A UML Extension for the Model-driven Specification of Audit Rules

Bernhard Hoisl, Mark Strembeck

Publication: Chapter in book/Conference proceedingContribution to conference proceedings

7 Citations (Scopus)


In recent years, a number of laws and regulations (such as the Basel II accord or SOX) demand that organizations record certain activities or decisions to fulfill legally enforced reporting duties. Most of these regulations have a direct impact on the information systems that support an organization's business processes. Therefore, the definition of audit requirements at the modeling-level is an important prerequisite for the thorough implementation and enforcement of corresponding policies in a software system. In this paper, we present a UML extension for the specification of audit properties. The extension is generic and can be applied to a wide variety of UML elements. In a model-driven development (MDD) approach, our extension can be used to generate corresponding audit rules via model transformations.
Original languageEnglish
Title of host publicationProceedings of the 2nd International Workshop on Information Systems Security Engineering (WISSE)
Editors M. Bajec and J. Eder
Place of PublicationBerlin
Pages16 - 30
Publication statusPublished - 1 Jun 2012

Austrian Classification of Fields of Science and Technology (ÖFOS)

  • 502050 Business informatics
  • 102016 IT security
  • 102 not use (legacy)
  • 102022 Software development

Cite this