Specification and Validation of Authorisation Constraints Using UML and OCL

Karsten Sohr, Gail-Joon Ahn, Martin Gogolla and Lars Migge

View Related Documents

Book Chapter
Verifying BPEL Workflows Under Authorisation Constraints
Zhao Xiangpeng, Antonio Cerone and Padmanabhan Krishnan
Lecture Notes in Computer Science, 2006, Volume 4102, Business Process Management, Pages 439-444
- Download PDF (319.8 KB)
Book Chapter
A Verifiable Formal Specification for RBAC Model with Constraints of Separation of Duty
Chunyang Yuan, Yeping He, Jianbo He and Zhouyi Zhou
Lecture Notes in Computer Science, 2006, Volume 4318, Information Security and Cryptology, Pages 196-210
- Download PDF (578.7 KB)
Book Chapter
OCL: Syntax, Semantics, and Tools
Mark Richters and Martin Gogolla
Lecture Notes in Computer Science, 2002, Volume 2263, Object Modeling with the OCL, Pages 447-450
- Download PDF (341.0 KB)
Book Chapter
BPEL4RBAC: An Authorisation Specification for WS-BPEL
Xin Wang, Yanchun Zhang, Hao Shi and Jian Yang
Lecture Notes in Computer Science, 2008, Volume 5175, Web Information Systems Engineering - WISE 2008, Pages 381-395
- Download PDF (493.8 KB)
Book Chapter
Role Activation Management in Role Based Access Control
Richard W. C. Lui, Sherman S. M. Chow, Lucas C. K. Hui and S. M. Yiu
Lecture Notes in Computer Science, 2005, Volume 3574, Information Security and Privacy, Pages 358-369
- Download PDF (201.9 KB)
Journal Article
A transformation contract to generate aspects from access control policies
Christiano Braga
Software and Systems Modeling, 2011, Volume 10, Number 3, Pages 395-409
- Download PDF (457.1 KB)
Book Chapter
Towards a Secure Service Coordination
Thi-Huong-Giang Vu
Lecture Notes in Computer Science, 2006, Volume 4254, Current Trends in Database Technology – EDBT 2006, Pages 105-114
- Download PDF (284.6 KB)
Book Chapter
Role-Based Modelling of Interactions in Database Applications
Milivoje Petrovic, Michael Grossniklaus and Moira C. Norrie
Lecture Notes in Computer Science, 2006, Volume 4001, Advanced Information Systems Engineering, Pages 63-77
- Download PDF (407.2 KB)
Book Chapter
Taking into Account Functional Models in the Validation of IS Security Policies
Yves Ledru, Akram Idani, Jérémy Milhau, Nafees Qamar and Régine Laleau, et al.
Lecture Notes in Business Information Processing, 1, Volume 83, Advanced Information Systems Engineering Workshops, Part 10, Pages 592-606
- Download PDF (369.8 KB)
Book Chapter
Specifying Role-Based Access Constraints with Object Constraint Language
Hua Wang, Yanchun Zhang, Jinli Cao and Jian Yang
Lecture Notes in Computer Science, 2004, Volume 3007, Advanced Web Technologies and Applications, Pages 687-696
- Download PDF (138.1 KB)

Abstract

Authorisation constraints can help the policy architect design and express higher-level security policies for organisations such as financial institutes or governmental agencies. Although the importance of constraints has been addressed in the literature, there does not exist a systematic way to validate and test authorisation constraints. In this paper, we attempt to specify non-temporal constraints and history-based constraints in Object Constraint Language (OCL) which is a constraint specification language of Unified Modeling Language (UML) and describe how we can facilitate the USE tool to validate and test such policies. We also discuss the issues of identification of conflicting constraints and missing constraints.

Fulltext Preview

Image of the first page of the fulltext document

Frequently asked questions General info on journals and books Send us your feedback Impressum Contact us

SpringerLink

Specification and Validation of Authorisation Constraints Using UML and OCL

View Related Documents

Abstract

Fulltext Preview