SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Towards the compositional verification of real-time UML designs
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Automated Analysis of Timing Information in UML Diagrams
Proceedings of the 19th IEEE international conference on Automated software engineering
Instant consistency checking for the UML
Proceedings of the 28th international conference on Software engineering
Ownership and Immutability Inference for UML-Based Object Access Control
ICSE '07 Proceedings of the 29th international conference on Software Engineering
When Role Models Have Flaws: Static Validation of Enterprise Security Policies
ICSE '07 Proceedings of the 29th international conference on Software Engineering
UCSIM: A Tool for Simulating Use Case Scenarios
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Secure Systems Development with UML
Secure Systems Development with UML
Bringing the user back into control: a new paradigm for usability in highly dynamic systems
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Model-based reasoning on the achievement of business goals
Proceedings of the 2009 ACM symposium on Applied Computing
Resolving least privilege violations in software architectures
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
Measuring the interplay of security principles in software architectures
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
Security validation of business processes via model-checking
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Specifying model changes with UMLchange to support security verification of potential evolution
Computer Standards & Interfaces
| Hi-index | 0.00 |
Compliance frameworks, laws and regulations such as Sarbanes Oxley, Basel II, Solvency II, HIPAA etc. demand from companies in a more and more rigorous way to demonstrate that their organisation, processes and supporting IT landscape implement and follow a set of guidelines at differing levels of abstraction. The work presented in this paper aims to contribute to a software engineering process which is driven by security, risk and compliance management considerations. We concentrate on a part of this approach that focusses on the question how one can use software engineering methods and tools to enforce that the configuration of a system enforces the security policies that arise from business compliance regulations. We present tool support for Model-based Compliance Engineering, i.e. for the model-based development and analysis of software configurations that ensures compliance with security policies. It allows one to check UML models of business applications and their configuration data for adherence to security policies and compliance requirements. The tool is based on standardized data formats, such as UML and XML, which makes its integration into existing business architectures as efficient as possible.