基于角色的访问控制模型及其面向对象的建模

访问控制是信息安全的一个研究方向，基于角色的访问控制(RBAC)是目前理论研究和应用研究比较广泛的一种模型。详细介绍了RBAC96模型家族的特征和它所遵循的安全准则，并引入面向对象的思想，采用统一建模语言(UML)对RBAC96进行了静态和动态建模，这样就缩短了理论模型和实际系统开发之间的差距，有助于信息系统安全的面向对象的分析与设计。     

基于RBAC模型的安全访问机制建模研究

基于角色访问控制（RBAC）是一种方便、安全、高效的访问控制机制。介绍了软件系统安全控制策略,分析了RBAC的基本思想和用户角色分配的基本方法,提出了基于面向对象的RBAC建模思想,并用标准建模语言UML的交互图描述RBAC的授权流程,从而使系统开发人员有效理解RBAC模型并建立基于角色的系统。文中还给出了在数据备份系统中运用RBAC实现用户权限管理应用模型的实例。     

基于UML的嵌入式系统模型验证机制的研究

随着嵌入式系统在各个领域的广泛应用,嵌入式系统变得越来越复杂,研究一种支持嵌入式系统从分析、设计、验证到编码这一整个开发过程的模型系统及建模方法变得越来越重要。UML(UnifiedModelingLanguage,统一建模语言)作为面向对象的分析与设计技术的代表,已经获得了广泛的承认,并在多个领域中有成功的应用。然而,UML是一种符号化语言系统,其语义采用自然语言描述,没有完全形式化,无法精确和严格地描述模型的行为从而实现模型的验证。为了解决这个问题,文章提出了一种用于嵌入式系统UML模型验证的方法,其核心是可执行(Executable)UML,它是UML的增强性子集,采用与UML相同的符号表示法,并集成了状态图(StateChart)所用的形式化语义定义。嵌入式系统的UML模型经过语义分析能够很方便地生成可执行UML模型,并实现系统模型的验证。     

数据备份系统中基于角色访问控制模型的研究

基于角色访问控制(RBAC)是一种方便、安全、高效的访问控制机制.文中分析了RBAC的基本思想和模型,然后介绍了用户角色分配和角色许可分配的基本方法,最后提出了在数据备份系统中运用RBAC实现用户权限管理的应用模型.并实现了标准建模语言UML的交互图描述RBAC的授权流程,从而使系统开发人员能深刻理解RBAC模型和建立基于角色的系统.     

基于XML图的RBAC模型研究

针对传统XML描述的基于角色的访问控制(RBAC)模型在角色权限继承、约束方面支持的不足,提出了一种基于XML图的RBAC3模型。该模型通过属性引用的方式实现了多重继承并引入面向对象中私有继承的概念,使角色的私有权限得到保护。同时,通过引入互斥权限的概念简化了责任分离的实现。     

数据备份系统中基于角色访问控制模型的研究

基于角色访问控制(RBAC)是一种方便、安全、高效的访问控制机制。文中分析了RBAC的基本思想和模型，然后介绍了用户角色分配和角色许可分配的基本方法，最后提出了在数据备份系统中运用RBAC实现用户权限管理的应用模型。并实现了标准建模语言UML的交互图描述RBAC的授权流程，从而使系统开发人员能深刻理解RBAC模型和建立基于角色的系统。     

基于角色的访问控制模型的扩充和实现机制研究

同传统的自由访问控制(DAC)和强制访问控制(MAC)相比，基于角色的访问控制(RBAC)代表了在灵活性和控制粒度上的一个重大进步．为了促进RBAC的研究和应用，美国国家技术与标准局提出了RBAC建议标准．然而，该标准仅支持一种约束，即职责分离约束．提出了一个经过扩展的I出AC标准——e-RBAC，增加了对广泛使用的势约束的直接支持．提出了一个面向对象的RBAC系统实现框架，该框架可部分起到API标准的作用．在此框架之下实现了一个通用的RBAC核心功能模块act-RBAC．     

扩展UML与Petri网应用在嵌入式系统设计中的研究

随着嵌入式系统的不断发展,传统的嵌入式开发已经远远不能适应新的要求,需要借助UML强大的系统设计能力来解决效率低下的问题,但是标准UML,在多系统级任务并发,任务之间同步、系统仿真以及实时性方面没有提供足够的支持,很难直接应用到嵌入式系统的设计中.文章研究一种将时间约束Petri网和扩展UML,相结合的方法,通过利用Petri描述异步性和并发性的能力来扩展UML,的构造型和流程图,通过将UML转化为Petri图,进而可以利用Petri强大的理论体系来验证UML的正确性.     

将扩展UML与Petri网应用在嵌入式系统设计中的研究

随着嵌入式系统的不断发展,传统的嵌入式开发已经远远不能适应新的要求,需要借助UML强大的系统设计能力来解决效率低下的问题,但是标准UML在多系统级任务并发,任务之间同步、系统仿真以及实时性方面没有提供足够的支持,很难直接应用到嵌入式系统的设计中.本文研究了一种将时间约束Petri网和扩展UML相结合的方法,通过利用Petri描述异步性和并发性的能力来扩展UML的构造型和流程图,通过将UML转化为Petri图,进而可以利用Petri强大的理论体系来验证UML的正确性.     

Reconstructing a formal security model

Role-based access control (RBAC) is a flexible approach to access control, which has generated great interest in the security community. The principal motivation behind RBAC is to simplify the complexity of administrative tasks. Several formal models of RBAC have been introduced. However, there are a few works specifying RBAC in a way which system developers or software engineers can easily understand and adopt to develop role-based systems. And there still exists a demand to have a practical representation of well-known access control models for system developers who work on secure system development. In this paper we represent a well-known RBAC model with software engineering tools such as Unified Modeling Language (UML) and Object Constraints Language (OCL) to reduce a gap between security models and system developments. The UML is a general-purpose visual modeling language in which we can specify, visualize, and document the components of a software system. And OCL is part of the UML and has been used for object-oriented analysis and design as a de facto constraints specification language in software engineering arena. Our representation is based on a standard model for RBAC proposed by the National Institute of Standards and Technology. We specify this RBAC model with UML including three views: static view, functional view, and dynamic view. We also describe how OCL can specify RBAC constraints that is one of important aspects to constrain what components in RBAC are allowed to do. In addition, we briefly discuss future directions of this work.     

Semantic constraint specification and verification of ebXML business process specifications

Electronic Business using eXtensible Markup Language (ebXML) Business Process Specification Schema (BPSS) supports the specification of the set of elements required to configure a runtime system in order to execute a set of ebXML business transactions. The BPSS is available in two stand-alone representations; a UML version and an XML version. Due to the limitations of UML notations and XML syntax, however, the current ebXML BPSS specification is insufficient to formally specify semantic constraints of modeling elements. In this study, we propose a classification scheme for BPSS semantic constraints, and describe how to represent those semantic constraints formally using Object Constraint Language. As a way to verify a particular Business Process Specification (BPS) with formal semantic constraint modeling, we suggest a rule-based approach to represent the formal semantic constraints, and describe a detail mechanism to apply the rule-based specified constraints to the BPS in a prototype implementation.     

UML specification of access control policies and their formal verification

Security requirements have become an integral part of most modern software systems. In order to produce secure systems, it is necessary to provide software engineers with the appropriate systematic support. We propose a methodology to integrate the specification of access control policies into Unified Modeling Language (UML) and provide a graph-based formal semantics for the UML access control specification which permits to reason about the coherence of the access control specification. The main concepts in the UML access control specification are illustrated with an example access control model for distributed object systems.     

嵌入式系统描述与验证环境的实现

首先，用统一建模语言(UML)中的状态图描述系统在整个活动周期中所处的不同的状态，活动图表示状态图中每个进程的功能，对象约束语言(OCL)描述系统中的约束条件；然后，用自行开发的软件UML2SC将UML描述的系统转换成SystemC代码，以完成系统的模拟验证；并介绍了该方法的一个应用实例。     

Combining UML, ASTD and B for the formal specification of an access control filter

Combination of formal and semi-formal methods is more and more required to produce specifications that can be, on the one hand, understood and thus validated by both designers and users and, on the other hand, precise enough to be verified by formal methods. This motivates our aim to use these complementary paradigms in order to deal with security aspects of information systems. This paper presents a methodology to specify access control policies starting with a set of graphical diagrams: UML for the functional model, SecureUML for static access control and ASTD for dynamic access control. These diagrams are then translated into a set of B machines. Finally, we present the formal specification of an access control filter that coordinates the different kinds of access control rules and the specification of functional operations. The goal of such B specifications is to rigorously check the access control policy of an information system taking advantage of tools from the B method.     

基于UML和模型检测的安全模型验证方法

安全策略的形式化分析与验证随着安全操作系统研究的不断深入已成为当前的研究热点之一.文中在总结前人工作的基础上,首次提出一种基于UML和模型检测器的安全模型验证方法.该方法采用UML将安全策略模型描述为状态机图和类图,然后利用转换工具将UML图转化为模型检测器的输入语言,最后由模型检测器来验证安全模型对于安全需求的满足性.作者使用该方法验证了DBLP和SLCF模型对机密性原则的违反.     

OPM/Web – Object-Process Methodology for Developing Web Applications

Web applications can be classified as hybrids between hypermedia and information systems. They have a relatively simple distributed architecture from the user viewpoint, but a complex dynamic architecture from the designer viewpoint. They need to respond to operation by an unlimited number of heterogeneously skilled users, address security and privacy concerns, access heterogeneous, up-to-date information sources, and exhibit dynamic behaviors that involve such processes as code transferring. Common system development methods can model some of these aspects, but none of them is sufficient to specify the large spectrum of Web application concepts and requirements. This paper introduces OPM/Web, an extension to the Object-Process Methodology (OPM) that satisfies the functional, structural and behavioral Web-based information system requirements. The main extensions of OPM/Web are adding properties of links to express requirements, such as those related to encryption; extending the zooming and unfolding facilities to increase modularity; cleanly separating declarations and instances of code to model code transferring; and adding global data integrity and control constraints to express dependence or temporal relations among (physically) separate modules. We present a case study that helps evaluate OPM/Web and compare it to an extension of the Unified Modeling Language (UML) for the Web application domain.     

Visual modeling and formal specification of constraints of RBAC using semantic web technology

The role-based access control (RBAC) model has garnered great interest in the security community due to the flexible and secure nature of its applicability to the complex and sophisticated information system. One import aspect of RBAC is the enforcing of security policy, called constraint, which controls the behavior of components in RBAC. Much research has been conducted to specify constraints. However, more work is needed on the aspect of sharing information resources for providing better interoperability in the widely dispersed ubiquitous information system environment. This paper provides visual modeling of RBAC policy and specifies constraints of RBAC by employing a semantic web ontology language (OWL) to enhance understanding of constraints for machines and people in a ubiquitous computing environment. Using OWL, constraints were precisely formalized according to the constraint patterns and the effectiveness of OWL specification was demonstrated by showing the reasoning process.     

带时间约束的UML序列图的分析工具

统一建模语言(UML)是一种多用途的可视化建模语言,它可用于软件系统的规约、可视化的构造和建档.UML序列图描述了交互对象间的协作,如在实时和分布式系统中通讯实体间的信息交互.与其它的规约和设计过程类似,UML序列图的规约也易出错,所以对它进行分析是很有必要的.文章描述了一个对带时间约束的UML序列图进行分析的工具.     

基于时序描述逻辑的UML顺序图形式化方法

根据统一建模语言(UML)顺霤图的时霤特征,提出一种基于时霤描述逻辑ALCQIUS的UML顺霤图需式化方法。研究ALCQIUS时霤扩展部分的语法和语义、ALCQIUS断言公式集一致霆定理,给出ALCQIUS断言公式集一致霆推理算法,并证明该推理算法的可判定霆。以公安报警系统为例,说明基于ALCQIUS的UML顺霤图需式化规约和需式化验证具备可霂霆,并且ALCQIUS为UML顺霤图需式化提供了合理的逻辑基础。