Reconstructing a formal security model

Gail Joon Ahn, Seung Phil Hong, Michael E. Shin

Research output: Contribution to journalArticlepeer-review

4 Scopus citations


Role-based access control (RBAC) is a flexible approach to access control, which has generated great interest in the security community. The principal motivation behind RBAC is to simplify the complexity of administrative tasks. Several formal models of RBAC have been introduced. However, there are a few works specifying RBAC in a way which system developers or software engineers can easily understand and adopt to develop role-based systems. And there still exists a demand to have a practical representation of well-known access control models for system developers who work on secure system development. In this paper we represent a well-known RBAC model with software engineering tools such as Unified Modeling Language (UML) and Object Constraints Language (OCL) to reduce a gap between security models and system developments. The UML is a general-purpose visual modeling language in which we can specify, visualize, and document the components of a software system. And OCL is part of the UML and has been used for object-oriented analysis and design as a de facto constraints specification language in software engineering arena. Our representation is based on a standard model for RBAC proposed by the National Institute of Standards and Technology. We specify this RBAC model with UML including three views: static view, functional view, and dynamic view. We also describe how OCL can specify RBAC constraints that is one of important aspects to constrain what components in RBAC are allowed to do. In addition, we briefly discuss future directions of this work.

Original languageEnglish (US)
Pages (from-to)649-657
Number of pages9
JournalInformation and Software Technology
Issue number11
StatePublished - Aug 15 2002
Externally publishedYes


  • Access control
  • Formal model
  • Role-based
  • UML

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Computer Science Applications


Dive into the research topics of 'Reconstructing a formal security model'. Together they form a unique fingerprint.

Cite this