Incremental security verification for evolving UMLsec models

Authors:
Jan Jürjens;Loïc Marchal;Martín Ochoa;Holger Schmidt
Affiliations:
Software Engineering, Department of Computer Science, TU Dortmund, Germany and Fraunhofer ISST, Germany;Hermès Engineering, Belgium;Software Engineering, Department of Computer Science, TU Dortmund, Germany;Software Engineering, Department of Computer Science, TU Dortmund, Germany
Venue:
ECMFA'11 Proceedings of the 7th European conference on Modelling foundations and applications
Year:
2011

Citing 9
Cited 3

Graph transformation for specification and programming

Science of Computer Programming
Automating Support for Software Evolution in UML

Automated Software Engineering
Metrics and Laws of Software Evolution - The Nineties View

METRICS '97 Proceedings of the 4th International Symposium on Software Metrics
Instant and Incremental Transformation of Models

Proceedings of the 19th IEEE international conference on Automated software engineering
Software requirements and architecture modeling for evolving non-secure applications into secure applications

Science of Computer Programming
Tools for secure systems development with UML

International Journal on Software Tools for Technology Transfer (STTT)
Evolving Software Architecture Descriptions of Critical Systems

Computer
Model-Based Argument Analysis for Evolving Security Requirements

SSIRI '10 Proceedings of the 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement
Model transformations? transformation models!

MoDELS'06 Proceedings of the 9th international conference on Model Driven Engineering Languages and Systems

Challenges in model-based evolution and merging of access control policies

Proceedings of the 12th International Workshop on Principles of Software Evolution and the 7th annual ERCIM Workshop on Software Evolution
Orchestrating security and system engineering for evolving systems

ServiceWave'11 Proceedings of the 4th European conference on Towards a service-based internet
Specifying model changes with UMLchange to support security verification of potential evolution

Computer Standards & Interfaces

Quantified Score

Hi-index	0.00

Visualization

Abstract

There exists a substantial amount of work on methods, techniques and tools for developing security-critical systems. However, these approaches focus on ensuring that the security properties are enforced during the initial system development and they usually have a significant cost associated with their use (in time and resources). In order to enforce that the systems remain secure despite their later evolution, it would be infeasible to re-apply the whole secure software development methodology from scratch. This work presents results towards addressing this challenge in the context of the UML security extension UMLsec. We investigate the security analysis of UMLsec models by means of a changespecific notation allowing multiple evolution paths and sound algorithms supporting the incremental verification process of evolving models. The approach is validated by a tool implementation of these verification techniques that extends the existing UMLsec tool support.