Developing Secure Networked Web-Based Systems Using Model-based Risk Assessment and UMLsec
نویسندگان
چکیده
Despite a growing awareness of security issues in networked computing systems, most development processes used today still do not take security aspects into account. To address this problem, we designed a process for developing secure networked systems based on the extension of the Unified Modeling Language (UML) for secure systems development UMLsec and on the concept of model-based risk assessment (MBRA). Enterprise information such as security policies, business goals, policies and processes are supported through activities in the model-based integrated development process. These are then refined to security requirements at a more technical level, which can be expressed using UMLsec, and which can be analysed mechanically using the tool-support for UMLsec.
منابع مشابه
Risk-Driven Development Of Security-Critical Systems Using UMLsec
Despite a growing awareness of security issues in distributed computing systems, most development processes used today still do not take security aspects into account. To address this problem we make use of a risk-driven approach to develop security-critical systems based on UMLsec, the extension of the Unified Modeling Language (UML) for secure systems development, the safety standard ICE 6150...
متن کاملMapping of McGraw Cycle to RUP Methodology for Secure Software Developing
Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of softwar...
متن کاملModelling and Compensation of uncertain time-delays in networked control systems with plant uncertainty using an Improved RMPC Method
Control systems with digital communication between sensors, controllers and actuators are called as Networked Control Systems (NCSs). In general, NCSs encounter with some problems such as packet dropouts and network induced delays. When plant uncertainty is added to the aforementioned problems, the design of the robust controller that is able to guarantee the stability, becomes more complex. In...
متن کاملModel-based security analysis of the German health card architecture.
OBJECTIVES Health-care information systems are particularly security-critical. In order to make these applications secure, the security analysis has to be an integral part of the system design and IT management process for such systems. METHODS This work presents the experiences and results from the security analysis of the system architecture of the German Health Card, by making use of an ap...
متن کاملUMLsec: Extending UML for Secure Systems Development
Developing secure-critical systems is difficult and there are many well-known examples of security weaknesses exploited in practice. Thus a sound methodology supporting secure systems development is urgently needed. Our aim is to aid the difficult task of developing security-critical systems in an approach based on the notation of the Unified Modeling Language. We present the extension UMLsec o...
متن کامل