A Prototype for Transforming Role-Based Access Control Models

Liis Jaks
Role-based access control is a widely-used mechanism in computer systems – it ensures security by restricting resource access to only the system users with respective rights. The RBAC solutions can be engineered with the aid of modelling languages, such as SecureUML and UMLsec, which both present the system design from different viewpoints. Creating multiple coherent models, however, may turn out to be a non-trivial and time-consuming task. This, in turn, may dramatically lessen the motivation to create role-based access control models altogether. As a solution to the problem above, developers could be provided a software tool, which inputs a model in one language and transforms it into the model of another. The transformed model, however, would not be complete, since the two languages are used to represent somewhat different information. The aim of such a tool would be to diminish the necessity to manually copy information, when creating a second model. With this thesis, a prototype tool is developed, which enables the transformation of a SecureUML model to a UMLsec model and vice versa. The tool is implemented in the Java programming language, as a plug-in to the professional UML modelling tool MagicDraw. Menu items are added to the application, which trigger transformations: information is collected from a model in the UMLsec or SecureUML language and, based on that, a new model in the other language is created. As an additional function, completion checks are developed for both models to inform the user of whether all necessary language elements are present. They should act as guides for the user on how to improve the transformed model, since after transformations some information is known to be absent from the new model. Another additional component is the support for manipulating UMLsec association tags, which are an integral part of transformations between the SecureUML and UMLsec languages. The documentation – requirements, code documentation and user manual – is also provided in this paper and are supposed to contribute to the further development as well as understanding of the prototype.
Graduation Thesis language
Graduation Thesis type
Bachelor - Information Technology
Dr. Raimundas Matulevičius Dr. Sven Laur
Defence year
PDF Extras