authUML: a three-phased framework to analyze access control specifications in use cases

Abstract

Security requirements of a software product need to receive attention throughout its development life cycle. authUML is a framework based on logic programming that analyzes access control requirements in the requirements phase of the life cycle to ensure that they are consistent, complete and conflict-free. The framework is a customized version of Flexible Authorization Framework (FAF) of Jajodia et al. [9] suitable for Unified Modeling Language (UML) based requirement engineering. Our approach analyzes requirements on two levels: Use Cases and the conceptual operations [19]. authUML specifies policies to prevent inconsistent, incomplete and conflicting requirements before the developers proceed to the following phases of the development life cycle.