TY - CHAP
T1 - An integrated secure software engineering approach for functional, collaborative, and information concerns
AU - Pavlich-Mariscal, J. A.
AU - Berhe, S.
AU - De La Rosa Algarín, A.
AU - Demurjian, S.
N1 - Publisher Copyright:
© 2014 by IGI Global. All rights reserved.
PY - 2014/4/30
Y1 - 2014/4/30
N2 - This chapter explores a secure software engineering approach that spans functional (object-oriented), collaborative (sharing), and information (Web modeling and exchange) concerns in support of role-based (RBAC), discretionary (DAC), and mandatory (MAC) access control. By extending UML with security diagrams for RBAC, DAC, and MAC, we are able to design an application with all of its concerns, and not defer security to a later time in the design process that could have significant impact and require potentially wide-ranging changes to a nearly completed design. Through its early inclusion in the software design process, security concerns can be part of the application design process, providing separate abstractions for security via new UML diagrams. From these new UML diagrams, it is then possible to generate security policies and enforcement code for RBAC, DAC, and MAC, which separates security from the application. This modeling and generation allows security changes to have less of an impact on an application. The end result is a secure software engineering approach within a UML context that is capable of modeling an application's functional, collaborative, and information concerns. This is explored in this chapter.
AB - This chapter explores a secure software engineering approach that spans functional (object-oriented), collaborative (sharing), and information (Web modeling and exchange) concerns in support of role-based (RBAC), discretionary (DAC), and mandatory (MAC) access control. By extending UML with security diagrams for RBAC, DAC, and MAC, we are able to design an application with all of its concerns, and not defer security to a later time in the design process that could have significant impact and require potentially wide-ranging changes to a nearly completed design. Through its early inclusion in the software design process, security concerns can be part of the application design process, providing separate abstractions for security via new UML diagrams. From these new UML diagrams, it is then possible to generate security policies and enforcement code for RBAC, DAC, and MAC, which separates security from the application. This modeling and generation allows security changes to have less of an impact on an application. The end result is a secure software engineering approach within a UML context that is capable of modeling an application's functional, collaborative, and information concerns. This is explored in this chapter.
UR - http://www.scopus.com/inward/record.url?scp=84945999104&partnerID=8YFLogxK
U2 - 10.4018/978-1-4666-6026-7.ch015
DO - 10.4018/978-1-4666-6026-7.ch015
M3 - Chapter
AN - SCOPUS:84945999104
SN - 9781466660274
SP - 330
EP - 368
BT - Handbook of Research on Emerging Advancements and Technologies in Software Engineering
PB - IGI Global
ER -