Communications of the ACM
The Unified Modeling Language reference manual
The Unified Modeling Language reference manual
Theoretical Computer Science - Trees in algebra and programming
Software engineering for security: a roadmap
Proceedings of the Conference on The Future of Software Engineering
Using relational and behavioural semantics in the verification of object models
Fourth International Conference on Formal methods for open object-based distributed systems IV
Specification and development of interactive systems: focus on streams, interfaces, and refinement
Specification and development of interactive systems: focus on streams, interfaces, and refinement
Analysing UML Active Classes and Associated State Machines - A Lightweight Formal Approach
FASE '00 Proceedings of the Third Internationsl Conference on Fundamental Approaches to Software Engineering: Held as Part of the European Joint Conferences on the Theory and Practice of Software, ETAPS 2000
A Java-Based Distributed Platform for Multilateral Security
TREC '98 Proceedings of the International IFIP/GI Working Conference on Trends in Distributed Systems for Electronic Commerce
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Non-Interference Through Determinism
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Secure Information Flow for Concurrent Processes
CONCUR '00 Proceedings of the 11th International Conference on Concurrency Theory
The UML as a Formal Modeling Notation
«UML» '98 Selected papers from the First International Workshop on The Unified Modeling Language «UML»'98: Beyond the Notation
Formal Specification of Object-Oriented Meta-modelling
FASE '00 Proceedings of the Third Internationsl Conference on Fundamental Approaches to Software Engineering: Held as Part of the European Joint Conferences on the Theory and Practice of Software, ETAPS 2000
FME '01 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods for Increasing Software Productivity
Defining UML Family Members Using Prefaces
TOOLS '99 Proceedings of the 32nd International Conference on Technology of Object-Oriented Languages
A UML statecharts semantics with message-passing
Proceedings of the 2002 ACM symposium on Applied computing
Using UMLsec and goal trees for secure systems development
Proceedings of the 2002 ACM symposium on Applied computing
Modelling audit security for Smart-Card payment schemes with UML-SEC
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
Extended description techniques for security engineering
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
UML Aspect Specification Using Role Models
OOIS '02 Proceedings of the 8th International Conference on Object-Oriented. Information Systems
MMM-ACNS '01 Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Encapsulating Rules of Prudent Security Engineering
Revised Papers from the 9th International Workshop on Security Protocols
FME '01 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods for Increasing Software Productivity
Metamodelig architectures and interoperability of web-enabled information systems
Web-enabled systems integration
Formal semantics for interacting UML subsystems
FMOODS '02 Proceedings of the IFIP TC6/WG6.1 Fifth International Conference on Formal Methods for Open Object-Based Distributed Systems V
Designing high integrity systems using aspects
Integrity and internal control in information systems V
authUML: a three-phased framework to analyze access control specifications in use cases
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Verifiable composition of access control and application features
Proceedings of the tenth ACM symposium on Access control models and technologies
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Information and Software Technology
A risk-driven security analysis method and modelling language
BT Technology Journal
Developing secure data warehouses with a UML extension
Information Systems
Automated analysis of security-design models
Information and Software Technology
Proceedings of the 4th International Conference on Design Science Research in Information Systems and Technology
Reusable security use cases for mobile grid environments
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
Security in business process engineering
BPM'03 Proceedings of the 2003 international conference on Business process management
Defining security architectural patterns based on viewpoints
ICCSA'07 Proceedings of the 2007 international conference on Computational science and its applications - Volume Part III
Enforcing trust in embedded systems using models
Proceedings of the International Workshop on Security and Dependability for Resource Constrained Embedded Systems
Using special use cases for security in the software development life cycle
WISA'10 Proceedings of the 11th international conference on Information security applications
Model-based security engineering with UML: introducing security aspects
FMCO'05 Proceedings of the 4th international conference on Formal Methods for Components and Objects
SecTOOL: supporting requirements engineering for access control
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Towards a UML 2.0 extension for the modeling of security requirements in business processes
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
A framework for exploiting security expertise in application development
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Information modeling for automated risk analysis
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Evaluation of the unified modeling language for security requirements analysis
WISA'05 Proceedings of the 6th international conference on Information Security Applications
A metamodel-based approach for analyzing security-design models
MODELS'07 Proceedings of the 10th international conference on Model Driven Engineering Languages and Systems
MDSE@R: model-driven security engineering at runtime
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Assimilating and Optimizing Software Assurance in the SDLC: A Framework and Step-Wise Approach
International Journal of Secure Software Engineering
Adaptable, model-driven security engineering for SaaS cloud-based applications
Automated Software Engineering
Hi-index | 0.00 |
We show how UML (the industry standard in object-oriented modelling) can be used to express security requirements during system development. Using the extension mechanisms provided by UML, we incorporate standard concepts from formal methods regarding multi-level secure systems and security protocols. These definitions evaluate diagrams of various kinds and indicate possible vulnerabilities.On the theoretical side, this work exemplifies use of the extension mechanisms of UML and of a (simplified) formal semantics for it. A more practical aim is to enable developers (that may not be security specialists) to make use of established knowledge on security engineering through the means of a widely used notation.