Software requirements: objects, functions, and states
Software requirements: objects, functions, and states
The existence of refinement mappings
Theoretical Computer Science
Symbolic model checking: an approach to the state explosion problem
Symbolic model checking: an approach to the state explosion problem
A framework for modeling transfer protocols
Computer Networks: The International Journal of Computer and Telecommunications Networking
Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers
Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers
Model Checking TLA+ Specifications
CHARME '99 Proceedings of the 10th IFIP WG 10.5 Advanced Research Working Conference on Correct Hardware Design and Verification Methods
On the Composition of Secure Systems
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Information Flow Analysis of Component-Structured Applications
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
ASWEC '01 Proceedings of the 13th Australian Conference on Software Engineering
An Approach for Modeling and Analysis of Security System Architectures
IEEE Transactions on Knowledge and Data Engineering
MAC and UML for secure software design
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
An aspect-oriented methodology for designing secure applications
Information and Software Technology
Tool support for the rapid composition, analysis and implementation of reactive services
Journal of Systems and Software
Automated Encapsulation of UML Activities for Incremental Development and Verification
MODELS '09 Proceedings of the 12th International Conference on Model Driven Engineering Languages and Systems
Secure Systems Development with UML
Secure Systems Development with UML
A tool-supported method for the design and implementation of secure distributed applications
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Model-Driven Risk Analysis: The CORAS Approach
Model-Driven Risk Analysis: The CORAS Approach
Contracts for multi-instance UML activities
FMOODS'11/FORTE'11 Proceedings of the joint 13th IFIP WG 6.1 and 30th IFIP WG 6.1 international conference on Formal techniques for distributed systems
Proceedings of the 10th ACM international conference on Generative programming and component engineering
Dynamic secure aspect modeling with UML: from models to code
MoDELS'05 Proceedings of the 8th international conference on Model Driven Engineering Languages and Systems
Reactive semantics for distributed UML activities
FMOODS'10/FORTE'10 Proceedings of the 12th IFIP WG 6.1 international conference and 30th IFIP WG 6.1 international conference on Formal Techniques for Distributed Systems
Security issues in service composition
FMOODS'06 Proceedings of the 8th IFIP WG 6.1 international conference on Formal Methods for Open Object-Based Distributed Systems
Formal verification of application-specific security properties in a model-driven approach
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Security asset elicitation for collaborative models
Proceedings of the Workshop on Model-Driven Security
Incremental development of large, secure smart card applications
Proceedings of the Workshop on Model-Driven Security
| Hi-index | 0.00 |
Automatic model checking can be employed to verify that security properties are fulfilled by a system model. However, since security requirements constrain most, if not all, functional modules of a system, such a proof needs to consider nearly all of the system's control and data flows. For complex real-life applications, that leads to a large state space to be explored effectively restricting the applicability of a model checker. To deal with this problem, we advocate a compositional approach utilizing the features of our model-based engineering technique SPACE. Both functional behavior and security-related aspects are specified using UML 2 activities. Further, we supplement each activity with an interface behavior description which will be extended by a security contract modeling certain security properties to be fulfilled by the activity. This enables us to verify application-level security properties by using contracts instead of their respective activities in model checker runs so that the number of states to be checked is significantly reduced. The approach is exemplified by an Android application example in which one's location must only be shared with certain recipients.