Towards Development of Secure Systems Using UMLsec
نویسنده
چکیده
We show how UML (the industry standard in object-oriented modelling) can be used to express security requirements during system development. Using the extension mechanisms provided by UML, we incorporate standard concepts from formal methods regarding multi-level secure systems and security protocols. These definitions evaluate diagrams of various kinds and indicate possible vulnerabilities. On the theoretical side, this work exemplifies use of the extension mechanisms of UML and of a (simplified) formal semantics for it. A more practical aim is to enable developers (that may not be security specialists) to make use of established knowledge on security engineering through the means of a widely used notation.
منابع مشابه
Developing Secure Networked Web-Based Systems Using Model-based Risk Assessment and UMLsec
Despite a growing awareness of security issues in networked computing systems, most development processes used today still do not take security aspects into account. To address this problem, we designed a process for developing secure networked systems based on the extension of the Unified Modeling Language (UML) for secure systems development UMLsec and on the concept of model-based risk asses...
متن کاملRisk-Driven Development Of Security-Critical Systems Using UMLsec
Despite a growing awareness of security issues in distributed computing systems, most development processes used today still do not take security aspects into account. To address this problem we make use of a risk-driven approach to develop security-critical systems based on UMLsec, the extension of the Unified Modeling Language (UML) for secure systems development, the safety standard ICE 6150...
متن کاملTowards Model Transformation between SecureUML and UMLsec for Role-based Access Control
Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC), which restricts system access to authorised users. Recently different authors have proposed a number of modelling languages (e.g., abuse cases, misuse cases, secure i*, secure Tropos, and KAOS extensions to security) that f...
متن کاملUse Case Application in Requirements Analysis using Secure Tropos to UMLsec - Security Issues
Information Systems Security is one of the most critical challenges presently facing nearly every one of the organizations. However, making certain security and quality in both information and the systems which control information is a difficult goal necessitating the mixture of two wide research disciplines which are typically separate: security engineering and secure software engineering. Sec...
متن کاملUMLsec: Extending UML for Secure Systems Development
Developing secure-critical systems is difficult and there are many well-known examples of security weaknesses exploited in practice. Thus a sound methodology supporting secure systems development is urgently needed. Our aim is to aid the difficult task of developing security-critical systems in an approach based on the notation of the Unified Modeling Language. We present the extension UMLsec o...
متن کامل