Problem frames: analyzing and structuring software development problems
Problem frames: analyzing and structuring software development problems
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Analysis and Component-based Realization of Security Requirements
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
An OCL extension for checking and transforming UML models
SEPADS'09 Proceedings of the 8th WSEAS International Conference on Software engineering, parallel and distributed systems
A comparison of security requirements engineering methods
Requirements Engineering - Special Issue on RE'09: Security Requirements Engineering; Guest Editors: Eric Dubois and Haralambos Mouratidis
Requirements Engineering - Special Issue on RE'09: Security Requirements Engineering; Guest Editors: Eric Dubois and Haralambos Mouratidis
Secure Systems Development with UML
Secure Systems Development with UML
From goal-driven security requirements engineering to secure design
International Journal of Intelligent Systems - Goal-driven Requirements Engineering
A UML profile for requirements analysis of dependable software
SAFECOMP'10 Proceedings of the 29th international conference on Computer safety, reliability, and security
Hi-index | 0.00 |
Developing security-critical systems in a way that makes sure that the developed systems actually enforce the desired security requirements is difficult, as can be seen by many security vulnerabilities arising in practice on a regular basis. Part of the difficulty is the transition from the security requirements analysis to the design, which is highly nontrivial and error-prone, leaving the risk of introducing vulnerabilities. Unfortunately, existing approaches bridging this gap largely only provide informal guidelines for the transition from security requirements to secure design. We present a method to systematically develop structural and behavioral UMLsec design models based on security requirements. Each step of our method is supported by model generation rules expressed as pre- and postconditions using the formal specification language OCL. Moreover, we present a concept for a CASE tool based on the model generation rules. Thus, applying our method to generate UMLsec design models supported by this tool and based on previously captured and analyzed security requirements becomes systematic, less error-prone, and a more routine engineering activity. We illustrate our method by the example of a patient monitoring system.