Skip to main content
SpringerLink
Log in

Model based development of access policies

  • Special section FASE'04/05
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

In this paper we present a novel approach for the specification of user rights in the context of an object oriented use case driven development process. Basically, we extend the specification of methods by a permission section describing the right of some actor to call the method of an object. Our approach is both role based and context based while allowing for permissions to be specified at a fine-grained data-dependent level. We use first-order logic with a built-in notion of objects and classes (provided with an algebraic semantics) as our syntactic and semantic framework. In the second part of the paper, we demonstrate the application of this approach in a model-based context to generate permissions in distributed peer-to-peer networks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Alam, M., Breu, R., Hafner, M.: Modeling authorization in a SOA based application scenario. IASTED Software Engineering ISBN: 0-88986-572-8 (2006)

  2. Alam, M., Breu, R., Hafner, M.: Modeling permissions in a (U/X)ML world. IEEE ARES ISBN: 0-7695-2567-9 (2006)

  3. Alam M., Hafner M., Breu R. and Unterthiner S. (2006). A Framework for Modeling Restricted Delegation in a Service Oriented Architecture. TrustBus 2006, LNCS 4083. Springer, Berlin

    Google Scholar 

  4. Breu R. (2001). Objektorientierter Softwareentwurf – Integration mit UML. Springer, Berlin

    MATH  Google Scholar 

  5. Fernandez, E.B., Hawkins, J.C.: Determining role rights from use cases. In: Workshop on Role-Based Access Control, pp. 121–125. ACM (1997)

  6. Ferraiolo, D.F., Chandramouli, R., Kuhn, R.D.: Role-Based Access Control. Artech House Publishers, 1st edn. (2003)

  7. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Richard Kuhn, D., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. In: ACM Transactions on Information and System Security, number 3, pp. 224–274. ACM, August 2001. http://csrc.nist.gov/rbac/rbacSTD-ACM.pdf

  8. Hafner, M., Breu, R., Breu, M.: A security architecture for inter-organizational workflows—putting web service security standards together. In: Chen, C.S. et al. (eds.) Proc. ICEIS 2005, INSTICC 2005, ISBN 972-8865-19-8 (2005)

  9. Hafner. M., Breu, R., Breu, M., Nowak, A.: Modeling inter- organizational workflow security in a peer-to-peer environment. In: Bilof, R. (ed.) Proceedings of the 2005 IEEE International Conference on Web Services, ICWS 2005, Orlando, USA, 11–15 July, 2005, IEEE Conference Publishing Servcies, ISBN 0-7695-2409-5 (2005)

  10. Höhn, S., Jürjens, J.: Automated Checking of SAP Security Permissions. In: Proceedings of the 6th IFIP WG 11.5 Working Conference on Integrity and Internal Control in Information Systems (IICIS), Nov. 13–15, 2003, Lausanne, Switzerland. Kluwer, Dordrecht (2003)

  11. Jürjens, J.: Secure Systems Development with UML. ISBN: 3540007016

  12. Jacobson I., Booch G. and Rumbaugh J. (1999). The Unified Software Development Process. Addison-Wesley Longman, Inc., Reading

    Google Scholar 

  13. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-based Modeling Language for Model-Driven Security. In: Proceedings LNCS 2460, pp. 426–441. Springer, Berlin (2002)

  14. Schumacher, M.: Security Engineering with Patterns. LNCS 2754 ISBN: 3-540-40731-6 (2003)

  15. Uml 2.0 ocl specification, available at. http://www.omg.org/docs/ptc/03-10-14.pdf

  16. OMG. Unified Modeling Language Specification – Version 2, October 2004

  17. Parr, T., Quong, R.: Antlr: A predicatedll (k) parser generator (1995)

  18. PRIMA Architecture. http://computing.fnal.gov/docs/products/voprivilege/prima/prima_documentation/jogc-prima-july2004. pdf

  19. Breu, R., Breu, M., Hafner, M., Nowak, A.: Web service engineering—advancing a new software engineering discipline. In: Lowe, D., Gaedke, M. (eds.) Web Engineering, 5th International Conference, ICWE 2005, Sydney, Australia, July 27–29, 2005, Proceedings. Lecture Notes in Computer Science 3579 Springer 2005, ISBN 3-540-27996-2 (2005)

  20. SAML 2.0 Specification. http://www.oasis-open.org/~committees/tc_home.php?wg_abbrev=security

  21. Sandhu, R.S.: Role hierarchies and constraints for lattice-based access controls. In: Proceedings of the European Symposium on Research in Security and Privacy (1996)

  22. Seitz, L., Rissanen, E., Sandholm, T., Firozabadi, B.S., Mulmo, O.: Policy Administration Control and Delegation using XACML and Delegent. In: Grid 2005—6th IEEE/ACM International Workshop on Grid Computing November 13–14, 2005, Seattle, , USA

  23. IBM Business Consulting Services.: SAP Berechtigungswesen, Design und Realisierung von Berechtigungskonzepten fnr SAP R/3 und SAP Enterprise Portal. SAP Press (2003) (in German)

  24. Shiboleth Architecture. http://shibboleth.internet2.edu/docs/draft-erdos-shibboleth-architecture-01.pdf

  25. Warmer J. and Kleppe A.G. (1999). The Object Constraint Language – Precise Modeling with UML 1st edition. Addison, Wesley Longman Inc., Reading

    Google Scholar 

  26. WSDL First, July 22, 2003. http://webservices.xml.com/pub/a/ws/2003/07/22/wsdlfirst.html

  27. XACML 2.0 Specification Set. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml

  28. Zhang, N., Ryan, M., Guelev, D.P.: Synthesising verified access control systems in xacml. In: FMSE ’04: Proceedings of the 2004 ACM workshop on Formal methods in security engineering, pp. 56–65, New York, NY, USA, 2004. ACM Press, New York

Download references

Author information

Authors and Affiliations

  1. Research Group “Quality Engineering”, Universität Innsbruck Institut für Informatik, 6020, Innsbruck, Austria

    Ruth Breu & Muhammad Alam

  2. Software and Systems Engineering, Technische Universität München Institut für Informatik, 85748, Garching b. Munich, Germany

    Gerhard Popp

Authors
  1. Ruth Breu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gerhard Popp
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Muhammad Alam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ruth Breu.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Breu, R., Popp, G. & Alam, M. Model based development of access policies. Int J Softw Tools Technol Transf 9, 457–470 (2007). https://doi.org/10.1007/s10009-007-0045-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-007-0045-y

Keywords

Search

Navigation