Abstract
In this paper we present a novel approach for the predicative specification of user rights in the context of an object oriented use case driven development process. We extend the specification of methods by a permission section describing the right of some actor to call the method of an object. Moreover, we introduce a representation function that describes how actors are represented internally in the system. As syntactic and semantic framework we use a first-order logic with a built-in notion of objects and classes provided with an algebraic semantics. We demonstrate that our approach can be realised in OCL.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Ferraiolo, D.F., Chandramouli, R., Kuhn, D.R.: Role-Based Access Control, 1st edn. Artech House Publishers (2003)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security 3, 224–274 (2001), http://csrc.nist.gov/rbac/rbacSTD-ACM.pdf
Sandhu, R.S.: Role Hierarchies and Constraints for Lattice-Based Access Controls. In: Proceedings of the European Symposium on Research in Security and Privacy (1996)
Miller, J., Fan, M., Sheth, A.P., Kochut, K.: Security in Web-Based Workflow Management Systems. In: Proceedings of the International Workshop on Research Directions in Process Technology, Nancy, France (1997)
Jacobson, I., Booch, G., Rumbaugh, J.: The Unified Software Development Process. Addison Wesley Longman, Inc., Amsterdam (1999)
Breu, R., Burger, K., Hafner, M., Jürjens, J., Popp, G., Wimmel, G., Lotz, V.: Key Issues of a Formally Based Process Model for Security Engineering. In: Proceedings of the 16th International Conference on Software & Systems Engineering and their Applications (ICSSEA 2003), Paris, December 2-4 (2003)
Warmer, J., Kleppe, A.G.: The Object Constraint Language – Precise Modeling with UML, 1st edn. Addison Wesley Longman, Inc., Amsterdam (1999)
OMG: Unified Modeling Language Specification – Version 1.5 (2003)
Breu, R.: An Integrated Approach to Use Case Based Development (2004) (to appear)
Breu, R.: Objektorientierter Softwareentwurf – Integration mit UML. Springer, Heidelberg (2001) (in German)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)
Fernandez, E., Hawkins, J.: Determining role rights from use cases. In: Workshop on Role-Based Access Control, pp. 121–125. ACM, New York (1997)
Höhn, S., Jürjens, J.: Automated Checking of SAP Security Permissions. In: Proceedings of the 6th IFIPWG 11.5 Working Conference on Integrity and Internal Control in Information Systems (IICIS), Lausanne, Switzerland, November 13-15, Kluwer, Dordrecht (2003)
Services, I.B.C.: SAP Berechtigungswesen, Design und Realisierung von Berechtigungskonzepten f r SAP R/3 und SAP Enterprise Portal. SAP Press (2003) (in German)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Breu, R., Popp, G. (2004). Actor-Centric Modeling of User Rights. In: Wermelinger, M., Margaria-Steffen, T. (eds) Fundamental Approaches to Software Engineering. FASE 2004. Lecture Notes in Computer Science, vol 2984. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24721-0_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-24721-0_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21305-5
Online ISBN: 978-3-540-24721-0
eBook Packages: Springer Book Archive