Automated analysis of security-design models |
| |
| Authors: | David Basin Manuel Clavel Jürgen Doser Marina Egea |
| |
| Affiliation: | 1. Information Security Group, ETH Zurich, Zürich, Switzerland;2. IMDEA Software Institute, Madrid, Spain;3. Computer Science Department, Universidad Complutense de Madrid, Madrid, Spain;1. ALARCOS Research Group, Information Systems and Technologies Department, University of Castilla-La Mancha, Paseo de la Universidad 4, 13071, Ciudad Real, Spain;2. Centre for Research in Computing, Department of Computing, The Open University, Milton Keynes, MK7 6AA, Great Britain;3. Department of Information Systems and Languages, University of Alicante, Apt. Correos 99., Alicante, Spain;4. Center for Secure Information Systems, George Mason University, Suit 417, Research I Bldg., 4400 University Drive. Fairfax, VA. USA;1. Institute for Infocomm Research, Agency for Science Technology and Research (A*STAR), Singapore 138632, Singapore;2. College of Computer Science, Sichuan University, Chengdu, China;1. Department of Physique, Faculty of Science, Abdelmalek Essaadi University, Tetouan, Morocco;2. Department of Electronics, Informatics and Telecommunications, École Nationale des Sciences Appliquées d’Oujda (ENSAO), University of Mohamed Premier, Oujda, Morocco |
| |
| Abstract: | We have previously proposed SecureUML, an expressive UML-based language for constructing security-design models, which are models that combine design specifications for distributed systems with specifications of their security policies. Here, we show how to automate the analysis of such models in a semantically precise and meaningful way. In our approach, models are formalized together with scenarios that represent possible run-time instances. Queries about properties of the security policy modeled are expressed as formulas in UML’s Object Constraint Language. The policy may include both declarative aspects, i.e., static access-control information such as the assignment of users and permissions to roles, and programmatic aspects, which depend on dynamic information, namely the satisfaction of authorization constraints in a given scenario. We show how such properties can be evaluated, completely automatically, in the context of the metamodel of the security-design language. We demonstrate, through examples, that this approach can be used to formalize and check non-trivial security properties. The approach has been implemented in the SecureMOVA tool and all of the examples presented have been checked using this tool. |
| |
| Keywords: | |
| 本文献已被 ScienceDirect 等数据库收录! |
|
