Abstract
The Model Driven Architecture (MDA) is becoming an important aspect of software development, since it considers languages and models that can represent an information system at different abstraction levels, and makes it possible a coherent transformation of the system from the domain context into the machine context. In this paper, we present the Object Security Constraint Language V.2. (OSCL2), which is based on the well-known Object Constraint Language V.2. (OCL) of the Unified Modeling Language (UML), and which needs an extension of the UML metamodel. This language is defined to be used in secure database development process, incorporating security information and constraints in a Platform Independent Model (UML class model). This security information and constraints are then translated into a Platform Specific Model (multilevel relational model). Finally, they are implemented in a particular Database Management System (DBMS), such as Oracle9i Label Security. These transformations can be done automatically or semi-automatically using OSCL2 compilers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Booch, G., Rumbaugh, J., Jacobson, I.: The Unified Modeling Language, User Guide. Addison-Wesley, Redwood city (1999)
Charpentier, R., Salois, M.: Security Modelling for C2IS in UML/OCL. In: 8th ICCRTS, Washington DC (2003)
Chung, L., Nixon, B., Yu, E., Mylopoulos, J.: Non-functional requirements in software engineering. Kluwer Academic Publishers, Dordrecht (2000)
Conallen, J.: Building Web Applications with UML. Object Technology Series. Addison-Wesley, Reading (2000)
Cook, S., Kleppe, A., Mitchell, R., Rumpe, B., Warmer, J., Wills, A.: The Amsterdam Manifesto on OCL. In: Clark, T., Warmer, J. (eds.) Object Modeling with the OCL, pp. 115–149. Springer, Heidelberg (2002)
Cota, S.: For Certain Eyes Only. DB2 Magazine 9(1), 40–45 (2004)
Database, D.U.: DB2 UDB for Z/OS v.8 (2004)
Demuth, B., Hussmann, H.: Using UML/OCL Constraints for Relational Database Design. In: France, R.B., Rumpe, B. (eds.) UML 1999. LNCS, vol. 1723, pp. 598–613. Springer, Heidelberg (1999)
Devanbu, P., Stubblebine, S.: Software engineering for security: a roadmap. In: Finkelstein, A. (ed.) The Future of Software Engineering, pp. 227–239. ACM Press, New York (2000)
Dhillon, G., Backhouse, J.: Information system security management in the new millennium. Communications of the ACM 43(7), 125–128 (2000)
Fernandez, E.B., Pan, R.Y.: A pattern language for security models. In: 8th Conference on Patterns Languages of Programs (PLOP 2001), Illinois, USA (2001)
Fernández-Medina, E., Piattini, M.: Designing Secure Database for OLS. In: Mařík, V., Štěpánková, O., Retschitzegger, W. (eds.) DEXA 2003. LNCS, vol. 2736, pp. 886–895. Springer, Heidelberg (2003)
Ferrari, E., Thuraisingham, B.: Secure Database Systems. In: Piattini, M., Díaz, O. (eds.) Advanced Databases: Technology Design, Artech House, London (2000)
Flake, S., Mueller, W.: An OCL Extension for Real-Time Constraints. In: Clark, A., Warmer, J. (eds.) Object Modeling with the OCL. LNCS, vol. 2263, pp. 150–171. Springer, Heidelberg (2002)
Gogolla, M., Henderson-Sellers, B.: Analysis of UML Stereotypes within the UML Metamodel. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 84. Springer, Heidelberg (2002)
Hall, A., Chapman, R.: Correctness by Construction: Developing a Commercial Secure System. IEEE Software 19(1), 18–25 (2002)
Hamie, A., Mitchell, R., Howse, J.: Time-Based Constraints in the Object Constraint Language (1999)
Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)
Kleppe, A., Warmer, J.: Extending OCL to Include Actions. In: Evans, A., Kent, S., Selic, B. (eds.) UML 2002. LNCS, vol. 2460, pp. 440–450. Springer, Heidelberg (2000)
Kleppe, A., Warmer, J.: The Semantics of the OCL Action Clause. In: Clark, A., Warmer, J. (eds.) Object Modeling with the OCL. LNCS, vol. 2263, pp. 213–227. Springer, Heidelberg (2002)
Kleppe, A., Warmer, J., Bast, W.: MDA Explained; The Model Driven Architecture: Practice and Promise. Addison-Wesley, Reading (2003)
Levinger, J.: Oracle label security. Administrator’s guide. Release 2 (9.2) (2002), http://www.csis.gvsu.edu/GeneralInfo/Oracle/network.920/a96578.pdf
Marks, D., Sell, P., Thuraisingham, B.: MOMT: A multi-level object modeling tech-nique for designing secure database applications. Journal of Object-Oriented Programming 9(4), 22–29 (1996)
Nunes, I.: An OCL Extension for Low-coupling Preserving Contracts. In: Stevens, P., Whittle, J., Booch, G. (eds.) UML 2003. LNCS, vol. 2863, pp. 310–324. Springer, Heidelberg (2003)
Piattini, M., Fernández-Medina, E.: Specification of Security Constraint in UML. In: 35th Annual 2001 IEEE International Carnahan Conference on Security Technology (ICCST 2001), London, Great Britain (2001)
Samarati, P., De Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) Foundations of Security Analysis and Design, pp. 137–196. Springer, Bertinoro (2000)
Smith, G.W.: Modeling security-relevant data semantics. IEEE Transactions on Software Engineering 17(11), 1195–1203 (1991)
Warmer, J., Kleppe, A.: The object constraint language. Addison-Wesley, Massachusetts (1998)
Warmer, J., Kleppe, A.: The Object Constraint Language, 2nd edn. Getting Your Models Ready for MDA. Addison Wesley, Reading (2003)
Ziemann, P., Gogolla, M.: OCL Extended with Temporal Logic. In: Perspectives of Sys-tems Informatics, 5th International Andrei Ershov Memorial Conference. LNCS, Springer, Akadem-gorodok (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fernández-Medina, E., Piattini, M. (2004). Extending OCL for Secure Database Development. In: Baar, T., Strohmeier, A., Moreira, A., Mellor, S.J. (eds) «UML» 2004 — The Unified Modeling Language. Modeling Languages and Applications. UML 2004. Lecture Notes in Computer Science, vol 3273. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30187-5_27
Download citation
DOI: https://doi.org/10.1007/978-3-540-30187-5_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23307-7
Online ISBN: 978-3-540-30187-5
eBook Packages: Springer Book Archive