System and method for multi-level security filtering of model representations

US 8,099,711 B2
Filed: 01/08/2008
Issued: 01/17/2012
Est. Priority Date: 01/08/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method, in a data processing system comprising a processor and a memory, for modifying an original model based on a security level of a user, comprising:

receiving a user request for access to the original model;

identifying a security level associated with the user;

comparing the security level of the user with security characteristic information of one or more model elements within the original model;

modifying the original model based on results of the comparison and application of one or more transformation rules, to model elements and their relationships in the original model, for transforming the original model into a modified model based on the security level of the user; and

presenting the modified model to the user in response to the user request for access to the original model.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for multi-level security filtering of model representations. Elements of an architecture and systems engineering model have associated security characteristics identifying the required level of security that a user must have in order to be able to obtain access to information about that element of the model. Based on these security characteristics and the security level of a user attempting to access the model, the content of the model is modified such that elements that are not accessible by a user having that security level are obscured or not visible to the user. The other elements of the model which are accessible by the user based on his/her security level are modified in the modified model so as to not provide information that would disclose the nature, character, or in some cases even the presence, of the elements that are not accessible by the user based on his/her security level.

16 Citations

View as Search Results

20 Claims

1. A method, in a data processing system comprising a processor and a memory, for modifying an original model based on a security level of a user, comprising:
- receiving a user request for access to the original model;
  
  identifying a security level associated with the user;
  
  comparing the security level of the user with security characteristic information of one or more model elements within the original model;
  
  modifying the original model based on results of the comparison and application of one or more transformation rules, to model elements and their relationships in the original model, for transforming the original model into a modified model based on the security level of the user; and
  
  presenting the modified model to the user in response to the user request for access to the original model.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the original model is a Unified Modeling Language (UML) model generated using the UML profile for DoDAF/MODAF (UPDM) standard.
  - 3. The method of claim 1, wherein modifying the original model based on results of the comparison and one or more transformation rules comprises determining a representation option for the original model, wherein the representation option identifies a manner by which elements in the original model that are transformed by the one or more transformation rules are represented in the modified model, and wherein the modified model has a representation different from a representation of the original model, based on the representation option and the one or more transformation rules.
  - 4. The method of claim 3, wherein the representation option is at least one of a black box representation option or a hidden element representation option.
  - 5. The method of claim 4, wherein in response to a determination that the representation option is a black box representation option, elements of the original model having security characteristic information indicating a required security level higher than the security level of the user are replaced with a black box representation in the modified model that does not provide details of the elements.
  - 6. The method of claim 4, wherein in response to a determination that the representation option is a hidden representation option, elements of the original model having security characteristic information indicating a required security level higher than the security level of the user are removed from a representation of the modified model.
  - 7. The method of claim 6, wherein in response to a determination that the representation option is a hidden representation option, user edits to elements of the modified model coupled, in the original model, to hidden elements in the modified model are prohibited.
  - 8. The method of claim 1, wherein modifying the original model based on results of the comparison and application of one or more transformation rules for transforming the original model into a modified model based on the security level of the user comprises retrieving a previously modified version of the original model associated with the security level of the user in response to receiving the user request for access to the original model, and wherein presenting the modified model to the user comprises presenting the previously modified version of the original model.
  - 9. The method of claim 3, wherein determining a representation option for the original model comprises automatically determining a representation option for each element of the original model based on a determined difference in the security level of the user and a required security level specified in security characteristic information associated with the element.
  - 10. The method of claim 1, wherein presenting the modified model to the user comprises presenting the modified model to the user via a model editing engine, wherein the modified model prevents the user from accessing information about elements of the original model for which the user does not have a required security level, and wherein, via the modified model, the user is able to access information about elements of the original model for which the user has a required security level.

11. A computer program product comprising a computer useable readable storage medium having a computer readable program stored thereon, wherein the computer readable program, when executed on a computing device, causes the computing device to:
- receive a user request for access to the original model;
  
  identify a security level associated with the user;
  
  compare the security level of the user with security characteristic information of one or more model elements within the original model;
  
  modify the original model based on results of the comparison and application of one or more transformation rules, to model elements and their relationships in the original model, for transforming the original model into a modified model based on the security level of the user; and
  
  present the modified model to the user in response to the user request for access to the original model.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The computer program product of claim 11, wherein the computer readable program further causes the computing device to modify the original model based on results of the comparison and one or more transformation rules by determining a representation option for the original model, wherein the representation option identifies a manner by which elements in the original model that are transformed by the one or more transformation rules are represented in the modified model, and wherein the modified model has a representation different from a representation of the original model, based on the representation option and the one or more transformation rules.
  - 13. The computer program product of claim 12, wherein the representation option is at least one of a black box representation option or a hidden element representation option.
  - 14. The computer program product of claim 13, wherein in response to a determination that the representation option is a black box representation option, elements of the original model having security characteristic information indicating a required security level higher than the security level of the user are replaced with a black box representation in the modified model that does not provide details of the elements.
  - 15. The computer program product of claim 13, wherein in response to a determination that the representation option is a hidden representation option, elements of the original model having security characteristic information indicating a required security level higher than the security level of the user are removed from a representation of the modified model.
  - 16. The computer program product of claim 15, wherein in response to a determination that the representation option is a hidden representation option, user edits to elements of the modified model coupled, in the original model, to hidden elements in the modified model are prohibited.
  - 17. The computer program product of claim 11, wherein the computer readable program further causes the computing device to modify the original model based on results of the comparison and application of one or more transformation rules for transforming the original model into a modified model based on the security level of the user by retrieving a previously modified version of the original model associated with the security level of the user in response to receiving the user request for access to the original model, and wherein the computer readable program further causes the computing device to present the modified model to the user by presenting the previously modified version of the original model.
  - 18. The computer program product of claim 12, wherein the computer readable program further causes the computing device to determine a representation option for the original model by automatically determining a representation option for each element of the original model based on a determined difference in the security level of the user and a required security level specified in security characteristic information associated with the element.
  - 19. The computer program product of claim 11, wherein the computer readable program further causes the computing device to present the modified model to the user by presenting the modified model to the user via a model editing engine, wherein the modified model prevents the user from accessing information about elements of the original model for which the user does not have a required security level, and wherein, via the modified model, the user is able to access information about elements of the original model for which the user has a required security level.

20. A system comprising:
- a processor; and
  
  a memory coupled to the processor, wherein the memory comprises instructions which, when executed by the processor, cause the processor to;
  
  receive a user request for access to the original model;
  
  identify a security level associated with the user;
  
  compare the security level of the user with security characteristic information of one or more model elements within the original model;
  
  modify the original model based on results of the comparison and application of one or more transformation rules, to model elements and their relationships in the original model, for transforming the original model into a modified model based on the security level of the user; and
  
  present the modified model to the user in response to the user request for access to the original model.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bahrs, Paul J., Bahrs, Peter C., Cornell, Kevin J., Hovater, Steven V., Kortright, Enrique V., Mervine, Fred M.
Primary Examiner(s)
WANG, RONGFA PHILIP

Application Number

US11/970,959
Publication Number

US 20090178019A1
Time in Patent Office

1,470 Days
Field of Search

717/105
US Class Current

717/105
CPC Class Codes

G06F 21/62 Protecting access to data v...

G06F 2221/2145 Inheriting rights or proper...

System and method for multi-level security filtering of model representations

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and method for multi-level security filtering of model representations

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others