{"id":"https://openalex.org/W2043723411","doi":"https://doi.org/10.1145/1029133.1029144","title":"MAC and UML for secure software design","display_name":"MAC and UML for secure software design","publication_year":2004,"publication_date":"2004-10-29","ids":{"openalex":"https://openalex.org/W2043723411","doi":"https://doi.org/10.1145/1029133.1029144","mag":"2043723411"},"language":"en","primary_location":{"id":"doi:10.1145/1029133.1029144","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1029133.1029144","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2004 ACM workshop on Formal methods in security engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5113676769","display_name":"Thuong Doan","orcid":null},"institutions":[{"id":"https://openalex.org/I140172145","display_name":"University of Connecticut","ror":"https://ror.org/02der9h97","country_code":"US","type":"education","lineage":["https://openalex.org/I140172145"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Thuong Doan","raw_affiliation_strings":["University of Connecticut, Storrs, CT"],"affiliations":[{"raw_affiliation_string":"University of Connecticut, Storrs, CT","institution_ids":["https://openalex.org/I140172145"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063737128","display_name":"Steven A. Demurjian","orcid":null},"institutions":[{"id":"https://openalex.org/I140172145","display_name":"University of Connecticut","ror":"https://ror.org/02der9h97","country_code":"US","type":"education","lineage":["https://openalex.org/I140172145"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Steven Demurjian","raw_affiliation_strings":["University of Connecticut, Storrs, CT"],"affiliations":[{"raw_affiliation_string":"University of Connecticut, Storrs, CT","institution_ids":["https://openalex.org/I140172145"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5113033663","display_name":"T. C. Ting","orcid":null},"institutions":[{"id":"https://openalex.org/I140172145","display_name":"University of Connecticut","ror":"https://ror.org/02der9h97","country_code":"US","type":"education","lineage":["https://openalex.org/I140172145"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"T. C. Ting","raw_affiliation_strings":["University of Connecticut, Storrs, CT"],"affiliations":[{"raw_affiliation_string":"University of Connecticut, Storrs, CT","institution_ids":["https://openalex.org/I140172145"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5059257705","display_name":"Andreas Ketterl","orcid":null},"institutions":[{"id":"https://openalex.org/I140172145","display_name":"University of Connecticut","ror":"https://ror.org/02der9h97","country_code":"US","type":"education","lineage":["https://openalex.org/I140172145"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Andreas Ketterl","raw_affiliation_strings":["University of Connecticut, Storrs, CT"],"affiliations":[{"raw_affiliation_string":"University of Connecticut, Storrs, CT","institution_ids":["https://openalex.org/I140172145"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5113676769"],"corresponding_institution_ids":["https://openalex.org/I140172145"],"apc_list":null,"apc_paid":null,"fwci":20.884,"has_fulltext":false,"cited_by_count":48,"citation_normalized_percentile":{"value":0.99106094,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"75","last_page":"85"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/class-diagram","display_name":"Class diagram","score":0.758495569229126},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7528512477874756},{"id":"https://openalex.org/keywords/sequence-diagram","display_name":"Sequence diagram","score":0.727746844291687},{"id":"https://openalex.org/keywords/applications-of-uml","display_name":"Applications of UML","score":0.7019094228744507},{"id":"https://openalex.org/keywords/uml-tool","display_name":"UML tool","score":0.671389102935791},{"id":"https://openalex.org/keywords/unified-modeling-language","display_name":"Unified Modeling Language","score":0.6034615635871887},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.5272347331047058},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.5222866535186768},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.46454834938049316},{"id":"https://openalex.org/keywords/activity-diagram","display_name":"Activity diagram","score":0.4430374503135681},{"id":"https://openalex.org/keywords/use-case-diagram","display_name":"Use Case Diagram","score":0.431379497051239},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.4127444326877594},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.33023449778556824},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.21714824438095093},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.14901074767112732},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.08327406644821167}],"concepts":[{"id":"https://openalex.org/C202446494","wikidata":"https://www.wikidata.org/wiki/Q664166","display_name":"Class diagram","level":4,"score":0.758495569229126},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7528512477874756},{"id":"https://openalex.org/C153185123","wikidata":"https://www.wikidata.org/wiki/Q1391624","display_name":"Sequence diagram","level":4,"score":0.727746844291687},{"id":"https://openalex.org/C41298492","wikidata":"https://www.wikidata.org/wiki/Q4781506","display_name":"Applications of UML","level":4,"score":0.7019094228744507},{"id":"https://openalex.org/C146939238","wikidata":"https://www.wikidata.org/wiki/Q2467310","display_name":"UML tool","level":4,"score":0.671389102935791},{"id":"https://openalex.org/C145644426","wikidata":"https://www.wikidata.org/wiki/Q169411","display_name":"Unified Modeling Language","level":3,"score":0.6034615635871887},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.5272347331047058},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.5222866535186768},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.46454834938049316},{"id":"https://openalex.org/C64219723","wikidata":"https://www.wikidata.org/wiki/Q423262","display_name":"Activity diagram","level":4,"score":0.4430374503135681},{"id":"https://openalex.org/C161756209","wikidata":"https://www.wikidata.org/wiki/Q613423","display_name":"Use Case Diagram","level":5,"score":0.431379497051239},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.4127444326877594},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.33023449778556824},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.21714824438095093},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.14901074767112732},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.08327406644821167}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/1029133.1029144","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1029133.1029144","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2004 ACM workshop on Formal methods in security engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.89.1628","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.89.1628","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.engr.uconn.edu/~thuong/pub/TDoan_FMSE04_MAC_UML.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.94.2751","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.94.2751","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://ce.sharif.edu/~rezaeeyan/pdf/Ifip2004Draft- RBACMAC Security Analysis and Design for UML.some of references for the paper/SAM2004Draft-MAC and UML for Secure Software Design.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W14205470","https://openalex.org/W89695427","https://openalex.org/W179373627","https://openalex.org/W1486178352","https://openalex.org/W1507924933","https://openalex.org/W1524147119","https://openalex.org/W1543582855","https://openalex.org/W1605502983","https://openalex.org/W1969402593","https://openalex.org/W1977936255","https://openalex.org/W1981973377","https://openalex.org/W1988493586","https://openalex.org/W2008520402","https://openalex.org/W2015019160","https://openalex.org/W2099293367","https://openalex.org/W2105706607","https://openalex.org/W2134296086","https://openalex.org/W2139907081","https://openalex.org/W2148952798","https://openalex.org/W2149185259","https://openalex.org/W2151518442","https://openalex.org/W2154765153","https://openalex.org/W2159765281","https://openalex.org/W2752885492","https://openalex.org/W3145128584"],"related_works":["https://openalex.org/W49654776","https://openalex.org/W3090430358","https://openalex.org/W626616041","https://openalex.org/W2359432981","https://openalex.org/W2169545927","https://openalex.org/W2737024551","https://openalex.org/W2914561978","https://openalex.org/W2354107069","https://openalex.org/W2058198319","https://openalex.org/W4238315139"],"abstract_inverted_index":{"Security":[0],"must":[1],"be":[2],"a":[3,49,170],"first":[4],"class":[5,80,101],"citizen":[6],"in":[7,40,198],"the":[8,22,37,44,73,83,94,100,107,156,188,206],"design":[9,42],"of":[10,21,36,75,97,99,109,158,200,210],"large":[11],"scale,":[12],"interacting,":[13],"software":[14,41,57,191,202,215],"applications,":[15],"at":[16],"early":[17],"and":[18,26,33,55,86,90,115,150,160,179,184,193,208],"all":[19],"stages":[20],"lifecycle,":[23],"for":[24,51,65,72,82,93,106,112,155,162,172,220],"accurate":[25],"precise":[27],"policy":[28],"definition,":[29],"authorization,":[30],"authentication,":[31],"enforcement,":[32],"assurance.":[34],"One":[35],"dominant":[38],"players":[39],"is":[43,131],"<i>unified":[45],"modeling":[46],"language,":[47],"UML,</i>":[48],"language":[50],"specifying,":[52],"visualizing,":[53],"constructing":[54],"documenting":[56],"artifacts.":[58],"In":[59,133,166],"UML,":[60],"diagrams":[61,81,114],"provide":[62,169],"alternate":[63],"perspectives":[64],"different":[66],"stakeholders,":[67],"e.g.:":[68],"<i>use":[69],"case":[70],"diagrams</i>":[71,92],"interaction":[74],"users":[76,176],"with":[77],"system":[78],"components,":[79],"static":[84],"classes":[85],"relationships":[87],"among":[88],"them,":[89],"<i>sequence":[91],"dynamic":[95],"behavior":[96],"instances":[98],"diagram.":[102],"However,":[103],"UML's":[104],"support":[105,154,199],"definition":[108,157],"security":[110,173,196],"requirements":[111],"these":[113],"their":[116],"constituent":[117],"elements":[118],"(e.g.,":[119],"actors,":[120],"systems,":[121],"use":[122,147,181],"cases,":[123],"classes,":[124],"instances,":[125],"include/extend/generalize":[126],"relationships,":[127],"methods,":[128],"data,":[129],"etc.)":[130],"lacking.":[132],"this":[134,138],"paper,":[135],"we":[136,168],"address":[137],"issue":[139],"by":[140],"incorporating":[141],"<i>mandatory":[142],"access":[143],"control":[144],"(MAC)</i>":[145],"into":[146,225],"case,":[148,182],"class,":[149,183],"sequence":[151,185],"diagrams,":[152,186],"providing":[153],"clearances":[159],"classifications":[161],"relevant":[163],"UML":[164,221],"elements.":[165],"addition,":[167],"framework":[171],"assurance":[174],"as":[175],"are":[177],"defining":[178],"evolving":[180],"bridging":[187],"gap":[189],"between":[190],"engineers":[192],"an":[194],"organization's":[195],"personnel":[197],"<i>secure":[201],"design</i>.":[203],"To":[204],"demonstrate":[205],"feasibility":[207],"utility":[209],"our":[211,217],"work":[212],"on":[213],"secure":[214],"design,":[216],"MAC":[218],"enhancements":[219],"have":[222],"been":[223],"integrated":[224],"Borland's":[226],"Together":[227],"Control":[228],"Center":[229],"Environment.":[230]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":2},{"year":2020,"cited_by_count":1},{"year":2015,"cited_by_count":3},{"year":2014,"cited_by_count":1},{"year":2013,"cited_by_count":2},{"year":2012,"cited_by_count":5}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}