Leveraging UML for security engineering and enforcement in a collaboration on duty and adaptive workflow model that extends NIST RBAC

Solomon Berhe, Steven Demurjian, Swapna Gokhale, Jaime Pavlich-Mariscal, Rishi Saripalle

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

7 Scopus citations

Abstract

To facilitate collaboration in the patient-centered medical home (PCMH), our prior work extended the NIST role-based access control (RBAC) model to yield a formal collaboration on duty and adaptive workflow (COD/AWF) model. The next logical step is to place this work into the context of an integrated software process for security engineering from design through enforcement. Towards this goal, we promote a secure software engineering process that leverages an extended unified modeling language (UML) to visualize COD/AWF policies to achieve a solution that separates concerns while still providing the means to securely engineer dynamic collaborations for applications such as the PCMH. Once defined, these collaboration UML diagrams can be utilized to generate the corresponding aspect oriented policy code upon which the enforcement mechanism can be applied to at runtime.

Original languageEnglish
Title of host publicationData and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings
Pages293-300
Number of pages8
DOIs
StatePublished - 2011
Event25th Annual WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2011 - Richmond, VA, United States
Duration: 11 Jul 201113 Jul 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6818 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference25th Annual WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2011
Country/TerritoryUnited States
CityRichmond, VA
Period11/07/1113/07/11

Fingerprint

Dive into the research topics of 'Leveraging UML for security engineering and enforcement in a collaboration on duty and adaptive workflow model that extends NIST RBAC'. Together they form a unique fingerprint.

Cite this