Analysis of protecti... Theses on offer Combination of relia...

Diploma thesis

Formale Beschreibung von Datenschutzmechanismen mit automatischer Codegenerierung

(Original Title:Formale Beschreibung von Datenschutzmechanismen mit automatischer Codegenerierung)

 

Abstract

The goal of this work was to find a notation of data protection mechanisms and to automatically generate code from this notation. Two modern technology platforms, Java and the .NET Framework, were examined to find security mechanisms offered by them. The mechanisms have been compared and similarities have been worked out. The possible security mechanisms were abstracted on basis of these similarities and a language was developed to represent them. The language PIUS (Platform independent UML Security) can be used in the design with UML, to enrich a software application with aspects of security. This includes: Access control for methods and attributes of classes with role-based access control, enhanced by preconditions, security actions and event logging. Cryptography mechanisms like automatic object encryption, hashing and digital signatures. Syntax and semantics of PIUS have been defined. Two methods of notation for PIUS language construct were designed, by UML notes and Tagged Values. The language was integrated in the UML design tool Borland Together, which can thus be used to develop the security model of a software application. Furthermore a program ErlSecTool was realized which can generate C# source code from security mechanisms modelled with PIUS. The ErlSecTool reads the model of a developed application, exported into a XMI file by Borland Together, and checks the well-formedness of the contained PIUS language constructs. The ErlSecTool has been developed flexible to allow an extension for generation of java source code at a later time. Borland Together and the ErlSecTool allow automatic generation of source code for software applications, which have been modelled from scratch with security mechanisms, as well as to enrich existing source code with security mechanisms by reverse engineering. The application of PIUS has been demonstrated in several examples.

Author: Raoul Plettke

Tutor: Dipl.-Math. Jens Palluch