04-035: Method and System for Implementing Security Policies in Software Development Tools

This technology is a method and framework that extends the Unified Modeling Language (UML) to help software developers easily adopt access and flow control policies in a unified way into their software development tools.

The method is a set of related elements that enforces the representation and modeling of dynamic access and flow control policies with the UML, negative authorizations and inherited authorizations. The framework is used to verify the compliance of the access and flow control requirements against the access and flow control policies.

- An easy to adapt language to specify and model access and flow control requirements
- Verifies the proper enforcement of information flow control policies
- Ensures analyzed access control requirements are consistent, complete and control-free
- Detects improper information flow as early as possible
- Cuts project costs and time
- Helps provide more secure systems
- Permits non-security experts to represent access control models, such as Role-Based Access Control (RBAC) and workflow policies in an uncomplicated manner
- Flexible

Market Significance:
The software industry has a long felt need to integrate security with other functional requirements as early as possible during the requirements specification and analysis phases of the software development life cycle. Achieving this goal not only improves the security of the software and reduces maintenance costs, but also results in high quality, consistent software.