To main content

Compositional Refinement of Policies in UML – Exemplified for Access Control

Abstract

The UML is the de facto standard for system specification, but offers little specialized support for the specification and analysis of policies. This paper presents Deontic STAIRS, an extension of the UML sequence diagram notation with customized constructs for policy specification. The notation is underpinned by a denotational trace semantics. We formally define what it means that a system satisfies a policy specification, and introduce a notion of policy refinement. We prove that the refinement relation is transitive and compositional, thus supporting a stepwise and modular specification process. The approach is exemplified with access control policies.

Category

Report

Client

  • SINTEF AS / 90B22000 / 90B245

Language

English

Author(s)

Affiliation

  • SINTEF Digital / Software and Service Innovation

Year

2009

Publisher

SINTEF

Issue

A11359

ISBN

9788214044362

View this publication at Cristin