MagicSNP - Extracting Access Control Semantics

MagicSNP is a CASE tool plugin for MagicDraw. Basically, this plugin allows to validate UWE's Navigation State Models and moreover to extract the corresponding navigation rules. By iterating recursively through all hierarchical states and by analyzing the incoming transitions, state names and tags, this tool fetches and converts the relevant information into a semi-structured data format (JSON). In addition, MagicSNP supports Secure Navigation Paths (SNPs). Within such navigation paths, a web application user with a certain role is only permitted to follow a limited number of paths in the intended order. Consequently, this plugin secures, accelerates and reduces the complexity of the handover between the modeling and the implementation progress of the web application development.

Installation of MagicSNP

To install the first stable release of MagicSNP, download the following ZIP archive and extract the including files to the plugins directory of your MagicDraw 16.8 installation:

• MagicSNP 1.0 (2012-08-12)

Additional Downloads

• Example MagicDraw project: TicketApplication mdzip, xmi
• Monitor Module to restrict a web application to the secure navigation paths that were exported by MagicSNP. The TicketApplication is added as prototypical web application which can be shielded by the Monitor Module.
  Follow the instructions given in the included Readme.txt
• MagicSNP sources 1.0

Publications

• Roman Schwienbacher: Extending UWE with Secure Navigation Paths. Bachelor thesis, 2012.
• Marianne Busch, Martín Ochoa, Roman Schwienbacher. Modeling, Enforcing and Testing Secure Navigation Paths for Web Applications. Technical Report, Ludwig-Maximilians-Universität München, 2013