Towards Tool Support for UMLsec (Poster Proposal)
نویسنده
چکیده
UMLsec is a UML profile for designing and modeling security aspects of the software systems. It can be integrated into existing software development processes with minimal changes to them, and its application does not require special training in cryptography and related fields. This way the UMLsec methodology aims to increase the quality of security-critical systems development. This paper presents the current status of several ongoing projects, aiming at the development of automated tools for processing UMLsec models. Such tools will make the methodology directly applicable in the
منابع مشابه
Automated Verification of UMLsec Models for Security Requirements
For model-based development to be a success in practice, it needs to have a convincing added-value associated with its use. Our goal is to provide such added-value by developing tool-support for the analysis of UML models against difficult system requirements. Towards this goal, we describe a UML verification framework supporting the construction of automated requirements analysis tools for UML...
متن کاملDeveloping Security-Critical Applications with UMLsec A Short Walk-Through
Developing high-assurance security-critical systems is difficult and there are many well-known examples of security weaknesses exploited in practice. Thus a sound methodology supporting secure systems development is urgently needed. We give an overview over an extension of UML, called UMLsec, that allows expressing security-relevant information within the diagrams in a system specification. We ...
متن کاملRisk-Driven Development Of Security-Critical Systems Using UMLsec
Despite a growing awareness of security issues in distributed computing systems, most development processes used today still do not take security aspects into account. To address this problem we make use of a risk-driven approach to develop security-critical systems based on UMLsec, the extension of the Unified Modeling Language (UML) for secure systems development, the safety standard ICE 6150...
متن کاملDeveloping Secure Networked Web-Based Systems Using Model-based Risk Assessment and UMLsec
Despite a growing awareness of security issues in networked computing systems, most development processes used today still do not take security aspects into account. To address this problem, we designed a process for developing secure networked systems based on the extension of the Unified Modeling Language (UML) for secure systems development UMLsec and on the concept of model-based risk asses...
متن کاملTowards Model Transformation between SecureUML and UMLsec for Role-based Access Control
Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC), which restricts system access to authorised users. Recently different authors have proposed a number of modelling languages (e.g., abuse cases, misuse cases, secure i*, secure Tropos, and KAOS extensions to security) that f...
متن کامل