Indrakshi Ray

UML2Alloy: a challenging model transformation

Alloy is a formal language, which has been applied to modelling of systems in a wide range of application domains. It is supported by Alloy Analyzer, a tool, which allows fully automated analysis. As a result, creating Alloy code from a UML model provides the opportunity to exploit analysis capabilities of the Alloy Analyzer to discover possible design flaws at early stages of the software development. Our research makes use of model based techniques for the automated transformation of UML class diagrams with OCL constraints to Alloy code. The paper demonstrates challenging aspects of the model transformation, which originate in fundamental differences between UML and Alloy. We shall discuss some of the differences and illustrate their implications on the model transformation process. The presented approach is explained via an example of a secure e-business system.

On challenges of model transformation from UML to Alloy

The Unified Modeling Language (UML) is the de facto language used in the industry for software specifications. Once an application has been specified, Model Driven Architecture (MDA) techniques can be applied to generate code from such specifications. Since implementing a system based on a faulty design requires additional cost and effort, it is important to analyse the UML models at earlier stages of the software development lifecycle. This paper focuses on utilizing MDA techniques to deal with the analysis of UML models and identify design faults within a specification. Specifically, we show how UML models can be automatically transformed into Alloy which, in turn, can be automatically analysed by the Alloy Analyzer. The proposed approach relies on MDA techniques to transform UML models to Alloy. This paper reports on the challenges of the model transformation from UML class diagrams and OCL to Alloy. Those issues are caused by fundamental differences in the design philosophy of UML and Alloy. To facilitate better the representation of Alloy concepts in the UML, the paper draws on the lessons learnt and presents a UML profile for Alloy.

Aspect-oriented approach to early design modelling

Developers of modern software systems are often required to build software that addresses security, fault-tolerance and other dependability concerns. A decision to address a dependability concern in a particular manner can make it difficult or impossible to address other concerns in software. Proper attention to balancing key dependability and other concerns in the early phases of development can help developers better manage product risks through early identification and resolution of conflicts and undesirable emergent behaviours that arise as a result of interactions across behaviours that address different concerns. The authors describe an aspect-oriented modelling (AOM) approach that eases the task of exploring alternative ways of addressing concerns during software modelling. The paper focuses on use of the AOM approach to produce logical, aspect-oriented architecture models (AAMs) that describe how concerns are addressed in technology-independent terms. An AAM consists of a set of aspect models and a base architecture model called the primary model. An aspect model describes how a dependability concern is addressed, and a primary model describes how other concerns are addressed. Composition of the aspect and primary models in an AAM produces an integrated view of the logical architecture described by the AAM. Composition can reveal conflicts and undesirable emergent properties. Resolving these problems can involve developing and analysing alternative ways of addressing concerns. Localising the parts of an architecture that address pervasive and nonorthogonal dependability concerns in aspect models allows developers to more easily evolve and replace the parts as they explore alternative ways of balancing concerns in the early stages of development.

A spatio-temporal role-based access control model

With the growing advancement of pervasive computing technologies, we are moving towards an era where spatio-temporal information will be necessary for access control. The use of such information can be used for enhancing the security of an application, and it can also be exploited to launch attacks. For critical applications, a formal model for spatio-temporal-based access control is needed that increases the security of the application and ensures that the location information cannot be exploited to cause harm. In this paper, we propose a spatio-temporal access control model, based on the Role-Based Access Control (RBAC) model, that is suitable for pervasive computing applications. We show the association of each component of RBAC with spatio-temporal information. We formalize the model by enumerating the constraints. This model can be used for applications where spatial and temporal information of a subject and an object must be taken into account before granting or denying access.

LRBAC: a location-aware role-based access control model

With the growing use of wireless networks and mobile devices, we are moving towards an era where location information will be necessary for access control. The use of location information can be used for enhancing the security of an application, and it can also be exploited to launch attacks. For critical applications, a formal model for location-based access control is needed that increases the security of the application and ensures that the location information cannot be exploited to cause harm. In this paper, we show how the Role-Based Access Control (RBAC) model can be extended to incorporate the notion of location. We show how the different components in the RBAC model are related with location and how this location information can be used to determine whether a subject has access to a given object. This model is suitable for applications consisting of static and dynamic objects, where location of the subject and object must be considered before granting access.

Using uml to visualize role-based access control constraints

Organizations use Role-Based Access Control (RBAC) to protect information resources from unauthorized access. We propose an approach, based on the Unified Modeling Language (UML), that shows how RBAC policies can be systematically incorporated into an application design. We consider an RBAC model to be a pattern which we express using UML diagram templates; RBAC policies for an application conforming to this model can be generated by instantiating these templates with values obtained from the application. The constraints of the RBAC model are expressed using the Object Constraint Language (OCL). OCL constraints, based on first-order logic, are difficult to understand. To alleviate this problem, we show how violation of such constraints can be visually represented using object diagram templates. With adequate tool support, developers can use these to demonstrate constraint violations in their applications. Our approach is illustrated using a small banking application.

Using aspects to design a secure system

Developers of complex systems have to address concerns such as security, availability of services, and timeliness that often are non-orthogonal to traditional design structures, that is, the concerns cross-cut traditional design units. We illustrate how an aspect-oriented approach to modeling allows developers to encapsulate such design concerns so that they can be woven into a design in a systematic and consistent manner. The paper focuses on the use of aspects for modeling and weaving in security concerns.

An aspect-based approach to modeling access control concerns

Specifying, enforcing and evolving access control policies is essential to prevent security breaches and unavailability of resources. These access control design concerns impose requirements that allow only authorized users to access protected computer-based resources. Addressing these concerns in a design results in the spreading of access control functionality across several design modules. The pervasive nature of access control functionality makes it difficult to evolve, analyze, and enforce access control policies. To tackle this problem, we propose using an aspect-oriented modeling(AOM) approach for addressing access control concerns. In the AOM approach, functionality that addresses a pervasive access control concern is localized in an aspect. Other functional design concerns are addressed in a model of the application referred to as a primary model. Composing access control aspects with a primary model results in an application model that addresses access control concerns. We illustrate our approach using a form of Role-Based Access Control. q 2003 Elsevier B.V. All rights reserved.

VTrust: a trust management system based on a vector model of trust

Trust can be used to measure our confidence that a secure system behaves as expected. We had previously proposed a vector model of trust [1]. In this work we address the problem of trust management using the vector model. We develop a new trust management engine which we call VTrust (from Vector Trust). The trust management engine stores and manages current as well as historical information about different parameters that define a trust relation between a truster and a trustee. We propose an SQL like language called TrustQL to interact with the trust management engine. TrustQL consists of a Trust Definition Language (TDL) that is used to define a trust relationship and a Trust Manipulation Language (TML) that is used to query and update information about trust relationships.

A cryptographic solution to implement access control in a hierarchy and more

The need for access control in a hierarchy arises in severaldifferent contexts. One such context is managing the information ofan organization where the users are divided into different securityclasses depending on who has access to what. Several cryptographicsolutions have been proposed to address this problem --- thesolutions are based on generating cryptographic keys for eachsecurity class such that the key for a lower level security classdepends on the key for the security class that is higher up in thehierarchy. Most solutions use complex cryptographic techniques:integrating these into existing systems may not be trivial. Othershave impractical requirement: if a user at a security level wantsto access data at lower levels, then all intermediate nodes must betraversed. Moreover, if there is an access control policy that doesnot conform to the hierarchical structure, such policy cannot behandled by existing solutions. We propose a new solution thatovercomes the above mentioned shortcomings. Our solution not onlyaddresses the problem of access control in a hierarchy but also canbe used for general cases. It is a scheme similar to the RSAcryptosystem and can be easily incorporated in existing systems.