Laboratoire d’Informatique de Grenoble
June 2012 (translated in january 2015)
Akram Idani, Yves Ledru
B4MSecure
User Manual
I.
II.
Setting up B4MSecure...........................................................................................................................2
Model creation .......................................................................................................................................3
II.1. Topcased Project .............................................................................................................................4
II.2. Editing and Structuring the model ..................................................................................................5
A. Création of the functional model ......................................................................................................5
B. Creation of the security model ..........................................................................................................7
III.
Generation of B specifications .........................................................................................................10
III.1.
Configuration ............................................................................................................................10
III.2.
Translation of the functional model ..........................................................................................12
III.3.
Extracting the instance of the security meta-model ..................................................................12
III.4.
Translation of the security model..............................................................................................14
IV. Analysis of the generated B specifications.......................................................................................14
1 / 14
Laboratoire d’Informatique de Grenoble
I.
June 2012 (translated in january 2015)
Akram Idani, Yves Ledru
Setting up B4MSecure
The B4MSecure tool is distributed as an Eclipse platform including all necessary plugins. It must be
executed with Java 1.6 or later. It can be downloaded from the following URL:
http://b4msecure.forge.imag.fr/
1. Unzip file B4MSecure.zip
2. Execute eclipse.exe
3. Create a workspace (named B4MSecure in the rest of this document)
4. Select “General / Existing Projects into Workspace” in menu “File / Import”, then click on “Next”.
5. In « Select root directory », select the « WS » directory located in the folder where you have
unziped B4MSecure.zip ; then, check both associated projects:
- fr.lig.vasco.selkis.ctm.example.uml2b
- Selkis_B4MSecure
Since these are Java projects, it is mandatory to check the « Copy projects into workspace » box.
Then click on « Finish ».
2 / 14
Laboratoire d’Informatique de Grenoble
June 2012 (translated in january 2015)
Akram Idani, Yves Ledru
B4MSecure is an Open Source tool, which takes the form of
two Eclipse projects:
1. fr.lig.vasco.selkis.ctm.example.uml2b : stores the java
rules which transform the functional class diagram into
B.
2. Selkis_B4MSecure :
– Includes QVTo rules which extract an instance of
the security meta-model from the stereotyped
UML model (file UML2SUML.qvto)
– Includes the templates generating B code from
an instance of the B meta-model
(file B2Text_AB4_0__B1_8_5.xpt)
– Includes templates to generate B code from the
security model (file BSecureSpec_RBAC.xpt)
– Allows to invoke the transformation engine from
the functional model to B, and the translation of
the security model.
File run.java orchestrates the whole transformation.
II.
Model creation
We use Topcased to edit the models used by B4MSecure. We expect the reader to be familiar with
this diagram editor, otherwise please refer to a Topcased tutorial. Topcased documentation is available
from http://www.topcased.org
3 / 14
Laboratoire d’Informatique de Grenoble
June 2012 (translated in january 2015)
Akram Idani, Yves Ledru
The topcased model used in the sequel of this manual can be downloaded from the following link
and imported as an Eclipse project:
http://b4msecure.forge.imag.fr/TopcasedB4MSecure.zip.
II.1.
Topcased Project
Create a new Topcased project :
1. In menu « File / New / Project”
2. Select « Topcased / Topcased Project »
In the sequel, the project will be named “TopcasedB4MSecure”
3. Right click on the “Model” folder of project “TopcasedB4MSecure” then click on « UML
Model with TOPCASED »
4. Name your model (we will name it « B4MSecureModel »)
5. In option « Diagram », select « Class diagram »
6. Click on « Finish ».
4 / 14
Laboratoire d’Informatique de Grenoble
II.2.
June 2012 (translated in january 2015)
Akram Idani, Yves Ledru
Editing and Structuring the model
First create two packages : the first one will store the functional model, and the second one will
store the security model. Let us name these packages « Functional » and « Policy ».
A. Création of the functional model
Double-click on package « Functional » and select « Class Diagram ». Build the following class
diagram:
In this class diagram, attribute « Data » is public and optional, and attribute « Valid » is private,
mandatory and initialized to « false ». The « {readOnly} » character of attribute « Valid » means that no
modification operation will be generated in the B specification for this attribute. Association
« mRecords » links medical records to a single patient, while a patient may have several medical
records. This association can be navigated in both directions. All these features are specified in the
“Properties” tab.
N.B.
1. Make sure to check « isUnique » for both ends in the « Properties » of « mRecords ». The tool
does not support the transformation of collections with redundant elements.
2. An attribute checked as « isUnique » has a unique value for each instance of the class. This
property is expressed in the B translation. In the above example, make sure to uncheck
« isUnique » for both “Data” and “Valid” attributes of class MedicalRecord. Actually, two
different instances of « MedicalRecord » may share the same value for these attributes.
5 / 14
Laboratoire d’Informatique de Grenoble
June 2012 (translated in january 2015)
Akram Idani, Yves Ledru
3. In order to use primitive types in Topcased, right-click on <Model> in the « Outline » panel and
choose « Import Primitive Types »
Predefined Opérations:
Getters and setters are generated automatically by the tool. Additional operations, e.g.
« validate » must be defined manually. Annotations are used to specify the pre-condition and body of
the operation. This is expressed by right-clicking on the « validate » operation and selecting « Create
child », then « EAnnotations », and finally « EAnnotation».
In the « Properties » tab of the annotation, enter « uml2b » in the « Source » field:
In the « Outline » panel, right-click on annotation « uml2b» and select « Create child / Details
EString To String Map Entry ».
6 / 14
Laboratoire d’Informatique de Grenoble
June 2012 (translated in january 2015)
Akram Idani, Yves Ledru
This allows to add details to the annotation as pairs of keys and values. Add the following pairs:
– Precondition / MedicalRecord__Valid(Instance) := TRUE
– Body / MedicalRecord__Valid(Instance) = FALSE
As a result, the specification of operation « validate » will be the following one:
MedicalRecord__validate(Instance)=
PRE
Instance : MedicalRecord
& MedicalRecord__Valid(Instance) = FALSE
/* Precondition generated from annotation*/
THEN
MedicalRecord__Valid(Instance) := TRUE
/* Body generated from annotation */
END;
B. Creation of the security model
Security profile
In order to create the security model, the security profile must be loaded. In the « Outline »
panel, right-click on <Model> and choose « Load Resource ». Then click on « Browse Workspace » and
choose file “ UML_CD_AC_profile.uml” from “ Selkis_B4MSecure/SelkisProfile”.
7 / 14
Laboratoire d’Informatique de Grenoble
June 2012 (translated in january 2015)
Akram Idani, Yves Ledru
The security profile must then be applied to the model. Therefore, in the « Outline » panel, rightclick on <Model> and choose « Apply Profile ». Add the “UML_CD_AC_profile” profile:
Editing the security model
Right click on the « Policy » package and select « Class Diagram ». Create three packages named
PatientAC, MedicalRecordAC et Roles.
8 / 14
Laboratoire d’Informatique de Grenoble
June 2012 (translated in january 2015)
Akram Idani, Yves Ledru
The first two packages will store the access control policies associated to classes classes “Patient”
and “MedicalRecord”. The “Role” package will store the roles model and the assignment of users to
roles.
N.B. In order to add a stereotype, select a class and choose the « Stereotypes » tab in panel
« Properties ».
Package PatientAC will store the access control policy for class « Patient ». This policy expresses
that a secretary may create a patient.
9 / 14
Laboratoire d’Informatique de Grenoble
June 2012 (translated in january 2015)
Akram Idani, Yves Ledru
N.B. In this example, permission « SecPerm » is associated to package « PatientAC ». The “Patient” class
and “Secretary” role are taken from packages Functional and Roles.
Package MedicalRecordAC stores the access control policy for class « MedicalRecord »:
The access control rules expressed in this model are the following ones:
–
–
–
III.
Every member of the medical staff may read the public information of medical records. This
means that nurses and doctors have read access to the “Data” attribute.
Nurses may only create a medical record.
Doctors may modify the data of a medical act and validate it.
Generation of B specifications
III.1. Configuration
In the current version of the tool, the configuration step requires to manually instanciate several
variables in the source code of the transformation engine. These variables belong to file
Selkis_B4MSecure/src/run.java and are named umlModelName, subPackage et resourcesPath.
–
–
–
umlModelName : UML file (umlModelName = "B4MSecureModel")
subPackage : the sub-package storing the functional model
(subPackage = "B4MSecureModel::B4MSecureModel::Functional")
resourcesPath : folder storing the TopCased model, and where B specifications will be
generated (resourcesPath= "../TopcasedB4MSecure/Models/").
10 / 14
Laboratoire d’Informatique de Grenoble
June 2012 (translated in january 2015)
umlModelName
resourcesPath
subPackage
11 / 14
Akram Idani, Yves Ledru
Laboratoire d’Informatique de Grenoble
June 2012 (translated in january 2015)
Akram Idani, Yves Ledru
III.2. Translation of the functional model
Execute file « Selkis_B4MSecure/src/run.java » ; then click on « Translate functional model ».
The following message is displayed at the end of the generation of the functional model:
The console displays the log of the transformation, possibly including error messages. In case of
errors, the UML model should be reviewed. If the translation succeeds, three files are generated in
folder « TopcasedB4MSecure/Models ». If these files are not displayed, right-click on the folder and
select « Refresh ».
These three files are
– B4MSecureModel.b : instance of the B meta-model
– B4MSecureModel.trace : trace of the UML to B translation
– Functional.mch : B machine of the functional model, in textual format
III.3.
Extracting the instance of the security meta-model
Right-click on file « « B4MSecureModel.uml », then click on “Selkis / Extract OrBac model
from UML”.
12 / 14
Laboratoire d’Informatique de Grenoble
June 2012 (translated in january 2015)
Akram Idani, Yves Ledru
This step apply the QVTo rules of file « UML2SUML.qvto » on « B4MSecureModel.uml ».
This produces an instance of the security meta-model (a variant of the SecureUML meta-model
including the organisation concept). The following message is displayed at the end of the process.
The instance of the security meta-model is stored in file « B4MSecureModel.uml.ORBAC2 »
generated in folder « TopcasedB4MSecure/Models ».
13 / 14
Laboratoire d’Informatique de Grenoble
June 2012 (translated in january 2015)
Akram Idani, Yves Ledru
III.4. Translation of the security model
Execute file “Selkis_B4MSecure/src/run.java” ; then click on « Translate security model ».
The following message is displayed at the end of the generation of B specifications from the
security model:
The generation of B specifications from the security model requires the prior generation of files
La génération des spécifications B du modèle de sécurité nécessite l’existence des fichiers
« B4MSecureModel.b » and « B4MSecureModel.uml.ORBAC2». When this step succeeds, three B
machines are generated in folder « TopcasedB4MSecure/Models » :
–
–
–
IV.
ContextMachine.mch : stores the set of users and organisations of the security model
UserAssignments.mch : stores the roles, their links and constraints, and the assignment of
users to roles. This machine also stores the session management operations.
RBAC_Model.mch : stores the B translation of the access control policy.
Analysis of the generated B specifications
Coming soon.
14 / 14