Tools for secure systems development with UML

Authors:
Jan Jürjens;Pasha Shabalin
Affiliations:
Software and Systems Engineering, Munich, TU, Germany;Internet-based Information Systems, Munich, TU, Germany
Venue:
International Journal on Software Tools for Technology Transfer (STTT)
Year:
2007

Citing 0
Cited 11

Model-based security analysis for mobile communications

Proceedings of the 30th international conference on Software engineering
Model-based Security Testing Using UMLsec

Electronic Notes in Theoretical Computer Science (ENTCS)
Editorial: Model-Driven Development for secure information systems

Information and Software Technology
Secure Information Systems Engineering: Experiences and Lessons Learned from Two Health Care Projects

CAiSE '09 Proceedings of the 21st International Conference on Advanced Information Systems Engineering
Compositional modeling for data-centric business applications

SC'08 Proceedings of the 7th international conference on Software composition
A framework to support alignment of secure software engineering with legal regulations

Software and Systems Modeling (SoSyM)
Incremental security verification for evolving UMLsec models

ECMFA'11 Proceedings of the 7th European conference on Modelling foundations and applications
A practical application of our MDD approach for modeling secure XML data warehouses

Decision Support Systems
Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment

Information and Software Technology
On the efficiency modelling of cryptographic protocols by means of the quality of protection modelling language (QoP-ML)

ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology
Specifying model changes with UMLchange to support security verification of potential evolution

Computer Standards & Interfaces

Quantified Score

Hi-index	0.00

Visualization

Abstract

For model-based development to be a success in practice, it needs to have a convincing added-value associated with its use. Our goal is to provide such added-value by developing tool-support for the analysis of UML models against difficult system requirements. Towards this goal, we describe a UML verification framework supporting the construction of automated requirements analysis tools for UML diagrams. The framework is connected to industrial CASE tools using XMI and allows convenient access to this data and to the human user. As a particular example, we present plugins for verifying models defined using the security extension UMLsec of UML. The verification framework allows advanced users of the UMLsec approach to themselves implement verification routines for the constraints of self-defined stereotypes. In particular, we focus on an analysis plug-in that utilizes the model-checker Spin to verify security properties of cryptography-based systems.