A UML-based static verification framework for security

被引:14
|
作者
Siveroni, Igor [1 ]
Zisman, Andrea [1 ]
Spanoudakis, George [1 ]
机构
[1] City Univ London, Dept Comp, London EC1V, England
关键词
UML; Security requirements; Model checking; SPIN;
D O I
10.1007/s00766-009-0091-y
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Secure software engineering is a new research area that has been proposed to address security issues during the development of software systems. This new area of research advocates that security characteristics should be considered from the early stages of the software development life cycle and should not be added as another layer in the system on an ad-hoc basis after the system is built. In this paper, we describe a UML-based Static Verification Framework (USVF) to support the design and verification of secure software systems in early stages of the software development life-cycle taking into consideration security and general requirements of the software system. USVF performs static verification on UML models consisting of UML class and state machine diagrams extended by an action language. We present an operational semantics of UML models, define a property specification language designed to reason about temporal and general properties of UML state machines using the semantic domains of the former, and implement the model checking process by translating models and properties into Promela, the input language of the SPIN model checker. We show that the methodology can be applied to the verification of security properties by representing the main aspects of security, namely availability, integrity and confidentiality, in the USVF property specification language.
引用
收藏
页码:95 / 118
页数:24
相关论文
共 50 条
  • [21] A UML-based methodology for hypermedia design
    Hennicker, R
    Koch, N
    [J]. UML 2000 - THE UNIFIED MODELING LANGUAGE, PROCEEDINGS: ADVANCING THE STANDARD, 2000, 1939 : 410 - 424
  • [22] FAME: A UML-based framework for modeling fuzzy self-adaptive software
    Han, Deshuai
    Yang, Qiliang
    Xing, Jianchun
    Li, Juelong
    Wang, Hongda
    [J]. INFORMATION AND SOFTWARE TECHNOLOGY, 2016, 76 : 118 - 134
  • [24] UML-based Radar Software Design
    Feng Juntao
    [J]. 2018 5TH INTERNATIONAL CONFERENCE ON ELECTRICAL & ELECTRONICS ENGINEERING AND COMPUTER SCIENCE (ICEEECS 2018), 2018, : 414 - 417
  • [25] A UML-based approach to system testing
    Hartmann, Jean
    Vieira, Marlon
    Foster, Herbert
    Ruder, Axel
    [J]. INNOVATIONS IN SYSTEMS AND SOFTWARE ENGINEERING, 2005, 1 (01) : 12 - 24
  • [26] A UML-based meta-framework for system design in public health Informatics
    Orlova, AO
    Lehmann, H
    [J]. AMIA 2002 SYMPOSIUM, PROCEEDINGS: BIOMEDICAL INFORMATICS: ONE DISCIPLINE, 2002, : 582 - 586
  • [27] Softev: UML-Based PSEE Environment
    Pan Qiu ling
    [J]. Wuhan University Journal of Natural Sciences, 2001, (Z1) : 524 - 530
  • [28] UML-based methodology for distributed systems
    Oldevik, J
    Bene, AJ
    [J]. ENTERPRISE DISTRIBUTED OBJECT COMPUTING - PROCEEDINGS SECOND INTERNATIONAL WORKSHOP, 1998, : 2 - 13
  • [29] UML-based product configuration in manufacture
    Li, Ni-Ya
    Liu, Da-You
    Zhang, Jian
    [J]. Jilin Daxue Xuebao (Gongxueban)/Journal of Jilin University (Engineering and Technology Edition), 2009, 39 (03): : 759 - 763
  • [30] UML-based modeling of virtual enterprise
    Dai, YR
    Yan, JW
    Wang, J
    [J]. 7TH WORLD MULTICONFERENCE ON SYSTEMICS, CYBERNETICS AND INFORMATICS, VOL V, PROCEEDINGS: COMPUTER SCIENCE AND ENGINEERING: I, 2003, : 493 - 496