Skip to main content
SpringerLink
Log in

Checking Compliance of Program with SecureUML Model

  • Chapter
  • First Online:
Advanced Topics in Intelligent Information and Database Systems (ACIIDS 2017)

Part of the book series: Studies in Computational Intelligence ((SCI,volume 710))

Included in the following conference series:

Abstract

Access control is one of the most efficient ways to restrict resource access violations. However, in software development process, programs may not be fully complied with access policies represented in specifications. In this paper, we present an approach to verify the access policies compliance between a SecureUML model and its software program. We extract access control rules specified in SecureUML model, analyze source code of its program and propose an algorithm to check the compliance between two paradigms. Our approach can help programmers to detect some resource access violations and to improve the quality of software systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Mead, N.R., Allen, J.H., Barnum, S., Ellison, R.J., McGraw, G.: Software Security Engineering: A Guide for Project Managers. Addison-Wesley Professional (2004)

    Google Scholar 

  2. Ferraiolo, D., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control. Artech House (2003)

    Google Scholar 

  3. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-based modeling language for model-driven security. In: International Conference on the Unified Modeling Language, pp. 426–441. Springer (2002)

    Google Scholar 

  4. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 224–274 (2001)

    Article  Google Scholar 

  5. Sandhu, R.S., Coynek, E.J., Feinsteink, H.L., Youmank, C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)

    Article  Google Scholar 

  6. Basin, D., Doser, J., Lodderstedt, T.: Model driven security: from UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol. (TOSEM) 15(1), 39–91 (2006)

    Article  Google Scholar 

  7. Matulevičius, R., Dumas, M.: A comparison of secureUML and UMLsec for rolebased access control. In: Proceedings of the 9th Conference on Databases and Information Systems, pp. 171–185 (2010)

    Google Scholar 

  8. Boadu, E.O., Armah, G.K.: Role-based access control (RBAC) based in hospital management. Int. J. Softw. Eng. Knowl. Eng. 3, 53–67 (2014)

    Google Scholar 

  9. Fisler, K., Krishnamurthi, S., Meyerovich, L.A., Tschantz, M.C.: Verification and change-impact analysis of access-control policies. In: Proceedings of the 27th International Conference on Software Engineering, pp. 196–205. ACM (2005)

    Google Scholar 

  10. Clarke, E., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pp. 168–176. Springer (2004)

    Google Scholar 

  11. Qamar, N., Ledru, Y., Idani, A.: Validation of security-design models using z. In: International Conference on Formal Engineering Methods, pp. 259–274. Springer (2011)

    Google Scholar 

  12. Qamar, N., Faber, J., Ledru, Y., Liu, Z.: Automated reviewing of healthcare security policies. In: International Symposium on Foundations of Health Informatics Engineering and Systems, pp. 176–193. Springer (2012)

    Google Scholar 

  13. Gunter, T.D., Terry, N.P.: The emergence of national electronic health record architectures in the United States and Australia: models, costs, and questions. J. Med. Internet Res. 7(1), e3 (2005)

    Article  Google Scholar 

  14. Kierkegaard, P.: Electronic health record: wiring Europes healthcare. Comput. Law Secur. Rev. 27(5), 503–515 (2011)

    Article  Google Scholar 

  15. M. University: Soot: a Java optimization framework. https://www.sable.mcgill.ca/soot/index.html (2012)

Download references

Acknowledgements

This research is funded by Vietnam National Foundation for Science and Technology Development (NAFOSTED) under grant number 102.03-2014.40.

Author information

Authors and Affiliations

  1. Department of Informatics, Hai Phong University of Medicine and Pharmacy, 72A Nguyen Binh Khiem, Ngo Quyen, Hai Phong, Vietnam

    Thanh-Nhan Luong

  2. VNU University of Engineering and Technology, 144 Xuan Thuy, Cau Giay, Hanoi, Vietnam

    Van-Khanh To & Ninh-Thuan Truong

Authors
  1. Thanh-Nhan Luong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Van-Khanh To
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ninh-Thuan Truong
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thanh-Nhan Luong .

Editor information

Editors and Affiliations

  1. Faculty of Computer Sci. and Management, Wroclaw Univ. of Science and Technology Faculty of Computer Sci. and Management, Wroclaw, Poland

    Dariusz Król

  2. Faculty of Computer Sci. and Management, Wroclaw Univ of Science and Technology Faculty of Computer Sci. and Management, Wroclaw, Poland

    Ngoc Thanh Nguyen

  3. School of Advanced Sci. and Technology, Japan Advanced Inst. of Sci. and Tech School of Advanced Sci. and Technology, Ishikawa, Japan

    Kiyoaki Shirai

Appendix

Appendix

Below is source code snippets of the sample program.

figure b

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Cite this chapter

Luong, TN., To, VK., Truong, NT. (2017). Checking Compliance of Program with SecureUML Model. In: Król, D., Nguyen, N., Shirai, K. (eds) Advanced Topics in Intelligent Information and Database Systems. ACIIDS 2017. Studies in Computational Intelligence, vol 710. Springer, Cham. https://doi.org/10.1007/978-3-319-56660-3_42

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-56660-3_42

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-56659-7

  • Online ISBN: 978-3-319-56660-3

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation