Abstract
In this paper we present a novel approach for the specification of user rights in the context of an object oriented use case driven development process. Basically, we extend the specification of methods by a permission section describing the right of some actor to call the method of an object. Our approach is both role based and context based while allowing for permissions to be specified at a fine-grained data-dependent level. We use first-order logic with a built-in notion of objects and classes (provided with an algebraic semantics) as our syntactic and semantic framework. In the second part of the paper, we demonstrate the application of this approach in a model-based context to generate permissions in distributed peer-to-peer networks.
Similar content being viewed by others
References
Alam, M., Breu, R., Hafner, M.: Modeling authorization in a SOA based application scenario. IASTED Software Engineering ISBN: 0-88986-572-8 (2006)
Alam, M., Breu, R., Hafner, M.: Modeling permissions in a (U/X)ML world. IEEE ARES ISBN: 0-7695-2567-9 (2006)
Alam M., Hafner M., Breu R. and Unterthiner S. (2006). A Framework for Modeling Restricted Delegation in a Service Oriented Architecture. TrustBus 2006, LNCS 4083. Springer, Berlin
Breu R. (2001). Objektorientierter Softwareentwurf – Integration mit UML. Springer, Berlin
Fernandez, E.B., Hawkins, J.C.: Determining role rights from use cases. In: Workshop on Role-Based Access Control, pp. 121–125. ACM (1997)
Ferraiolo, D.F., Chandramouli, R., Kuhn, R.D.: Role-Based Access Control. Artech House Publishers, 1st edn. (2003)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Richard Kuhn, D., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. In: ACM Transactions on Information and System Security, number 3, pp. 224–274. ACM, August 2001. http://csrc.nist.gov/rbac/rbacSTD-ACM.pdf
Hafner, M., Breu, R., Breu, M.: A security architecture for inter-organizational workflows—putting web service security standards together. In: Chen, C.S. et al. (eds.) Proc. ICEIS 2005, INSTICC 2005, ISBN 972-8865-19-8 (2005)
Hafner. M., Breu, R., Breu, M., Nowak, A.: Modeling inter- organizational workflow security in a peer-to-peer environment. In: Bilof, R. (ed.) Proceedings of the 2005 IEEE International Conference on Web Services, ICWS 2005, Orlando, USA, 11–15 July, 2005, IEEE Conference Publishing Servcies, ISBN 0-7695-2409-5 (2005)
Höhn, S., Jürjens, J.: Automated Checking of SAP Security Permissions. In: Proceedings of the 6th IFIP WG 11.5 Working Conference on Integrity and Internal Control in Information Systems (IICIS), Nov. 13–15, 2003, Lausanne, Switzerland. Kluwer, Dordrecht (2003)
Jürjens, J.: Secure Systems Development with UML. ISBN: 3540007016
Jacobson I., Booch G. and Rumbaugh J. (1999). The Unified Software Development Process. Addison-Wesley Longman, Inc., Reading
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-based Modeling Language for Model-Driven Security. In: Proceedings LNCS 2460, pp. 426–441. Springer, Berlin (2002)
Schumacher, M.: Security Engineering with Patterns. LNCS 2754 ISBN: 3-540-40731-6 (2003)
Uml 2.0 ocl specification, available at. http://www.omg.org/docs/ptc/03-10-14.pdf
OMG. Unified Modeling Language Specification – Version 2, October 2004
Parr, T., Quong, R.: Antlr: A predicatedll (k) parser generator (1995)
PRIMA Architecture. http://computing.fnal.gov/docs/products/voprivilege/prima/prima_documentation/jogc-prima-july2004. pdf
Breu, R., Breu, M., Hafner, M., Nowak, A.: Web service engineering—advancing a new software engineering discipline. In: Lowe, D., Gaedke, M. (eds.) Web Engineering, 5th International Conference, ICWE 2005, Sydney, Australia, July 27–29, 2005, Proceedings. Lecture Notes in Computer Science 3579 Springer 2005, ISBN 3-540-27996-2 (2005)
SAML 2.0 Specification. http://www.oasis-open.org/~committees/tc_home.php?wg_abbrev=security
Sandhu, R.S.: Role hierarchies and constraints for lattice-based access controls. In: Proceedings of the European Symposium on Research in Security and Privacy (1996)
Seitz, L., Rissanen, E., Sandholm, T., Firozabadi, B.S., Mulmo, O.: Policy Administration Control and Delegation using XACML and Delegent. In: Grid 2005—6th IEEE/ACM International Workshop on Grid Computing November 13–14, 2005, Seattle, , USA
IBM Business Consulting Services.: SAP Berechtigungswesen, Design und Realisierung von Berechtigungskonzepten fnr SAP R/3 und SAP Enterprise Portal. SAP Press (2003) (in German)
Shiboleth Architecture. http://shibboleth.internet2.edu/docs/draft-erdos-shibboleth-architecture-01.pdf
Warmer J. and Kleppe A.G. (1999). The Object Constraint Language – Precise Modeling with UML 1st edition. Addison, Wesley Longman Inc., Reading
WSDL First, July 22, 2003. http://webservices.xml.com/pub/a/ws/2003/07/22/wsdlfirst.html
XACML 2.0 Specification Set. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
Zhang, N., Ryan, M., Guelev, D.P.: Synthesising verified access control systems in xacml. In: FMSE ’04: Proceedings of the 2004 ACM workshop on Formal methods in security engineering, pp. 56–65, New York, NY, USA, 2004. ACM Press, New York
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Breu, R., Popp, G. & Alam, M. Model based development of access policies. Int J Softw Tools Technol Transf 9, 457–470 (2007). https://doi.org/10.1007/s10009-007-0045-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10009-007-0045-y