Extending UML to Define Access Control
International Journal of Computer Science and Engineering |
© 2019 by SSRG - IJCSE Journal |
Volume 6 Issue 6 |
Year of Publication : 2019 |
Authors : Pushkar G. Dhande, Dr. Bandu B. Meshram |
How to Cite?
Pushkar G. Dhande, Dr. Bandu B. Meshram, "Extending UML to Define Access Control," SSRG International Journal of Computer Science and Engineering , vol. 6, no. 6, pp. 10-16, 2019. Crossref, https://doi.org/10.14445/23488387/IJCSE-V6I6P102
Abstract:
Access control means defining who/what can access which resources or to which level in system. In any software system access control plays large part in achieving security goals for system. As improper access control can lead to various vulnerabilities in system. UML is widely used in software development to represent structure and behaviour of system before developing it.UML can be extended to define access control for system more effectively as uml covers all aspects of the software beforehand actual development.
Keywords:
Security ,Software Engineering,Access Control,UML.
References:
[1] P. B. Ambhore, B. B. Meshram and V. B. Waghmare, "A Implementation of Object Oriented Database Security," 5th ACIS International Conference on Software Engineering Research, Management & Applications (SERA 2007), Busan, 2007, pp. 359-365.
[2] Yixin Jiang, Chuang Lin, Hao Yin and Zhangxi Tan, "Security analysis of mandatory access control model," 2004 IEEE International Conference on Systems, Man and Cybernetics (IEEE Cat. No.04CH37583), The Hague, 2004, pp. 5013-5018 vol.6.
[3] R. S. Sandhu, E. J. Coyne, H. L. Feinstein and C. E. Youman, "Role-based access control models," in Computer, vol. 29, no. 2, pp. 38-47, Feb. 1996.
[4] Coyne, Edward J., Timothy R. Weil, and Rick Kuhn. "Role engineering: methods and standards." IT Professional 13.6 (2011): 54-57.
[5] Stuart Steiner, Daniel Conte de Leon, and Ananth A. Jillepalli. 2018. Hardening web applications using a least privilege DBMS access model. In Proceedings of the Fifth Cybersecurity Symposium (CyberSec '18). ACM, New York, NY, USA, Article 4, 6 pages
[6] Stuart Steiner, Daniel Conte de Leon, and Ananth A. Jillepalli. 2018. Hardening web applications using a least privilege DBMS access model. In Proceedings of the Fifth Cybersecurity Symposium (CyberSec '18). ACM, New York, NY, USA, Article 4, 6 pages
[7] J. Jurjens, Secure Systems Development with UML. Berlin, Germany:Springer, 2005.
[8] T. Lodderstedt, D. Basin, and J. Doser, “SecureUML: A UML-based modeling language for model-driven security,” in Proc. 5th Int. Conf. UML Unified Model. Language, 2002
[9] L. Røstad, “An extended misuse case notation: Including vulnerabilities and the insider threat,” in Proc. 12th Working Conf. Requirements Eng.: Found. Softw. Quality, 2006.
[10] Sylvia Osborn. 1997. Mandatory access control and role-based access control revisited. In Proceedings of the second ACM workshop on Role-based access control (RBAC '97). ACM, New York, NY, USA, 31-40
[11] https://www.techopedia.com/definition/4017/mandatory-access-control-mac