Role-Based Metamodeling Language
A UML-based pattern specification language that is designed to support the development of pattern-based UML models. The RBML specifies patterns in terms of roles where a role defines a set of constraints.
Specurity Aspects
Name
Description
Specifies relation between users, objects, subjects and security levels to achieve mandatory access control
Specification Elements
Name
Description
Defines the security level a user or object has
Identifies classes used by users
Identifies data in the system
Someting that can access an object
Identifies essential operations performed by subjects
Security Aspects
Role-based access control
Specifies relation between users, objects, subjects and security levels to achieve mandatory access control- Specification Elements:
- Objects
- Operations
- Security Level
- Subject
- User
- Threats:
- Information Disclosure
- Tampering with Data
Specification Elements
Security Level
Defines the security level a user or object hasUser
Identifies classes used by users- Applies to:
- Entity
Objects
Identifies data in the system- Applies to:
- Data
Subject
Someting that can access an object- Applies to:
- Activity
Operations
Identifies essential operations performed by subjects- Applies to:
- Entity