An extended object-oriented security model for high secure office environments

Abstract

In [S. Castano et al. (1992)], an object-oriented security model was proposed to protect documents in office environments. It defined role as a set of actions and responsibilities played by users to identify the operations that they can execute on documents. This scheme can make representation and realization easy while using modem object-oriented programming languages to model an information system. However, it simply considered the authorization of operation from an identified role to the document. The available time slot associated with this operation was not addressed. Moreover, actions and responsibilities to the access authorization of a peripheral device (such as the printer) were not specified. These characteristics are very important for a high-secure system in military or government that must protect information of different classifications against unauthorized access. After adoption of the UML 1.1 specification by the OMG membership in November 1997, Unified Modeling Language (UML) has been widely accepted as an object oriented software analysis/design methodology in the software engineering community. It provides most of the concepts and notations that are essential for documenting object oriented models. To demonstrate our approach, we have formulated security models for high secure office systems using the UML model.