Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using UML and Alloy to Specify and Analyze Access Control Features Eunjee Song, Xi Hua SP05-CS681 Project Proposal.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Using UML and Alloy to Specify and Analyze Access Control Features Eunjee Song, Xi Hua SP05-CS681 Project Proposal."— Presentation transcript:

1 Using UML and Alloy to Specify and Analyze Access Control Features Eunjee Song, Xi Hua SP05-CS681 Project Proposal

2 Motivation 1  Access Control feature as a cross cutting aspect => An Aspect Oriented Modeling (AOM) approach for secure system  Crosscutting features Need composition (aspect + application) Complicate analysis tasks => must to be modeled using a formal and analyzable notation.

3 Motivation 2  Two types of access control features can be composed. e.g., RBAC + MAC => Hybrid Access Control (HAC)  How can we analyze the composed model and show whether the desired properties still hold or not?  Is an access “ denied either in RBAC or in MAC ” or “ denied in both models ” denied in HAC?

4 “ Analyzable ” Specification Languages  which language should be chosen? Z UML/OCL Alloy

5 Z vs. OCL  Z/Object Z A formal specification language based on math concepts (sets, functions, and first- order predicate logic) No support on visualization  OCL (Object Constraint Language) An object oriented specification language designed to support specifications in UML Questionable analysis power of currently available tools (e.g., USE, ArgoUML)

6 Alloy  Developed by Dr. Daniel Jackson at MIT  Lightweight modeling and analysis tool  Relatively easy to understand and use  Convenient Analysis capability by Alloy Analyzer  Compared to OCL … similar to OCL more conventional syntax & simpler semantics fully declarative => automatic analysis

7 Research Goal  Analysis on RBAC, MAC, and HAC in Alloy Any mapping rules from UML/OCL to Alloy? Any errors found in UML/OCL models? Any design changes influenced by using Alloy?  Evaluation on the usefulness of Alloy Analyzer as an analysis engine for the verifiable model composition.

8 Work Plan  Translate UML Models to Alloy specifications with analysis : 02/27/05-03/26/05 RBAC, MAC, and HAC Experiment with Alloy Analyzer: Analyze models and modify them if required. Mapping rules from OCL to Alloy.  Analyze the experiment result : 03/27/05-04/01/05 Refine mapping rules, if required. Derive further works for the verifiable model composition  Complete Write-up

Download ppt "Using UML and Alloy to Specify and Analyze Access Control Features Eunjee Song, Xi Hua SP05-CS681 Project Proposal."

Similar presentations

Three-Step Database Design

Three-Step Database Design
Restricted © Siemens AG 2014. All rights reserved Siemens Corporate Technology | Month 20XX Proposed topics for TDL phase 3.

Restricted © Siemens AG All rights reserved Siemens Corporate Technology | Month 20XX Proposed topics for TDL phase 3.
FUP - Formal Unified Process MSc.Miroslav Líška Slovak University of Technology Faculty of Informatics and Information.

FUP - Formal Unified Process MSc.Miroslav Líška Slovak University of Technology Faculty of Informatics and Information.
10.6.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
Irina Rychkova. 9/20061 Systemic approach towards model definition Model transformation semantics.

Irina Rychkova. 9/20061 Systemic approach towards model definition Model transformation semantics.
© Janice Regan 2004 1 Problem-Solving Process 1. State the Problem (Problem Specification) 2. Analyze the problem: outline solution requirements and design.

© Janice Regan Problem-Solving Process 1. State the Problem (Problem Specification) 2. Analyze the problem: outline solution requirements and design.
Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.

Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.
Train Control Language Teaching Computers Interlocking By: J. Endresen, E. Carlson, T. Moen1, K. J. Alme, Haugen, G. K. Olsen & A. Svendsen Synthesizing.

Train Control Language Teaching Computers Interlocking By: J. Endresen, E. Carlson, T. Moen1, K. J. Alme, Haugen, G. K. Olsen & A. Svendsen Synthesizing.
1 A UML Class Diagram Analyzer Tiago Massoni Rohit Gheyi Paulo Borba Software Productivity Group Informatics Center – UFPE October 2004.

1 A UML Class Diagram Analyzer Tiago Massoni Rohit Gheyi Paulo Borba Software Productivity Group Informatics Center – UFPE October 2004.
Detail Design Extending UML and Object Design. Object Design.

Detail Design Extending UML and Object Design. Object Design.
PDDL: A Language with a Purpose? Lee McCluskey Department of Computing and Mathematical Sciences, The University of Huddersfield.

PDDL: A Language with a Purpose? Lee McCluskey Department of Computing and Mathematical Sciences, The University of Huddersfield.
UML CASE Tool. ABSTRACT Domain analysis enables identifying families of applications and capturing their terminology in order to assist and guide system.

UML CASE Tool. ABSTRACT Domain analysis enables identifying families of applications and capturing their terminology in order to assist and guide system.
1 Scenario-based Analysis of UML Design Class Models Lijun Yu October 4th, 2010 Oslo, Norway.

1 Scenario-based Analysis of UML Design Class Models Lijun Yu October 4th, 2010 Oslo, Norway.
Semantic Mediation & OWS 8 Glenn Guempel 703-648-4541.

Semantic Mediation & OWS 8 Glenn Guempel
Generative Programming. Generic vs Generative Generic Programming focuses on representing families of domain concepts Generic Programming focuses on representing.

Generative Programming. Generic vs Generative Generic Programming focuses on representing families of domain concepts Generic Programming focuses on representing.
Propositional Calculus Math Foundations of Computer Science.

Propositional Calculus Math Foundations of Computer Science.
1 Model Interface Implementation for Two-Way Obliviousness in Aspect-Oriented Modeling Presented by Wuliang Sun Department of Computer Science Baylor University.

1 Model Interface Implementation for Two-Way Obliviousness in Aspect-Oriented Modeling Presented by Wuliang Sun Department of Computer Science Baylor University.
Chapter 10 Architectural Design

Chapter 10 Architectural Design
CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models Bernard Stepien, University of Ottawa Hemanth Khambhammettu Kamel.

CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models Bernard Stepien, University of Ottawa Hemanth Khambhammettu Kamel.

Similar presentations

Ads by Google