A Formal Framework for Secure Design and Constraint Checking in UML

The design of software applications using the unified modeling language, UML, embodies an incremental process, transitioning a design from state to state over time. The integration of security into this process is critical to satisfy an application's security requirements. This paper reports on a formal approach that incorporates Role-Based Access Control (RBAC), Mandatory Access Control (MAC), and lifetimes, with constraint checking, into UML for time-sensitive application design. The resulting framework promotes secure software design by tracking an application's security requirements as UML elements and connections are added, modified, and deleted. It also captures snapshots of each design state by checking constraints on security satisfaction properties for the design.