Model-based security analysis for mobile communications
Proceedings of the 30th international conference on Software engineering
Property Specification and Static Verification of UML Models
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Consistency checking and visualization of OCL constraints
UML'00 Proceedings of the 3rd international conference on The unified modeling language: advancing the standard
Secure Systems Development with UML
Secure Systems Development with UML
| Hi-index | 0.00 |
Developing security-critical software correctly and securely is difficult. To address this problem, there has been a significant amount of work over the last 10 years on providing model-based development approaches based on the Unified Modeling Language which aim to raise the trustworthiness of security-critical systems, some of them including tools allowing the user to check whether a UML model satisfies the relevant security requirements. However, when the requirements are not satisfied by a given model, it can be challenging for the user to determine which changes to do to the model so that it will indeed satisfy the security requirements. Also, the fact that software continues to evolve on an ongoing basis, even after the implementation has been shipped to the customer, increases the challenge since in principle, the software has to be re-verified after each modification, requiring significant efforts. We present work on automated tool-support that exploits recent work on secure software evolution in the Secure Change project in order to support the security hardening of evolving UML models (within the context of the UML security extension UMLsec).