基于角色访问控制模型约束的OCL描述

基于角色的访问控制模型(RBAC)凭借其灵活的授权机制、强大的管理功能和完善的安全策略越来越引起人们的研究兴趣,随着研究的不断深入,面向对象的研究方法也逐渐应用到这个模型中,促进了它的迅速发展。UML作为一种强大的建模语言,不只是局限于支持面向对象的分析与设计,还支持从需求分析开始的软件开发的全过程,通过UML的描述可以使理论模型更加直观地应用到实际系统开发。该文使用UML的对象约束语言(OCL)来描述RBAC中的相关约束,使约束描述更加标准化,更有利于系统开发人员对模型的理解和促进RBAC模型的系统开发。     

基于角色访问控制技术的UML表示

基于角色的访问控制（ＲＢＡＣ）技术随着网络的迅速发展而发展,在ＲＢＡＣ中,角色是重要概念,它根据用户在组织内所处的角色进行访问授权与控制,通过角色沟通主体与客体。该文提出了用可视化标准建模语言ＵＭＬ的类图、用例图和交互图（合作图、顺序图）来描述了 ＲＢＡＣ的相关概念。有效地帮助系统开发人员理解ＲＢＡＣ模型和建立基于角色的系统。     

基于RBAC模型的安全访问机制建模研究

基于角色访问控制（RBAC）是一种方便、安全、高效的访问控制机制。介绍了软件系统安全控制策略,分析了RBAC的基本思想和用户角色分配的基本方法,提出了基于面向对象的RBAC建模思想,并用标准建模语言UML的交互图描述RBAC的授权流程,从而使系统开发人员有效理解RBAC模型并建立基于角色的系统。文中还给出了在数据备份系统中运用RBAC实现用户权限管理应用模型的实例。     

对象式基于角色访问控制模型的规范化描述

访问控制在大型复杂的多用户分布式系统中是一个极其重要且错综复杂的部分．目前基于角色访问控制成为主流的安全机制，对象技术作为处理复杂性的有效方法．大型系统的设计亟需一个对象式的、规范化的访问控制模型，以支持系统安全性设计，使众多用户可安全高效地履行其职责．已有的访问控制模型多为非规范的非对象式的．本文采用统一建模语言UML建立一个基于角色访问控制的对象式规范化模型．该模型结构简洁，且提供具有一致性、可推理的约束规范，以支持大型复杂系统的访问控制设计．     

数据备份系统中基于角色访问控制模型的研究

基于角色访问控制(RBAC)是一种方便、安全、高效的访问控制机制。文中分析了RBAC的基本思想和模型，然后介绍了用户角色分配和角色许可分配的基本方法，最后提出了在数据备份系统中运用RBAC实现用户权限管理的应用模型。并实现了标准建模语言UML的交互图描述RBAC的授权流程，从而使系统开发人员能深刻理解RBAC模型和建立基于角色的系统。     

Emerging OCL tools

The Object Constraint Language (OCL) is a notational language for analysis and design of software systems, which is used in conjunction with the Unified Modelling Language (UML) to specify the semantics of the building blocks precisely. OCL can also be used by other languages, notations, methods and software tools in order to specify restrictions and other expressions of their models. Likewise, OCL is used by the Object Management Group (OMG) in the definition of other fast spreading industrial standards such as Meta Object Facility (MOF) or XML Metadata Interchange (XMI).Support tools aimed at making this language easier to use are becoming available. These tools are capable of supporting and handling OCL expressions. This paper presents a comparative study of the main tools currently available, both commercial and freely available ones. The study is very practical, with the advantages and disadvantages of the different tools being pointed out. The evaluations made may be of use in helping those developers and analysts who already use the language, as well as those who intend to use it in the near future, to choose the OCL tool which best adapts to their requirements.     

An experimental investigation of formality in UML-based development

The object constraint language (OCL) was introduced as part of the Unified Modeling Language (UML). Its main purpose is to make UML models more precise and unambiguous by providing a constraint language describing constraints that the UML diagrams alone do not convey, including class invariants, operation contracts, and statechart guard conditions. There is an ongoing debate regarding the usefulness of using OCL in UML-based development, questioning whether the additional effort and formality is worth the benefit. It is argued that natural language may be sufficient, and using OCL may not bring any tangible benefits. This debate is in fact similar to the discussion about the effectiveness of formal methods in software engineering, but in a much more specific context. This paper presents the results of two controlled experiments that investigate the impact of using OCL on three software engineering activities using UML analysis models: detection of model defects through inspections, comprehension of the system logic and functionality, and impact analysis of changes. The results show that, once past an initial learning curve, significant benefits can be obtained by using OCL in combination with UML analysis diagrams to form a precise UML analysis model. But, this result is however conditioned on providing substantial, thorough training to the experiment participants.     

On OCL-based imperative languages

The Object Constraint Language (OCL) is a well-accepted ingredient in model-driven engineering and accompanying modeling languages such as UML (Unified Modeling Language) and EMF (Eclipse Modeling Framework) that support object-oriented software development. Among various possibilities, OCL offers the formulation of class invariants and operation contracts in form of pre- and postconditions, and side-effect free query operations. Much research has been done on OCL and various mature implementations are available for it. OCL is also used as the foundation for several modeling-specific programming and transformation languages. However, an intrusive way of embedding OCL into these language hampers us when we want to benefit from the existing achievements for OCL. In response to this shortcoming, we propose the language SOIL (Simple OCL-like Imperative Language), which we implemented in the UML and OCL modeling tool USE to amend its declarative model validation features. The expression sub-language of SOIL is identical to OCL. SOIL adds imperative constructs for programming in the domain of models. Thus by employing OCL and SOIL, it is possible to describe any operation in a declarative way and in an operational way on the modeling level without going into the details of a conventional programming language. In contrast to other similar approaches, the embedding of OCL into SOIL is done in a careful, non-intrusive way so that purity of OCL is preserved.     

Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL

ContextRole-based access control (RBAC) has become the de facto standard for access management in various large-scale organizations. Often role-based policies must implement organizational rules to satisfy compliance or authorization requirements, e.g., the principle of separation of duty (SoD). To provide business continuity, organizations should also support the delegation of access rights and roles, respectively. This, however, makes access control more complex and error-prone, in particular, when delegation concepts interplay with SoD rules.ObjectiveA systematic way to specify and validate access control policies consisting of organizational rules such as SoD as well as delegation and revocation rules shall be developed. A domain-specific language for RBAC as well as delegation concepts shall be made available.MethodIn this paper, we present an approach to the precise specification and validation of role-based policies based on UML and OCL. We significantly extend our earlier work, which proposed a UML-based domain-specific language for RBAC, by supporting delegation and revocation concepts.ResultWe show the appropriateness of our approach by applying it to a banking application. In particular, we give three scenarios for validating the interplay between SoD rules and delegation/revocation.ConclusionTo the best of our knowledge, this is the first attempt to formalize advanced RBAC concepts, such as history-based SoD as well as various delegation and revocation schemes, with UML and OCL. With the rich tool support of UML, we believe our work can be employed to validate and implement real-world role-based policies.     

Modeling process-related RBAC models with extended UML activity models

Context

Business processes are an important source for the engineering of customized software systems and are constantly gaining attention in the area of software engineering as well as in the area of information and system security. While the need to integrate processes and role-based access control (RBAC) models has been repeatedly identified in research and practice, standard process modeling languages do not provide corresponding language elements.

Objective

In this paper, we are concerned with the definition of an integrated approach for modeling processes and process-related RBAC models - including roles, role hierarchies, statically and dynamically mutual exclusive tasks, as well as binding of duty constraints on tasks.

Method

We specify a formal metamodel for process-related RBAC models. Based on this formal model, we define a domain-specific extension for a standard modeling language.

Results

Our formal metamodel is generic and can be used to extend arbitrary process modeling languages. To demonstrate our approach, we present a corresponding extension for UML2 activity models. The name of our extension is Business Activities. Moreover, we implemented a library and runtime engine that can manage Business Activity runtime models and enforce the different policies and constraints in a software system.

Conclusion

The definition of process-related RBAC models at the modeling-level is an important prerequisite for the thorough implementation and enforcement of corresponding policies and constraints in a software system. We identified the need for modeling support of process-related RBAC models from our experience in real-world role engineering projects and case studies. The Business Activities approach presented in this paper is successfully applied in role engineering projects.     

On challenges of model transformation from UML to Alloy

The Unified Modeling Language (UML) is the de facto language used in the industry for software specifications. Once an application has been specified, Model Driven Architecture (MDA) techniques can be applied to generate code from such specifications. Since implementing a system based on a faulty design requires additional cost and effort, it is important to analyse the UML models at earlier stages of the software development lifecycle. This paper focuses on utilizing MDA techniques to deal with the analysis of UML models and identify design faults within a specification. Specifically, we show how UML models can be automatically transformed into Alloy which, in turn, can be automatically analysed by the Alloy Analyzer. The proposed approach relies on MDA techniques to transform UML models to Alloy. This paper reports on the challenges of the model transformation from UML class diagrams and OCL to Alloy. Those issues are caused by fundamental differences in the design philosophy of UML and Alloy. To facilitate better the representation of Alloy concepts in the UML, the paper draws on the lessons learnt and presents a UML profile for Alloy.     

Empirically evaluating OCL and Java for specifying constraints on UML models

The Object Constraint Language (OCL) has been applied, along with UML models, for various purposes such as supporting model-based testing, code generation, and automated consistency checking of UML models. However, a lot of challenges have been raised in the literature regarding its applicability in industry such as extensive training, slow learning curve, and significant effort to use OCL due to lack of familiarity of practitioners. To confirm these challenges, empirical evidence is needed, which is severely lacking in the literature. To build such preliminary evidence, we report a controlled experiment that was designed to evaluate OCL by comparing it with Java; a programming language that has also been used to specify constraints on UML models. Results show that the participants using OCL perform as good as the participants working with Java in terms of three objective quality metrics (i.e., completeness, conformance and redundancy) and two subjective metrics (i.e., applicability and confidence level). In addition, the participants using OCL performed consistently well for all the constraints of varying complexity, while fluctuating results were obtained for the participants using Java for the same constraints. Based on the empirical evidence, we can conclude that it does not make much difference to use OCL or Java for specifying constraints on UML models. However, the participants working with OCL performed consistently well on specifying constraints of varying complexity suggesting that OCL can be used to model complicated constraints (commonly observed in industrial applications) with the same quality as for simpler constraints. Moreover, additional analyses on the constraints when using Java and OCL tools revealed that tools are needed to specify fully correct constraints that can be used to support automation.     

基于角色的访问控制模型及其面向对象的建模

访问控制是信息安全的一个研究方向，基于角色的访问控制(RBAC)是目前理论研究和应用研究比较广泛的一种模型。详细介绍了RBAC96模型家族的特征和它所遵循的安全准则，并引入面向对象的思想，采用统一建模语言(UML)对RBAC96进行了静态和动态建模，这样就缩短了理论模型和实际系统开发之间的差距，有助于信息系统安全的面向对象的分析与设计。     

基于EMF和OCL的MDA软件工程方法研究

随着基于模型的软件工程方法的兴起，模型逐渐地变为软件工程中的重要元素，介绍了OMG规范MOF、XMI和OCL及在Eclipse软件工程环境下的相关实现EMF，说明了统一建模语言UML的使用方式和存在的问题，介绍了如何用EMF和OCL来设计建模语言，比较了基于EMF的建模语言和基于EBNF的计算机语言之间的区别与联系，给出了结合模板和OCL的模型转换方法，通过把UML类模型转换到O／R映射框架说明了此方法的有效性，分析了MDA软件工程方法的重用机制。     

基于角色访问控制模型及其在操作系统中的实现

Since Role-based access control shows great advantage in meeting the security need in large-scale, enter-prise-wide system, RBAC becomes the hot topic in access control research area. Researchers have proposed several RBAC models, which include the famous RBAC96 model. However, these frameworks are sometimes hard for sys-tem developers to underst and because the models defined are too abstract or focus on application-oriented solutions.In this paper, a new model (OSRBAC) is discussed, which is the improved model to RBAC3 model in RBAC96 modelfamily. Compared with RBAC3 model, OSRBAC model is more concrete and easilier to understand. At the end, this paper describes the implementation of OSRBAC model in RedFlag Secure Operating System(RFSOS).     

A transformation contract to generate aspects from access control policies

Access control is an important security issue. It has been addressed since the late 1960s in the early time-sharing computer systems. Many access control models have been proposed since than but of particular interest is Ferraiolo and Khun’s role-based access control model (RBAC). It is a simple and yet general model which has been deeply studied and applied both in industry and in academia. A variety of industrial standards have been proposed based on this model. Generating code for an access control policy is an interesting challenge. Understanding access control as a non-functional concern that cross-cuts the functional part of a system raises difficulties quite suitable for a solution based on aspect-oriented programming. In this paper, we address the problems of specification and validation of code generation for access control policies targeting an aspect-based infra-structure. We propose an MDA approach. The code generator is a transformation from SecureUML, an RBAC-based modeling language, to the language Aspects for Access Control (AAC), an aspect-oriented modeling language proposed in this paper. Metamodels are used to represent the languages and to specify the transformation. A metamodel is used to represent the abstract syntax of a language and the constraints that a given instance model of the metamodel must fulfill. We also use a metamodel to specify the code generator. This transformation metamodel, together with all the constraints, that is, from both languages and those constraints regarding the merge of the two languages, we call a transformation contract. It merges and conservatively extends the source and target metamodels of the model transformation it represents. In the context of code-generation for access control policies, the transformation contract specifies the relationships between the abstract syntaxes of SecureUML and AAC and constrains the two languages. The validation of the code generator also uses the transformation contract. For a given access control policy and aspect, represented as instances of the appropriate metamodels, with aspects produced by the code generator, the constraints of the transformation contract must hold. We have prototyped a transformer from SecureUML to aspects on top of ITP/OCL, an OCL interpreter that automatically validates the generated aspect code by applying the constraints of the transformation contract.     

基于UML的软件体系结构建模方法的研究

软件体系结构是软件工程中的一个重要领域。对软件体系结构的分析和设计已成为决定软件系统（特别是大型软件系统）成功的重要因素。体系结构描述语言ADL能以一种比较直接、精确的方式来描述软件体系结构,但它很难与主流开发方式集成。UML是一种应用广泛的对象建模语言,已被工业界广泛接受。本文介绍了一种UML与ADL集成的方法,对软件系统的开发具有较大的实用价值。     

基于UML的通信指挥训练系统需求分析

UML是一个通过可视化的图形符号，用来对软件系统进行定义、图形化、构造和文档化的建模语言。本文通过对UML建模概念和特点的简要介绍，结合通信指挥训练系统的需求分析及业务流程模式，给出了基于UML的系统需求模型，从而为通信指挥训练系统的开发奠定基础。     

基于UML和模型检测的安全模型验证方法

安全策略的形式化分析与验证随着安全操作系统研究的不断深入已成为当前的研究热点之一.文中在总结前人工作的基础上,首次提出一种基于UML和模型检测器的安全模型验证方法.该方法采用UML将安全策略模型描述为状态机图和类图,然后利用转换工具将UML图转化为模型检测器的输入语言,最后由模型检测器来验证安全模型对于安全需求的满足性.作者使用该方法验证了DBLP和SLCF模型对机密性原则的违反.