Abstract
The UML is the de facto standard for system specification, but offers little specialized support for the specification and analysis of policies. This paper presents Deontic STAIRS, an extension of the UML sequence diagram notation with customized constructs for policy specification. The notation is underpinned by a denotational trace semantics. We formally define what it means that a system satisfies a policy specification, and introduce a notion of policy refinement. We prove that the refinement relation is transitive and compositional, thus supporting a stepwise and modular specification process. The approach is exemplified with access control policies.
Chapter PDF
Similar content being viewed by others
References
Sloman, M., Lupu, E.: Security and Management Policy Specification. Network, IEEE 16(2), 10–19 (2002)
Object Management Group: Unified Modeling Language: Superstructure, version 2.1.1 (2007)
Sloman, M.: Policy Driven Management for Distributed Systems. Journal of Network and Systems Management 2, 333–360 (1994)
McNamara, P.: Deontic Logic. In: Gabbay, D.M., Woods, J. (eds.) Logic and the Modalities in the Twentieth Century. Handbook of the History of Logic, vol. 7, pp. 197–288. Elsevier, Amsterdam (2006)
Kagal, L., Finin, T., Joshi, A.: A Policy Language for a Pervasive Computing Environment. In: Proc. of 4th International Workshop on Policies for Distributed Systems and Networks (POLICY), pp. 63–74. IEEE CS Press, Los Alamitos (2003)
Aagedal, J.Ø., Milošević, Z.: ODP Enterprise Language: UML Perspective. In: Proc. of 3rd International Conference on Enterprise Distributed Object Computing (EDOC), pp. 60–71. IEEE CS Press, Los Alamitos (1999)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)
ISO/IEC: ISO/IEC FCD 15414, Information Technology - Open Distributed Processing - Reference Model - Enterprise Viewpoint (2000)
Solhaug, B., Elgesem, D., Stølen, K.: Specifying Policies Using UML Sequence Diagrams – An Evaluation Based on a Case Study. In: Proc. of 8th International Workshop on Policies for Distributed Systems and Networks (POLICY), pp. 19–28. IEEE CS Press, Los Alamitos (2007)
Haugen, Ø., Husa, K.E., Runde, R.K., Stølen, K.: STAIRS Towards Formal Design with Sequence Diagrams. Software & Systems Modeling 4, 355–367 (2005)
Runde, R.K., Refsdal, A., Stølen, K.: Relating Computer Systems to Sequence Diagrams with Underspecification, Inherent Nondeterminism and Probabilistic Choice. Technical Report 346, Department of Informatics, University of Oslo (2007)
Refsdal, A., Solhaug, B., Stølen, K.: A UML-based Method for the Development of Policies to Support Trust Management. In: Trust Management II – Proc. of 2nd Joint iTrust and PST Conference on Privacy, Trust Management and Security (IFIPTM), pp. 33–49. Springer, Heidelberg (2008)
Bandara, A.K., Lupu, E., Russo, A., Dulay, N., Sloman, M., Flegkas, P., Charalambides, M., Pavlou, G.: Policy Refinement for DiffServ Quality of Service Management. In: Proc. of 9th IFIP/IEEE International Symposium on Integrated Network Management (IM 2005), pp. 469–482 (2005)
Rubio-Loyola, J., Serrat, J., Charalambides, M., Flegkas, P., Pavlou, G.: A Functional Solution for Goal-Oriented Policy Refinement. In: Proc. of 7th International Workshop on Policies for Distributed Systems and Networks (POLICY), pp. 133–144. IEEE CS Press, Los Alamitos (2006)
OASIS: eXstensible Access Control Markup Language (XACML) Version 2.1 (2005)
Lupu, E., Sloman, M.: Conflicts in Policy-based Distributed Systems Management. IEEE Transactions on Software Engineering 25, 852–869 (1999)
Bandara, A.K., Lupu, E.C., Moffet, J., Russo, A.: A Goal-based Approach to Policy Refinement. In: Proc. of 5th International Workshop on Policies for Distributed Systems and Networks (POLICY), pp. 229–239. IEEE CS Press, Los Alamitos (2004)
Rubio-Loyola, J., Serrat, J., Charalambides, M., Flegkas, P., Pavlou, G., Lafuente, A.L.: Using Linear Temporal Model Checking for Goal-oriented Policy Refinement Frameworks. In: Proc. of 6th International Workshop on Policies for Distributed Systems and Networks (POLICY), pp. 181–190. IEEE CS Press, Los Alamitos (2005)
Linington, P.: Options for Expressing ODP Enterprise Communities and Their Policies by Using UML. In: Proc. of 3rd International Conference on Enterprise Distributed Object Computing (EDOC), pp. 72–82. IEEE CS Press, Los Alamitos (1999)
International Telecommunication Union: Recommendation Z.120 – Message Sequence Chart (MSC) (1999)
Harel, D., Maoz, S.: Assert and Negate Revisited: Modal Semantics for UML Sequence Diagrams. Software & Systems Modeling 7(2), 237–252 (2008)
Harel, D., Marelly, R.: Come, Let’s Play: Scenario-Based Programming Using LSCs and the Play-Engine. Springer, Heidelberg (2003)
Krüger, I.H.: Distributed System Design with Message Sequence Charts. Ph.D thesis, Institut für Informatik, Ludwig-Maximilians-Universität München (2000)
Sengupta, B., Cleaveland, R.: Triggered Message Sequence Charts. IEEE Transactions on Software Engineering 32(8), 587–607 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Solhaug, B., Stølen, K. (2008). Compositional Refinement of Policies in UML – Exemplified for Access Control. In: Jajodia, S., Lopez, J. (eds) Computer Security - ESORICS 2008. ESORICS 2008. Lecture Notes in Computer Science, vol 5283. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88313-5_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-88313-5_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88312-8
Online ISBN: 978-3-540-88313-5
eBook Packages: Computer ScienceComputer Science (R0)