Leveraging UML for security engineering and enforcement in a collaboration on duty and adaptive workflow model that extends NIST RBAC

Solomon Berhe; Steven Demurjian; Swapna Gokhale; Jaime Pavlich-Mariscal; Rishi Saripalle

doi:10.1007/978-3-642-22348-8_25

Leveraging UML for security engineering and enforcement in a collaboration on duty and adaptive workflow model that extends NIST RBAC

Solomon Berhe, Steven Demurjian, Swapna Gokhale, Jaime Pavlich-Mariscal, Rishi Saripalle

Producción: Capítulo del libro/informe/acta de congreso › Contribución a la conferencia › revisión exhaustiva

7 Citas (Scopus)

Resumen

To facilitate collaboration in the patient-centered medical home (PCMH), our prior work extended the NIST role-based access control (RBAC) model to yield a formal collaboration on duty and adaptive workflow (COD/AWF) model. The next logical step is to place this work into the context of an integrated software process for security engineering from design through enforcement. Towards this goal, we promote a secure software engineering process that leverages an extended unified modeling language (UML) to visualize COD/AWF policies to achieve a solution that separates concerns while still providing the means to securely engineer dynamic collaborations for applications such as the PCMH. Once defined, these collaboration UML diagrams can be utilized to generate the corresponding aspect oriented policy code upon which the enforcement mechanism can be applied to at runtime.

Idioma original	Inglés
Título de la publicación alojada	Data and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings
Páginas	293-300
Número de páginas	8
DOI	https://doi.org/10.1007/978-3-642-22348-8_25
Estado	Publicada - 2011
Evento	25th Annual WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2011 - Richmond, VA, Estados Unidos Duración: 11 jul. 2011 → 13 jul. 2011

Serie de la publicación

Nombre	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volumen	6818 LNCS
ISSN (versión impresa)	0302-9743
ISSN (versión digital)	1611-3349

Conferencia

Conferencia	25th Annual WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2011
País/Territorio	Estados Unidos
Ciudad	Richmond, VA
Período	11/07/11 → 13/07/11

Acceder al documento

10.1007/978-3-642-22348-8_25

Otros archivos y enlaces

Enlace a la publicación en Scopus

Citar esto

Berhe, S., Demurjian, S., Gokhale, S., Pavlich-Mariscal, J., & Saripalle, R. (2011). Leveraging UML for security engineering and enforcement in a collaboration on duty and adaptive workflow model that extends NIST RBAC. En Data and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings (pp. 293-300). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6818 LNCS). https://doi.org/10.1007/978-3-642-22348-8_25

Berhe, Solomon ; Demurjian, Steven ; Gokhale, Swapna et al. / Leveraging UML for security engineering and enforcement in a collaboration on duty and adaptive workflow model that extends NIST RBAC. Data and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings. 2011. pp. 293-300 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{7af78fc6af524db19d5c448ccfc24faf,

title = "Leveraging UML for security engineering and enforcement in a collaboration on duty and adaptive workflow model that extends NIST RBAC",

abstract = "To facilitate collaboration in the patient-centered medical home (PCMH), our prior work extended the NIST role-based access control (RBAC) model to yield a formal collaboration on duty and adaptive workflow (COD/AWF) model. The next logical step is to place this work into the context of an integrated software process for security engineering from design through enforcement. Towards this goal, we promote a secure software engineering process that leverages an extended unified modeling language (UML) to visualize COD/AWF policies to achieve a solution that separates concerns while still providing the means to securely engineer dynamic collaborations for applications such as the PCMH. Once defined, these collaboration UML diagrams can be utilized to generate the corresponding aspect oriented policy code upon which the enforcement mechanism can be applied to at runtime.",

author = "Solomon Berhe and Steven Demurjian and Swapna Gokhale and Jaime Pavlich-Mariscal and Rishi Saripalle",

year = "2011",

doi = "10.1007/978-3-642-22348-8_25",

language = "English",

isbn = "9783642223471",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "293--300",

booktitle = "Data and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings",

note = "25th Annual WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2011 ; Conference date: 11-07-2011 Through 13-07-2011",

}

Berhe, S, Demurjian, S, Gokhale, S, Pavlich-Mariscal, J & Saripalle, R 2011, Leveraging UML for security engineering and enforcement in a collaboration on duty and adaptive workflow model that extends NIST RBAC. En Data and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6818 LNCS, pp. 293-300, 25th Annual WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2011, Richmond, VA, Estados Unidos, 11/07/11. https://doi.org/10.1007/978-3-642-22348-8_25

Leveraging UML for security engineering and enforcement in a collaboration on duty and adaptive workflow model that extends NIST RBAC. / Berhe, Solomon; Demurjian, Steven; Gokhale, Swapna et al.
Data and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings. 2011. p. 293-300 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6818 LNCS).

Producción: Capítulo del libro/informe/acta de congreso › Contribución a la conferencia › revisión exhaustiva

TY - GEN

T1 - Leveraging UML for security engineering and enforcement in a collaboration on duty and adaptive workflow model that extends NIST RBAC

AU - Berhe, Solomon

AU - Demurjian, Steven

AU - Gokhale, Swapna

AU - Pavlich-Mariscal, Jaime

AU - Saripalle, Rishi

PY - 2011

Y1 - 2011

N2 - To facilitate collaboration in the patient-centered medical home (PCMH), our prior work extended the NIST role-based access control (RBAC) model to yield a formal collaboration on duty and adaptive workflow (COD/AWF) model. The next logical step is to place this work into the context of an integrated software process for security engineering from design through enforcement. Towards this goal, we promote a secure software engineering process that leverages an extended unified modeling language (UML) to visualize COD/AWF policies to achieve a solution that separates concerns while still providing the means to securely engineer dynamic collaborations for applications such as the PCMH. Once defined, these collaboration UML diagrams can be utilized to generate the corresponding aspect oriented policy code upon which the enforcement mechanism can be applied to at runtime.

AB - To facilitate collaboration in the patient-centered medical home (PCMH), our prior work extended the NIST role-based access control (RBAC) model to yield a formal collaboration on duty and adaptive workflow (COD/AWF) model. The next logical step is to place this work into the context of an integrated software process for security engineering from design through enforcement. Towards this goal, we promote a secure software engineering process that leverages an extended unified modeling language (UML) to visualize COD/AWF policies to achieve a solution that separates concerns while still providing the means to securely engineer dynamic collaborations for applications such as the PCMH. Once defined, these collaboration UML diagrams can be utilized to generate the corresponding aspect oriented policy code upon which the enforcement mechanism can be applied to at runtime.

UR - http://www.scopus.com/inward/record.url?scp=79960266684&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-22348-8_25

DO - 10.1007/978-3-642-22348-8_25

M3 - Conference contribution

AN - SCOPUS:79960266684

SN - 9783642223471

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 293

EP - 300

BT - Data and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings

T2 - 25th Annual WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2011

Y2 - 11 July 2011 through 13 July 2011

ER -

Berhe S, Demurjian S, Gokhale S, Pavlich-Mariscal J, Saripalle R. Leveraging UML for security engineering and enforcement in a collaboration on duty and adaptive workflow model that extends NIST RBAC. En Data and Applications Security and Privacy XXV - 25th Annual IFIP WG 11.3 Conference, DBSec 2011, Proceedings. 2011. p. 293-300. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-22348-8_25

Leveraging UML for security engineering and enforcement in a collaboration on duty and adaptive workflow model that extends NIST RBAC

Resumen

Serie de la publicación

Conferencia

Acceder al documento

Otros archivos y enlaces

Huella

Citar esto