Using UML and Alloy to Specify and Analyze Access Control Features Eunjee Song, Xi Hua SP05-CS681 Project Proposal.

Slides:

Advertisements

Similar presentations

Three-Step Database Design

Advertisements

Restricted © Siemens AG All rights reserved Siemens Corporate Technology | Month 20XX Proposed topics for TDL phase 3.

FUP - Formal Unified Process MSc.Miroslav Líška Slovak University of Technology Faculty of Informatics and Information.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Irina Rychkova. 9/20061 Systemic approach towards model definition Model transformation semantics.

© Janice Regan Problem-Solving Process 1. State the Problem (Problem Specification) 2. Analyze the problem: outline solution requirements and design.

Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.

Train Control Language Teaching Computers Interlocking By: J. Endresen, E. Carlson, T. Moen1, K. J. Alme, Haugen, G. K. Olsen & A. Svendsen Synthesizing.

1 A UML Class Diagram Analyzer Tiago Massoni Rohit Gheyi Paulo Borba Software Productivity Group Informatics Center – UFPE October 2004.

Detail Design Extending UML and Object Design. Object Design.

PDDL: A Language with a Purpose? Lee McCluskey Department of Computing and Mathematical Sciences, The University of Huddersfield.

UML CASE Tool. ABSTRACT Domain analysis enables identifying families of applications and capturing their terminology in order to assist and guide system.

1 Scenario-based Analysis of UML Design Class Models Lijun Yu October 4th, 2010 Oslo, Norway.

Semantic Mediation & OWS 8 Glenn Guempel

Generative Programming. Generic vs Generative Generic Programming focuses on representing families of domain concepts Generic Programming focuses on representing.

Propositional Calculus Math Foundations of Computer Science.

1 Model Interface Implementation for Two-Way Obliviousness in Aspect-Oriented Modeling Presented by Wuliang Sun Department of Computer Science Baylor University.

Chapter 10 Architectural Design

CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models Bernard Stepien, University of Ottawa Hemanth Khambhammettu Kamel.

Mathematical Modeling and Formal Specification Languages CIS 376 Bruce R. Maxim UM-Dearborn.

A Z Approach in Validating ORA-SS Data Models Scott Uk-Jin Lee Jing Sun Gillian Dobbie Yuan Fang Li.

VERIFICATION OF ASPECT ORIENTED MODELS BY DON MARTIN JAYASHREE VENKIPURAM PATHANGI PIYUSH SRIVASTAVA REFERENCES F. Mostefaoui and J. Vachon,” Design level.

Rebecca Modeling Language Mahdieh Ahmadi Verification of Reactive Systems March 2014.

What is “model transformation”? Distinction between source and target Source may be same as target May be multiple sources, or targets Reaching a fixed.

An Algebra for Composing Access Control Policies (2002) Author: PIERO BONATTI, SABRINA DE CAPITANI DI, PIERANGELA SAMARATI Presenter: Siqing Du Date:

Specializing and extending the UML

SaveUML System design. System overview Possible...

VERIFICATION OF ASPECT-ORIENTED MODELS Review of Aspect-Oriented Definitions aspect – crosscutting concern that may involve multiple classes pointcut –

1 Recent work in the area: Requirement-Driven Development of Distributed Applications Gregor v. Bochmann School of Information Technology and Engineering.

Generative Programming. Automated Assembly Lines.

Verification of behavioural elements of UML models using B Truong, Ninh-Thuan and Souquieres, Jeanine In Proceedings of the 2005 ACM Symposium on.

Propositional Calculus CS 270: Mathematical Foundations of Computer Science Jeremy Johnson.

FDT Foil no 1 On Methodology from Domain to System Descriptions by Rolv Bræk NTNU Workshop on Philosophy and Applicablitiy of Formal Languages Geneve 15.

Secure Systems Research Group - FAU 1 A Trust Model for Web Services Ph.D Dissertation Progess Report Candidate: Nelly A. Delessy, Advisor: Dr E.B. Fernandez.

Alloy-based Lightweight Verification for Aspect-oriented Architecture Naoyasu Ubayashi(Kyushu Institute of Technology) Yuki Sato(Kyushu Institute of Technology)

Modeling the ODP Computational Viewpoint with UML 2.0: The Templeman Library Example José Raúl Romero, Antonio Vallecillo Universidad de Málaga, Spain.

1 Access Control Policies: Modeling and Validation Luigi Logrippo & Mahdi Mankai Université du Québec en Outaouais.

Protocol Derivation Assistant Matthias Anlauff Kestrel Institute

Formal Specification: a Roadmap Axel van Lamsweerde published on ICSE (International Conference on Software Engineering) Jing Ai 10/28/2003.

The Alloy Analyzer June 14 th Alloy small modelling notation that can express a useful range of structural properties is easy to read and write.

Concepts and Realization of a Diagram Editor Generator Based on Hypergraph Transformation Author: Mark Minas Presenter: Song Gu.

Aspect Security - RaviShekhar Gopalan - Prof. Lieberherr Software Security (CSG379)

UML Profile BY RAEF MOUSHEIMISH. Background Model is a description of system or part of a system using well- defined language. Model is a description.

Duminda WijesekeraSWSE 623: Introduction1 Introduction to Formal and Semi- formal Methods Based on A Specifier's Introduction to Formal Methods (J. Wing)

Software Engineering Modern Approaches Eric Braude and Michael Bernstein 1.

21/1/ Analysis - Model of real-world situation - What ? System Design - Overall architecture (sub-systems) Object Design - Refinement of Design.

DCMI Abstract Model Analysis Resource Model Jorge Morato– Information Ingeneering Universidad Carlos III de Madrid

Yu, et al.’s “A Model-Driven Development Framework for Enterprise Web Services” In proceedings of the 10 th IEEE Intl Enterprise Distributed Object Computing.

T imed Languages for Embedded Software Ethan Jackson Advisor: Dr. Janos Szitpanovits Institute for Software Integrated Systems Vanderbilt University.

A UML-Based Pattern Specification Technique Presented by Chin-Yi Tsai IEEE TRANSACTION ON SOFTWARE ENGINEERING, VOL. 30, NO. 3, MARCH 2004 Robert B. France,

ALLOY: A Formal Methods Tool Glenn Gordon Indiana University of Pennsylvania COSC 481- Formal Methods Dr. W. Oblitey 26 April 2005.

1 Week 5 Software Engineering Fall Term 2015 Marymount University School of Business Administration Professor Suydam.

Modeling Formalism Modeling Language Foundations System Modeling & Assessment Roadmap WG SE DSIG Working Group Orlando – June 2016.

1 Modeling Formalism (Modeling Language Foundations) System Modeling Assessment & Roadmap Working Group Meeting – SE DSIG Reston – March, 2016 Yves BERNARD.

COP Introduction to Database Structures

SysML 2.0 Formalism: Semantics Introduction, Requirements & Benefits/Use Cases Formalism WG March 21, 2017.

Modeling Formalism Modeling Language Foundations

Security analysis of COM with Alloy

Sumant Tambe* Akshay Dabholkar Aniruddha Gokhale

SysML 2.0 Formalism: Requirement Benefits, Use Cases, and Potential Language Architectures Formalism WG December 6, 2016.

Object-Oriented Software Engineering Using UML, Patterns, and Java,

SysML v2 Formalism: Requirements & Benefits

OPM/S: Semantic Engineering of Web Services

Business Process Measures

Daniel Amyot and Jun Biao Yan

CSc4730/6730 Scientific Visualization

ETSI TC MTS TDL SC meeting Reports

ETSI TC MTS TDL SC meeting Reports

Presentation transcript:

Using UML and Alloy to Specify and Analyze Access Control Features Eunjee Song, Xi Hua SP05-CS681 Project Proposal

Motivation 1  Access Control feature as a cross cutting aspect => An Aspect Oriented Modeling (AOM) approach for secure system  Crosscutting features Need composition (aspect + application) Complicate analysis tasks => must to be modeled using a formal and analyzable notation.

Motivation 2  Two types of access control features can be composed. e.g., RBAC + MAC => Hybrid Access Control (HAC)  How can we analyze the composed model and show whether the desired properties still hold or not?  Is an access “ denied either in RBAC or in MAC ” or “ denied in both models ” denied in HAC?

“ Analyzable ” Specification Languages  which language should be chosen? Z UML/OCL Alloy

Z vs. OCL  Z/Object Z A formal specification language based on math concepts (sets, functions, and first- order predicate logic) No support on visualization  OCL (Object Constraint Language) An object oriented specification language designed to support specifications in UML Questionable analysis power of currently available tools (e.g., USE, ArgoUML)

Alloy  Developed by Dr. Daniel Jackson at MIT  Lightweight modeling and analysis tool  Relatively easy to understand and use  Convenient Analysis capability by Alloy Analyzer  Compared to OCL … similar to OCL more conventional syntax & simpler semantics fully declarative => automatic analysis

Research Goal  Analysis on RBAC, MAC, and HAC in Alloy Any mapping rules from UML/OCL to Alloy? Any errors found in UML/OCL models? Any design changes influenced by using Alloy?  Evaluation on the usefulness of Alloy Analyzer as an analysis engine for the verifiable model composition.

Work Plan  Translate UML Models to Alloy specifications with analysis : 02/27/05-03/26/05 RBAC, MAC, and HAC Experiment with Alloy Analyzer: Analyze models and modify them if required. Mapping rules from OCL to Alloy.  Analyze the experiment result : 03/27/05-04/01/05 Refine mapping rules, if required. Derive further works for the verifiable model composition  Complete Write-up