1 / 28

Modeling Role Based Access Control in UML

Modeling Role Based Access Control in UML. Based on Towards A UML based approach to Role Engineering, by P. Epstein and R. Sandhu UML-Based representation of RBAC, by Eonsuk Shin and Gail-Joon Ahn RBAC Constraints Specification using OCL by Gail-Joon Ahn and Eonsuk Shin.

lalo
Download Presentation

Modeling Role Based Access Control in UML

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Modeling Role Based Access Control in UML Based on Towards A UML based approach to Role Engineering, by P. Epstein and R. Sandhu UML-Based representation of RBAC, by Eonsuk Shin and Gail-Joon Ahn RBAC Constraints Specification using OCL by Gail-Joon Ahn and Eonsuk Shin UML Security 3

  2. A Brief Introduction to RBAC • Permissions assigned to roles • Users play roles, and then they are bestowed with all permissions assigned to roles • Conflict exists between • Roles • Users • Permissions • Objective is to be able to play roles without conflicts UML Security 3

  3. The RBAC Model UML Security 3

  4. RBAC Continued • Users belong to groups • Groups, roles and objects may belong to hierarchies • Generally (but not always) senior roles have all permissions assigned to junior roles • Permissions can be + or - • RCL2000 is a language designed for RBAC specifications UML Security 3

  5. Towards A UML based approach to Role Engineering P. Epstein and R. Sandhu UML Security 3

  6. RBAC for Network Enterprises • Two groups • Application developers • Local system administrator • Application developer responsible for 1. Objects 2. Object Handles 2. Application Constraints 4. Application keys • Local System Administrator responsible for 5. Enterprise keys 6. Key chains 7. Enterprise constraints UML Security 3

  7. Layers for Application Developer • Objects: Attributes+ methods • Object handles: Set of objects • Application constraints: pre-requisite for granting access permissions • Application keys: Associates a role with objects • Application keys can be a leaf node of the hierarchy or a non-leaf (considered abstract) UML Security 3

  8. Layers for System Administrator 5. Enterprise Keys: Each application key is mapped to an enterprise key or a key chain. 6. Key Chains: Sets of enterprise keys 7. Enterprise Constraints: Enterprise key permits user to access methods of the object, if application constraints are satisfied UML Security 3

  9. Layers Continued • A user can be assigned enterprise keys that are part of different application key hierarchies • If a key inherits methods more than key, then in worse case the key contains the same method with different constraint • FNE Policy: constraints are logically “ored” UML Security 3

  10. UML Security 3

  11. Applying UML • Layer 1 • objects UML Security 3

  12. Layer 2: Object Handle UML Security 3

  13. Layer 3: Constraints UML Security 3

  14. Layer 4: Application Keys UML Security 3

  15. Layer 5: Enterprise Key UML Security 3

  16. Layer 6: Key Chains UML Security 3

  17. Layer 7: Enterprise Constraints UML Security 3

  18. Role Engineering of the 7 Layers UML Security 3

  19. UML-Based Representation of RBAC By Eonsuk Shin and Gail-Joon Ahn UML Security 3

  20. RBAC Model Again UML Security 3

  21. Details of the RBAC Model • U set of users, R set of disjoint roles, P set of disjoint permissions, S set of sessions • UA user-to-role mapping • PA permission-to-role mapping • RH role hierarchy • User S -> U gives user of session • Role S -> 2**R gives roles of session • Constraints about conflicts UML Security 3

  22. UML Static Model for RBAC UML Security 3

  23. Attributes of Entity Classes UML Security 3

  24. Use Cases in RBAC UML Security 3

  25. RBAC Constraints Specification using OCL By Gail-Joon Ahn and Eonsuk Shin UML Security 3

  26. Example Application constraints in OCL Context Company inv: Self.employee->size>200 Context Company inv: Self.employee->select(age>50)->notEmpty UML Security 3

  27. RBAC Constraints 1 • Separation of duty constraints context User inv: let M : Set = {{accounts_mgr, purchase_mgr}, } in M->select{m|self.role->intersction(m)-> size->1)->isEmpty UML Security 3

  28. Prerequisite and Cardinality Constraints • context User inv: self.role->includes(“tester”) implies self.role->includes(“project_team”) • context Role inv: self.user->select(u|self.name=“chairman”) ->size =1 UML Security 3

More Related