Databases Reference
In-Depth Information
been increasingly given to the techniques and tools required for architecting
enterprise-scale software solutions. Many enterprises extend the life of an ex-
isting solution by designing new business logic that manipulates existing data
resources, presenting existing data and transactions through new channels,
integrating previously disconnected systems supporting overlapping business
activities, and so on. The design of a high-quality solution therefore also calls
for early architectural decisions on privacy and security [4]. Consequently, it
is important to
Model privacy and security concerns as carefully as any other concerns.
•
Propagate the security requirements to the security policies and security
implementation inexpensively.
•
5.1 Policy Modeling
Policy modeling is the process to describe and capture a level of abstrac-
tion between the security policies and mechanisms, enabling the design of
implementation mechanisms to enforce multiple policies in various computing
environments without considering the underlying platform of the system and
the implementation technologies. During the policy modeling process, system
requirements, organizational security and privacy policies, and organizational
structures are analyzed to specify access control policies. In particular, orga-
nizational complexity introduces the challenge that it is dicult to identify
and agree upon a set of roles (or groups) and associated permissions (
grant
or
deny
) within an organization that may have hundreds of roles (or groups).
Several approaches have been proposed in the area of policy modeling
with UML. Brose et al. [3] propose integrating access control design into the
software development process by extending UML to specify access control
policies. This approach does not emphasize the compliance between different
levels of the policies, requirements, and system designs. Jurjens proposes in
[8] to specify requirements for confidentiality and integrity in analysis models,
also on the basis of UML. Their underlying security models are multi-level
security and mandatory access control.
In the area of models for RBAC, Lodderstedt et al. [14] proposes a mod-
eling language for integrating the specifications for RBAC into application
models. These approaches focus more on system implementation represen-
tations that are not easy for the business stakeholders to capture for the
enterprise-scale security requirements at a higher business level.
Johnston introduces an approach in [13] that provides a set of primitive
modeling elements to allow the users to specify the intention of the security
within the requirements process. They generalize the security issues as four
domains:
Privacy
,
Authentication
,
Authorization
,and
Audit
. Figure 9
demonstrates the dependencies between these four domains. For example, it
is not possible to implement authorization without authentication. On the
other hand both authorization and authentication rely on auditing, not for
