Rollipõhise juurdepääsukontrolli mudelite teisendamise prototüüp
Date
2012
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Tartu Ülikool
Abstract
Rollipõhine juurdepääsukontroll on arvutisüsteemides laialtkasutatav mehhanism – see tagab turvalisuse, lubades ligipääsu ressurssidele vaid nendele kasutajatele, kel on selleks vastavad õigused. Rollipõhise juurdepääsukontrolli lahendusi on võimalik välja töötada selliste modelleerimiskeelte abil, nagu SecureUML ning UMLsec, mis mõlemad esitavad süsteemi disaini erinevatest vaatepunktidest. Mitme kooskõlalise mudeli koostamine võib aga osutuda keeruliseks ning aeganõudvaks ülesandeks. See võib omakorda vähendada rollipõhise juurdepääsukontrolli mudelite loomise motivatsiooni.
Ühe lahendusena võib pakkuda arendajale tööriista, mis kasutaks ühes keeles loodud mudelit, et selle põhjal automaatselt konstrueerida mudel teises keeles. Teisendatud mudel aga ei oleks täielik, kuna eelmainitud keeli kasutatakse osalt erineva informatsiooni kandmiseks. Tööriista eesmärk oleks vähendada vajadust teist mudelit koostades käsitsi informatsiooni kopeerida.
Selle töö raames arendatakse tööriista prototüüp, mis teisendab SecureUML mudeli UMLsec mudeliks ning vastupidi. See teostatakse Java programmeerimiskeeles ning pistikprogrammina professionaalsele UML modelleerimistööriistale MagicDraw. Rakendusele lisatakse menüüpunktid, millele vajutades käivitatakse teisendused: SecureUML keelest UMLsec keelde või vastupidi. Lisafunktsioonina arendatakse ka mõlema mudeli täielikkuse kontrollid, mille abil antakse kasutajale teada, kas kõik vajalikud elemendid on olemas. Need annavad kasutajale juhtnööre, kuidas teisendatud mudelit täiendada, kuna on teada, et pärast teisendust on teatud info uuelt mudelilt puudu. Teine lisakomponent võimaldab töödelda UMLsec märgendeid (ingl. k. association tags), mis on SecureUML ning UMLsec vaheliste teisenduste tähtis osa. Käesoleva töö raames on koostatud ka pistikprogrammi dokumentatsioon – nõuete analüüs, koodi dokumentatsioon ning kasutusjuhend – mille eesmärk on tagada prototüübi mõistmine ning aidata kaasa selle edasiarendamisele tulevikus.
Role-based access control is a widely-used mechanism in computer systems – it ensures security by restricting resource access to only the system users with respective rights. The RBAC solutions can be engineered with the aid of modelling languages, such as SecureUML and UMLsec, which both present the system design from different viewpoints. Creating multiple coherent models, however, may turn out to be a non-trivial and time-consuming task. This, in turn, may dramatically lessen the motivation to create role-based access control models altogether. As a solution to the problem above, developers could be provided a software tool, which inputs a model in one language and transforms it into the model of another. The transformed model, however, would not be complete, since the two languages are used to represent somewhat different information. The aim of such a tool would be to diminish the necessity to manually copy information, when creating a second model. With this thesis, a prototype tool is developed, which enables the transformation of a SecureUML model to a UMLsec model and vice versa. The tool is implemented in the Java programming language, as a plug-in to the professional UML modelling tool MagicDraw. Menu items are added to the application, which trigger transformations: information is collected from a model in the UMLsec or SecureUML language and, based on that, a new model in the other language is created. As an additional function, completion checks are developed for both models to inform the user of whether all necessary language elements are present. They should act as guides for the user on how to improve the transformed model, since after transformations some information is known to be absent from the new model. Another additional component is the support for manipulating UMLsec association tags, which are an integral part of transformations between the SecureUML and UMLsec languages. The documentation – requirements, code documentation and user manual – is also provided in this paper and are supposed to contribute to the further development as well as understanding of the prototype.
Role-based access control is a widely-used mechanism in computer systems – it ensures security by restricting resource access to only the system users with respective rights. The RBAC solutions can be engineered with the aid of modelling languages, such as SecureUML and UMLsec, which both present the system design from different viewpoints. Creating multiple coherent models, however, may turn out to be a non-trivial and time-consuming task. This, in turn, may dramatically lessen the motivation to create role-based access control models altogether. As a solution to the problem above, developers could be provided a software tool, which inputs a model in one language and transforms it into the model of another. The transformed model, however, would not be complete, since the two languages are used to represent somewhat different information. The aim of such a tool would be to diminish the necessity to manually copy information, when creating a second model. With this thesis, a prototype tool is developed, which enables the transformation of a SecureUML model to a UMLsec model and vice versa. The tool is implemented in the Java programming language, as a plug-in to the professional UML modelling tool MagicDraw. Menu items are added to the application, which trigger transformations: information is collected from a model in the UMLsec or SecureUML language and, based on that, a new model in the other language is created. As an additional function, completion checks are developed for both models to inform the user of whether all necessary language elements are present. They should act as guides for the user on how to improve the transformed model, since after transformations some information is known to be absent from the new model. Another additional component is the support for manipulating UMLsec association tags, which are an integral part of transformations between the SecureUML and UMLsec languages. The documentation – requirements, code documentation and user manual – is also provided in this paper and are supposed to contribute to the further development as well as understanding of the prototype.