Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
SETHEO and E-SETHEO - The CADE-13 Systems
Journal of Automated Reasoning
Formal Eavesdropping and Its Computational Interpretation
TACS '01 Proceedings of the 4th International Symposium on Theoretical Aspects of Computer Software
E-SETHEO: An Automated3 Theorem Prover
TABLEAUX '00 Proceedings of the International Conference on Automated Reasoning with Analytic Tableaux and Related Methods
Formal semantics for interacting UML subsystems
FMOODS '02 Proceedings of the IFIP TC6/WG6.1 Fifth International Conference on Formal Methods for Open Object-Based Distributed Systems V
Sound methods and effective tools for model-based security engineering with UML
Proceedings of the 27th international conference on Software engineering
Understanding Security Goals Provided by Crypto-Protocol Implementations
ICSM '05 Proceedings of the 21st IEEE International Conference on Software Maintenance
Verification of low-level crypto-protocol implementations using automated theorem proving
MEMOCODE '05 Proceedings of the 2nd ACM/IEEE International Conference on Formal Methods and Models for Co-Design
Secure Systems Development with UML
Secure Systems Development with UML
Tools for secure systems development with UML: security analysis with ATPs
FASE'05 Proceedings of the 8th international conference, held as part of the joint European Conference on Theory and Practice of Software conference on Fundamental Approaches to Software Engineering
Dynamic secure aspect modeling with UML: from models to code
MoDELS'05 Proceedings of the 8th international conference on Model Driven Engineering Languages and Systems
| Hi-index | 0.00 |
Developing security-critical systems is difficult and there are many well-known examples of security weaknesses exploited in practice. Thus a sound methodology supporting secure systems development is urgently needed. Our aim is to aid the difficult task of developing security-critical systems in a formally based approach using the notation of the Unified Modeling Language. We present the extension UMLsec of UML that allows one to express security-relevant information within the diagrams in a system specification. UMLsec is defined in form of a UML profile using the standard UML extension mechanisms. In particular, the associated constraints give criteria to evaluate the security aspects of a system design, by referring to a formal semantics of a simplified fragment of UML. We explain how these constraints can be formally verified against the dynamic behavior of the specification using automated theorem provers for first-order logic. This formal security verification can also be extended to C code generated from the specifications.