Open University CRC Students conference 2010
0 likes395 views
This document discusses model-driven verification and evolution of role-based access control properties. It presents an approach using UMLsec models to specify access control policies, which are then verified against security properties. If verification fails, the model can be merged and evolved step-by-step until it passes verification, at which point code can be generated to implement the access control policies in a framework like Java Authorization and Authentication Service.
![Conclusion
[YES]
UMLsec model Verification
[NO]
Merging
[YES]
UMLsec model Verification
[NO]
OO generation Java code
[YES]
Choice of Java Authentication and
UMLsec model Verification generation Authorization Service
method framework
[NO]
AO generation Java and AspectJ code](https://image.slidesharecdn.com/montrieux-crc2010-slides-100607095036-phpapp01/85/Open-University-CRC-Students-conference-2010-7-320.jpg)
Open University CRC Students conference 2010
- 1. Model-driven Verification and Evolution of Role-Based Access Control Properties Lionel Montrieux L.M.C.Montrieux@open.ac.uk Supervisors: M. Wermelinger, Y. Yu Acknowledgements: C. Haley, J. J端rjens CRC conference, 2010
- 5. Merging
- 7. Conclusion [YES] UMLsec model Verification [NO] Merging [YES] UMLsec model Verification [NO] OO generation Java code [YES] Choice of Java Authentication and UMLsec model Verification generation Authorization Service method framework [NO] AO generation Java and AspectJ code
- 8. Images credits Sydney opera house model Peter Lindberg - CC-by Visa card - Declan Jewell CC-by Darwin memorial Stephen R. Edwards - CC-by-nc-sa Merge sign Simon Greig - CC-by-nc-sa Battersea power plant spacebahr (flickr.com) - CC-by-nc