Access Control Diagrams
A UML profile for specifying access control diagrams
Specurity Aspects
Specification Elements
Name
Description
. The set of operations that require access control conform the secure subsystem. The secure subsystem is a package that consists of the classes that provide these operations.
Roles are depicted as role slices, i.e., packages comprising the classes that contains all of the methods that are explicitly allowed or denied to that role.
Explicitly allowed methods in a role slice.
Explicitly denied methods in a role slice.
In a role hierarchy, children roles inherit all of the permissions from their parents, but they can also override them using negative permissions.
A delegation slice contains all of those roles that a user can delegate and represents all of the delegation rules that can be authorized to certain users.
Delegation slices can be assigned to users to authorize them to delegate the corresponding roles.
Represents a sensitivity level of the system.
Relates a sensitivity level to its immediately higher sensitivity level.
Security Aspects
access control
Separation of different aspects of access control in diagrams.- Specification Elements:
- DelegationAssignment
- DelegationSlice
- neg
- order
- pos
- RoleInheritance
- Roleslice
- SecureSubsystem
- SensitivityLevel
- Threats:
- Information Disclosure
- Tampering with Data
Specification Elements
SecureSubsystem
. The set of operations that require access control conform the secure subsystem. The secure subsystem is a package that consists of the classes that provide these operations.Roleslice
Roles are depicted as role slices, i.e., packages comprising the classes that contains all of the methods that are explicitly allowed or denied to that role.- Applies to:
- State
pos
Explicitly allowed methods in a role slice.- Applies to:
- Activity
neg
Explicitly denied methods in a role slice.- Applies to:
- Activity
RoleInheritance
In a role hierarchy, children roles inherit all of the permissions from their parents, but they can also override them using negative permissions.- Applies to:
- State
DelegationSlice
A delegation slice contains all of those roles that a user can delegate and represents all of the delegation rules that can be authorized to certain users.DelegationAssignment
Delegation slices can be assigned to users to authorize them to delegate the corresponding roles.SensitivityLevel
Represents a sensitivity level of the system.- Applies to:
- State
order
Relates a sensitivity level to its immediately higher sensitivity level.- Applies to:
- State