for Z/OS v.8 (2004)

    Google Scholar 

  8. Demuth, B., Hussmann, H.: Using UML/OCL Constraints for Relational Database Design. In: France, R.B., Rumpe, B. (eds.) UML 1999. LNCS, vol. 1723, pp. 598–613. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  9. Devanbu, P., Stubblebine, S.: Software engineering for security: a roadmap. In: Finkelstein, A. (ed.) The Future of Software Engineering, pp. 227–239. ACM Press, New York (2000)

    Google Scholar 

  10. Dhillon, G., Backhouse, J.: Information system security management in the new millennium. Communications of the ACM 43(7), 125–128 (2000)

    Article  Google Scholar 

  11. Fernandez, E.B., Pan, R.Y.: A pattern language for security models. In: 8th Conference on Patterns Languages of Programs (PLOP 2001), Illinois, USA (2001)

    Google Scholar 

  12. Fernández-Medina, E., Piattini, M.: Designing Secure Database for OLS. In: Mařík, V., Štěpánková, O., Retschitzegger, W. (eds.) DEXA 2003. LNCS, vol. 2736, pp. 886–895. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  13. Ferrari, E., Thuraisingham, B.: Secure Database Systems. In: Piattini, M., Díaz, O. (eds.) Advanced Databases: Technology Design, Artech House, London (2000)

    Google Scholar 

  14. Flake, S., Mueller, W.: An OCL Extension for Real-Time Constraints. In: Clark, A., Warmer, J. (eds.) Object Modeling with the OCL. LNCS, vol. 2263, pp. 150–171. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  15. Gogolla, M., Henderson-Sellers, B.: Analysis of UML Stereotypes within the UML Metamodel. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 84. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  16. Hall, A., Chapman, R.: Correctness by Construction: Developing a Commercial Secure System. IEEE Software 19(1), 18–25 (2002)

    Article  Google Scholar 

  17. Hamie, A., Mitchell, R., Howse, J.: Time-Based Constraints in the Object Constraint Language (1999)

    Google Scholar 

  18. Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  19. Kleppe, A., Warmer, J.: Extending OCL to Include Actions. In: Evans, A., Kent, S., Selic, B. (eds.) UML 2002. LNCS, vol. 2460, pp. 440–450. Springer, Heidelberg (2000)

    Google Scholar 

  20. Kleppe, A., Warmer, J.: The Semantics of the OCL Action Clause. In: Clark, A., Warmer, J. (eds.) Object Modeling with the OCL. LNCS, vol. 2263, pp. 213–227. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  21. Kleppe, A., Warmer, J., Bast, W.: MDA Explained; The Model Driven Architecture: Practice and Promise. Addison-Wesley, Reading (2003)

    Google Scholar 

  22. Levinger, J.: Oracle label security. Administrator’s guide. Release 2 (9.2) (2002), http://www.csis.gvsu.edu/GeneralInfo/Oracle/network.920/a96578.pdf

  23. Marks, D., Sell, P., Thuraisingham, B.: MOMT: A multi-level object modeling tech-nique for designing secure database applications. Journal of Object-Oriented Programming 9(4), 22–29 (1996)

    Google Scholar 

  24. Nunes, I.: An OCL Extension for Low-coupling Preserving Contracts. In: Stevens, P., Whittle, J., Booch, G. (eds.) UML 2003. LNCS, vol. 2863, pp. 310–324. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  25. Piattini, M., Fernández-Medina, E.: Specification of Security Constraint in UML. In: 35th Annual 2001 IEEE International Carnahan Conference on Security Technology (ICCST 2001), London, Great Britain (2001)

    Google Scholar 

  26. Samarati, P., De Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) Foundations of Security Analysis and Design, pp. 137–196. Springer, Bertinoro (2000)

    Google Scholar 

  27. Smith, G.W.: Modeling security-relevant data semantics. IEEE Transactions on Software Engineering 17(11), 1195–1203 (1991)

    Article  Google Scholar 

  28. Warmer, J., Kleppe, A.: The object constraint language. Addison-Wesley, Massachusetts (1998)

    Google Scholar 

  29. Warmer, J., Kleppe, A.: The Object Constraint Language, 2nd edn. Getting Your Models Ready for MDA. Addison Wesley, Reading (2003)

    Google Scholar 

  30. Ziemann, P., Gogolla, M.: OCL Extended with Temporal Logic. In: Perspectives of Sys-tems Informatics, 5th International Andrei Ershov Memorial Conference. LNCS, Springer, Akadem-gorodok (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Escuela Superior de Informática, Universidad de Castilla-La Mancha, Paseo de la Universidad, 4, 13071, Ciudad Real, Spain

    Eduardo Fernández-Medina & Mario Piattini

Authors
  1. Eduardo Fernández-Medina
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mario Piattini
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. École Polytechnique Fédérale de Lausanne (EPFL), School of Computer and Communication Sciences, CH-1015, Lausanne, Switzerland

    Thomas Baar  & Alfred Strohmeier  & 

  2. Universidade Nova de Lisboa, Portugal

    Ana Moreira

  3. Accelerated Technology, 739 N. University Blvd., Mobile, AL 36608, U.S.A

    Stephen J. Mellor

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Fernández-Medina, E., Piattini, M. (2004). Extending OCL for Secure Database Development. In: Baar, T., Strohmeier, A., Moreira, A., Mellor, S.J. (eds) «UML» 2004 — The Unified Modeling Language. Modeling Languages and Applications. UML 2004. Lecture Notes in Computer Science, vol 3273. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30187-5_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30187-5_27

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23307-7

  • Online ISBN: 978-3-540-30187-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation