作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2007, Vol. 33 ›› Issue (08): 86-88. doi: 10.3969/j.issn.1000-3428.2007.08.029

• 软件技术与数据库 • 上一篇    下一篇

软件系统UML建模与其安全建模的集成

张赛男,殷兆麟,刘厚泉   

  1. (中国矿业大学计算机学院,徐州 221008)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2007-04-20 发布日期:2007-04-20

Integration of UML Software System Modeling with Security Modeling

ZHANG Sainan, YIN Zhaolin, LIU Houquan   

  1. ZHANG Sainan, YIN Zhaolin, LIU Houquan
  • Received:1900-01-01 Revised:1900-01-01 Online:2007-04-20 Published:2007-04-20

摘要: 安全是现代软件系统不可缺少的一部分,但是,目前的软件系统建模一般都不涉及安全。系统安全策略和安全机制往往是开发人员在系统开发后期对系统的补充和措施的完善。这种不规范的处理为系统后期安全维护及系统之间的集成带来很大的隐患。该文通过学生成绩管理系统来讨论如何扩充UML图素、为系统安全访问控制策略建模,引入视图策略语言(VPL)描述角色与授权之间的关联,实现了软件系统UML建模与系统安全建模的集成。

关键词: UML, 访问控制策略, RBAC, 视图策略语言, 安全建模

Abstract: Security is an indispensable part of modern software system, However, the present software system modeling does not deal with security. System security policy and mechanism often become supplement at the end of system development. Such nonstandard security disposal brings much hidden trouble to security maintenance and system integration. Through a student grade management system, this paper talks about how to extend UML notation, modeling for system control policy about security access, how to use view policy language (VPL) to describe correlation of parts and warranty, and how to integrate software system modeling with system modeling securely.

Key words: UML, Access control policy, RBAC, VPL, Security modeling