Systematic development of UMLsec design models based on security requirements

Authors:
Denis Hatebur;Maritta Heisel;Jan Jürjens;Holger Schmidt
Affiliations:
Software Engineering, Department of Computer Science and Applied Cognitive Science, Faculty of Engineering, University Duisburg-Essen and Institut für technische Systeme GmbH, Germany;Software Engineering, Department of Computer Science and Applied Cognitive Science, Faculty of Engineering, University Duisburg-Essen, Germany;Software Engineering, Department of Computer Science, TU Dortmund and Fraunhofer Institut für Software- und Systemtechnik, Germany;Software Engineering, Department of Computer Science, TU Dortmund, Germany
Venue:
FASE'11/ETAPS'11 Proceedings of the 14th international conference on Fundamental approaches to software engineering: part of the joint European conferences on theory and practice of software
Year:
2011

Citing 9
Cited 0

Problem frames: analyzing and structuring software development problems

Problem frames: analyzing and structuring software development problems
SecureUML: A UML-Based Modeling Language for Model-Driven Security

UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Analysis and Component-based Realization of Security Requirements

ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
An OCL extension for checking and transforming UML models

SEPADS'09 Proceedings of the 8th WSEAS International Conference on Software engineering, parallel and distributed systems
A comparison of security requirements engineering methods

Requirements Engineering - Special Issue on RE'09: Security Requirements Engineering; Guest Editors: Eric Dubois and Haralambos Mouratidis
Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec

Requirements Engineering - Special Issue on RE'09: Security Requirements Engineering; Guest Editors: Eric Dubois and Haralambos Mouratidis
Secure Systems Development with UML

Secure Systems Development with UML
From goal-driven security requirements engineering to secure design

International Journal of Intelligent Systems - Goal-driven Requirements Engineering
A UML profile for requirements analysis of dependable software

SAFECOMP'10 Proceedings of the 29th international conference on Computer safety, reliability, and security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Developing security-critical systems in a way that makes sure that the developed systems actually enforce the desired security requirements is difficult, as can be seen by many security vulnerabilities arising in practice on a regular basis. Part of the difficulty is the transition from the security requirements analysis to the design, which is highly nontrivial and error-prone, leaving the risk of introducing vulnerabilities. Unfortunately, existing approaches bridging this gap largely only provide informal guidelines for the transition from security requirements to secure design. We present a method to systematically develop structural and behavioral UMLsec design models based on security requirements. Each step of our method is supported by model generation rules expressed as pre- and postconditions using the formal specification language OCL. Moreover, we present a concept for a CASE tool based on the model generation rules. Thus, applying our method to generate UMLsec design models supported by this tool and based on previously captured and analyzed security requirements becomes systematic, less error-prone, and a more routine engineering activity. We illustrate our method by the example of a patient monitoring system.