Sciweavers

FASE
2008
Springer

Automated Analysis of Permission-Based Security Using UMLsec

13 years 5 months ago
Automated Analysis of Permission-Based Security Using UMLsec
Abstract. To guarantee the security of computer systems, it is necessary to define security permissions to restrict the access to the systems' resources. These permissions enforce certain restrictions based on the workflows the system is designed for. It is not always easy to see if workflows and the design of the security permissions for the system fit together. We present research towards a tool which supports embedding security permissions in UML models and model-based security analysis by providing consistency checks. It also offers an automated analysis of underlying mechanisms for managing security-critical permissions using Prolog resp. automated theorem provers for first-order logic. A commonly used security concept is permission-based access control, i.e. associating entities (e.g. users or objects) in a system with permissions and allowing an entity to perform a certain action on another entity only if it has been assigned the necessary permissions. Designing and enforci...
Jan Jürjens, Jörg Schreck, Yijun Yu
Added 19 Oct 2010
Updated 19 Oct 2010
Type Conference
Year 2008
Where FASE
Authors Jan Jürjens, Jörg Schreck, Yijun Yu
Comments (0)