Modelling audit security for Smart-Card payment schemes with UML-SEC

Authors:
Jan Jürjens
Affiliations:
Univ. of Oxford, Oxford, UK
Venue:
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
Year:
2001

Citing 12
Cited 2

Authentication and delegation with smart-cards

TACS'91 Selected papers of the conference on Theoretical aspects of computer software
A taxonomy for secure object-oriented databases

ACM Transactions on Database Systems (TODS)
Database security

Database security
Why cryptosystems fail

Communications of the ACM
Exception-based information flow control in object-oriented systems

ACM Transactions on Information and System Security (TISSEC)
The Unified Modeling Language reference manual

The Unified Modeling Language reference manual
The inductive approach to verifying cryptographic protocols

Journal of Computer Security
Extended description techniques for security engineering

Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
The State of the Art in Electronic Payment Systems

Computer
Towards Development of Secure Systems Using UMLsec

FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
Checking Secure Interactions of Smart Card Applets

ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Security protocols over open networks and distributed systems: formal methods for their analysis, design, and verification

Computer Communications

Composability of Secrecy

MMM-ACNS '01 Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security
Using special use cases for security in the software development life cycle

WISA'10 Proceedings of the 11th international conference on Information security applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

To overcome the difficulties of correct secure systems design, we propose formal modelling using the object-oriented modelling language UML. Specifically, we consider the problem of accountability through auditing. We explain our method at the example of a part of the Common Electronic Purse Specifications (CEPS), a candidate for an international electronic purse standard, indicate possible vulnerabilities and present concrete security advice on that system. To overcome the difficulties of correct secure systems design, we propose formal modeling using the object-oriented modeling language UML. Specifically, we consider the problem of accountability through auditing. We explain our method at the example of a part of the common electronic purse specifications (CEPS), a candidate for an international electronic purse standard, indicate possible vulnerabilities and present concrete security advice on that system. To overcome the difficulties of correct secure systems design, we propose formal modeling using the object-oriented modeling language UML. Specifically, we consider the problem of accountability through auditing. We explain our method at the example of a part of the common electronic purse specifications (CEPS), a candidate for an international electronic purse standard, indicate possible vulnerabilities and present concrete security advice on that system.