Security Description Summary

Specifies an access control policy and connections to the software architecture resulting from them

Specurity Aspects

Name

Description

Correctly realized RBAC Policies

Specification Elements

Name

Description

Describes an resource of the system, which can be accessed through a component

An action of a resource, which is executed by an operation of a component

Assigns a role to a component to define that it provides and requires all service that a user of this role can potentially access

Assigns a user to a component to define that the user accesses the functionality

Connecting allowed ports due to the roles of the assigned users and roles

Delegates the functionality to another component

Security Aspects
- RBAC, OrBAC
  Correctly realized RBAC Policies
  Specification Elements:
  Action
  Delegator
  Permission
  Resource
  Role
  User
  Threats:
  Information Disclosure
  Elevation of Privileges
  Tampering with Data
Specification Elements
- Resource
  Describes an resource of the system, which can be accessed through a component
  Applies to:
  Component
- Action
  An action of a resource, which is executed by an operation of a component
  Applies to:
  Activity
- Role
  Assigns a role to a component to define that it provides and requires all service that a user of this role can potentially access
  Applies to:
  Component
- User
  Assigns a user to a component to define that the user accesses the functionality
  Applies to:
  Component
- Permission
  Connecting allowed ports due to the roles of the assigned users and roles
  Applies to:
  Activity
- Delegator
  Delegates the functionality to another component
  Applies to:
  Activity