Sound methods and effective tools for model-based security engineering with UML

被引:0
|
作者
Jürjens, J [1 ]
机构
[1] Tech Univ Munich, Dept Informat, Competence Ctr IT Secur Software & Syst Engn, Munich, Germany
来源
ICSE 05: 27TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, PROCEEDINGS | 2005年
关键词
Unified Modeling Language; UML; security; verification; biometric authentication; cryptographic protocol; verification framework;
D O I
暂无
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Developing security-critical systems is difficult and there are many well-known examples of security weaknesses exploited in practice. Thus a sound methodology supporting secure systems development is urgently needed. We present an extensible verification framework for verifying UML models for security requirements. In particular, it includes various plugins performing different security analyses on models of the security extension UMLsec of UML. Here, we concentrate on an automated theorem prover binding to verify security properties of UMLsec models which make use of cryptography (such as cryptographic protocols). The work aims to contribute towards usage of UML for secure systems development in practice by offering automated analysis routines connected to popular CASE tools. We present an example of such an application where our approach found and corrected several serious design flaws in an industrial biometric authentication system.
引用
收藏
页码:322 / 331
页数:10
相关论文
共 50 条
  • [1] Model-based security engineering with UML
    Jürjens, J
    [J]. FOUNDATIONS OF SECURITY ANALYSIS AND DESIGN III, 2005, 3655 : 42 - 77
  • [2] Model-based security engineering with UML:: Introducing security aspects
    Juerjens, Jan
    [J]. FORMAL METHODS FOR COMPONENTS AND OBJECTS, 2006, 4111 : 64 - 87
  • [3] Sound methods and effective tools for engineering modeling and analysis
    Coppit, D
    Sullivan, KJ
    [J]. 25TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, PROCEEDINGS, 2003, : 198 - 207
  • [4] Model-based security engineering
    Juerjens, Jan
    [J]. SIGMAP 2006: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SIGNAL PROCESSING AND MULTIMEDIA APPLICATIONS, 2006, : IS23 - IS29
  • [5] Model-based security engineering
    Juerjens, Jan
    [J]. SECRYPT 2006: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, 2006, : IS23 - IS29
  • [6] Model-based security engineering
    Juerjens, Jan
    [J]. ICE-B 2006: Proceedings of the International Conference on e-Business, 2006, : IS23 - IS29
  • [7] Model-based security engineering
    Juerjens, Jan
    [J]. WINSYS 2006: Proceedings of the International Conference on Wireless Information Networks and Systems, 2006, : IS23 - IS29
  • [8] Model-based security engineering for real
    Juerjens, Jan
    [J]. FM 2006: FORMAL METHODS, PROCEEDINGS, 2006, 4085 : 600 - 606
  • [9] Model-Based Systems Engineering for Machine Tools and Production Systems (Model-Based Production Engineering)
    Kuebler, Karl
    Scheifele, Stefan
    Scheifele, Christian
    Riedel, Oliver
    [J]. 4TH INTERNATIONAL CONFERENCE ON SYSTEM-INTEGRATED INTELLIGENCE: INTELLIGENT, FLEXIBLE AND CONNECTED SYSTEMS IN PRODUCTS AND PRODUCTION, 2018, 24 : 216 - 221
  • [10] Model-based design of reverse engineering tools
    Jarzabek, S
    Wang, GS
    [J]. JOURNAL OF SOFTWARE MAINTENANCE-RESEARCH AND PRACTICE, 1998, 10 (05): : 353 - 380
12345