Abstract
The specification of policies is a crucial aspect in the development of complex systems, since policies control the system’s behavior. In order to predict a possibly incorrect behavior of the system, it is necessary to have a precise specification of the policy, better if described in an intuitive formalism. We propose policy specifications in three modeling notations, viz. UML, Alloy and Graph Transformations, and compare them from the viewpoint of readability, verifiability as well as tool support. We use a role-based access control policy as example policy.
Partially supported by the EC under Research and Training Network SeGraVis.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
P. Bottoni, M. Koch, F. Parisi-Presicce, and G. Taentzer. Consistency Checking and Visualization of OCL Constraints. In Proc. UML2000, number 1939 in LNCS, 2000.
H. Ehrig, G. Engels, H.-J. Kreowski, and G. Rozenberg, editors. Handbook of Graph Grammars and Computing by Graph Transformations. Vol. II: Applications, Languages, and Tools. World Scientific, 1999.
P.A. Epstein. Engineering of Role/Permission Assignments. PhD Thesis, George Mason University, 2002.
R. Heckel and A. Wagner. Ensuring consistency of conditional graph grammars-a constructive approach. In Proc. SEGRAGRA’95 Graph Rewriting and Computation, number 2. Electronic Notes of TCS, 1995. http://www.elsevier.nl/locate/entcs/volume2.html.
H. Hussmann, B. Demuth, and F. Finger. Modular architecture for a toolset supporting OCL. In Proc. of UML2000, volume 1939 of LNCS, pages 278–293. Springer, 2000.
D. Jackson. Alloy: A Lightwight Object Modelling Notation. Technical Report 797, MIT Laboratory for Computer Science, 2001.
D. Jackson, I. Schlechter, and I. Shlyakhter. Alcoa: the Alloy constraint analyzer. In Proc. International Conference on Software Engineering, Limerick, Ireland, 2000.
M. Koch, L.V. Mancini, and F. Parisi-Presicce. A Graph Based Formalism for RBAC. ACM Transactions on Information and System Security (TISSEC), 5(3):332–365, August 2002.
M. Koch, L.V. Mancini, and F. Parisi-Presicce. Foundations for a graph-based approach to the Specification of Access Control Policies. In eF. Honsell and M. Miculan, editors, Proc. of Foundations of Software Science and Computation Structures (FoSSaCS 2001), Lect. Notes in Comp. Sci. Springer, March 2001.
M. Koch, L.V. Mancini, and F. Parisi-Presicce. Conflict Detection and Resolution in Access Control Specifications. In M. Nielsen and U. Engberg, editors, Proc. of Foundations of Software Science and Computation Structures (FoSSaCS 2002), Lect. Notes in Comp. Sci., pages 223–237. Springer, 2002.
M. Koch and F. Parisi-Presicce. Access Control Policy Specification in UML. In Proc. of UML2002 Workshop on Critical Systems Development with UML, number TUM-I0208, pages 63–78. Technical University of Munich, September 2002.
U. Nickel, J. Niere, and A. Zündorf. Tool demonstration: The FUJABA environment. Proc. of the 22nd Int. Conf. on Software Engineering, 2000.
OMG. OMG Unified Modeling Language Specification, V.1.4, 2001.
M. Richters. The USE tool: A UML-based specification environment, 2001. http://www.db.informatik.uni-bremen.de/projects/USE.
M. Richters and M. Gogolla. Validating UML Models and OCL Constraints. In Proc. UML2000, 2000.
M. Richters and M. Gogolla. OCL-Syntax, Semantics and Tools. In Proc. Advances in Object Modelling with OCL, LNCS, pages 38–63. Springer, 2001.
G. Rozenberg, editor. Handbook of Graph Grammars and Computing by Graph Transformations. Vol. I: Foundations. World Scientific, 1997.
R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Role-based access control models. In 1st ACM Workshop on Role-based access control, 1996.
R. Sandhu, D. Ferraiolo, and R. Kuhn. The NIST Model for Role-Based Access Control: Towards A Unified Standard. In Proc. of the 5th ACM Workshop on Role-Based Access Control. ACM, July 2000.
A. Schaad and J.D. Moffett. A Lightweight Approach to Specification and Analysis of Role-based Access Control Extensions. In Proc. 7th ACM Symposium on Access Control Models and Technologies. ACM Press, 2002.
J. Warmer and A. Kleppe. The Object Constraint Language: Precise Modeling with UML. Addison Wesley, 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Koch, M., Parisi-Presicce, F. (2003). Visual Specifications of Policies and Their Verification. In: Pezzè, M. (eds) Fundamental Approaches to Software Engineering. FASE 2003. Lecture Notes in Computer Science, vol 2621. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36578-8_20
Download citation
DOI: https://doi.org/10.1007/3-540-36578-8_20
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00899-6
Online ISBN: 978-3-540-36578-5
eBook Packages: Springer Book Archive