Access Control View
Is given by a UWE Role Model and a Basic Rights Model. The former describes the hierarchy of user groups to be used for authorization and access control issues. It is usually part of a User Model, which specifies basic structures, as e.g., that a user can take on certain roles simultaneously. The latter defines the access control policies. It constrains elements from the Content Model and from the Role Model.
Specurity Aspects
Name
Description
Controls the access over functionalities.
A dynamic protection against attempts of compromising the systems functionality, as the system reacts accordingly and reduces the attackers possibilities.
If users are requesting access externally, stricter policies have to be enforced, depending on the requester’s location.
Specification Elements
Name
Description
Defines the class that represents a user.
Defines the rights a user has.
Allows to choose from a set of states in which the application should not be available.
Security Aspects
Authorization
Controls the access over functionalities.- Threats:
- Tampering with Data
- Information Disclosure
- Elevation of Privileges
Under Attack Mode
A dynamic protection against attempts of compromising the systems functionality, as the system reacts accordingly and reduces the attackers possibilities.- Specification Elements:
- NoAccessInMode
- Threats:
- Tampering with Data
- Repudiation
- Information Disclosure
- Denial of Service
- Elevation of Privileges
User Zone Concept
If users are requesting access externally, stricter policies have to be enforced, depending on the requester’s location.- Specification Elements:
- NoAccessInMode
- Threats:
- Tampering with Data
- Information Disclosure
- Denial of Service
- Elevation of Privileges
Specification Elements