Determining role rights from use cases
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
From object-oriented to goal-oriented requirements analysis
Communications of the ACM
The Unified Modeling Language reference manual
The Unified Modeling Language reference manual
Software engineering for security: a roadmap
Proceedings of the Conference on The Future of Software Engineering
A general framework for formalizing UML with formal languages
ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
A UML statecharts semantics with message-passing
Proceedings of the 2002 ACM symposium on Applied computing
Using UMLsec and goal trees for secure systems development
Proceedings of the 2002 ACM symposium on Applied computing
Extended description techniques for security engineering
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
On Use Cases and Their Relationships in the Unified Modelling Language
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
Towards Development of Secure Systems Using UMLsec
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
Proceedings of the Workshop on Object-Oriented Technology
Defining Precise Semantics for UML
ECOOP '00 Proceedings of the Workshops, Panels, and Posters on Object-Oriented Technology
Modeling the Dynamics of UML State Machines
ASM '00 Proceedings of the International Workshop on Abstract State Machines, Theory and Applications
Security Modelling for Electronic Commerce: The Common Electronic Purse Specifications
I3E '01 Proceedings of the IFIP Conference on Towards The E-Society: E-Commerce, E-Business, E-Government
Formal semantics for interacting UML subsystems
FMOODS '02 Proceedings of the IFIP TC6/WG6.1 Fifth International Conference on Formal Methods for Open Object-Based Distributed Systems V
UMLAUT: An Extendible UML Transformation Framework
ASE '99 Proceedings of the 14th IEEE international conference on Automated software engineering
UML'00 Proceedings of the 3rd international conference on The unified modeling language: advancing the standard
UML'00 Proceedings of the 3rd international conference on The unified modeling language: advancing the standard
Model driven security for process-oriented systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Using uml to visualize role-based access control constraints
Proceedings of the ninth ACM symposium on Access control models and technologies
Formal access control analysis in the software development process
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Sound methods and effective tools for model-based security engineering with UML
Proceedings of the 27th international conference on Software engineering
Secure Software Development by Example
IEEE Security and Privacy
Collaborative business and data privacy: toward a cyber-control?
Computers in Industry - Special issue: The digital factory: an instrument of the present and the future
Towards an architectural treatment of software security: a connector-centric approach
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Visual security protocol modeling
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Access control and audit model for the multidimensional modeling of data warehouses
Decision Support Systems
ACM-SE 45 Proceedings of the 45th annual southeast regional conference
Developing secure data warehouses with a UML extension
Information Systems
Towards security monitoring patterns
Proceedings of the 2007 ACM symposium on Applied computing
X-FEDERATE: A Policy Engineering Framework for Federated Access Management
IEEE Transactions on Software Engineering
Towards realizing a formal RBAC model in real systems
Proceedings of the 12th ACM symposium on Access control models and technologies
A formalism for visual security protocol modeling
Journal of Visual Languages and Computing
Security services provision for telematic services at the knowledge and information society
EATIS '07 Proceedings of the 2007 Euro American conference on Telematics and information systems
Use of web service orchestration strategies in operations on digital democracy platform
EATIS '07 Proceedings of the 2007 Euro American conference on Telematics and information systems
A data-modelling approach to web application synthesis
International Journal of Web Engineering and Technology
Integrating security and usability into the requirements and design process
International Journal of Electronic Security and Digital Forensics
Barbed Model--Driven Software Development: A Case Study
Electronic Notes in Theoretical Computer Science (ENTCS)
Task-based entailment constraints for basic workflow patterns
Proceedings of the 13th ACM symposium on Access control models and technologies
Computer Standards & Interfaces
CAiSE '08 Proceedings of the 20th international conference on Advanced Information Systems Engineering
A Model-Based Framework for Security Policy Specification, Deployment and Testing
MoDELS '08 Proceedings of the 11th international conference on Model Driven Engineering Languages and Systems
Automated analysis of security-design models
Information and Software Technology
A model-based aspect-oriented framework for building intrusion-aware software systems
Information and Software Technology
Experimental comparison of attack trees and misuse cases for security threat identification
Information and Software Technology
An adaptive security model using agent-oriented MDA
Information and Software Technology
Editorial: Model-Driven Development for secure information systems
Information and Software Technology
Model-driven business process security requirement specification
Journal of Systems Architecture: the EUROMICRO Journal
Report: CC-Based Design of Secure Application Systems
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
A UML profile for role-based access control
Proceedings of the 2nd international conference on Security of information and networks
A pattern-driven security advisor for service-oriented architectures
Proceedings of the 2009 ACM workshop on Secure web services
Reusable security use cases for mobile grid environments
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
Collaborative business and data privacy: Toward a cyber-control?
Computers in Industry - Special issue: The digital factory: an instrument of the present and the future
Security Policy Definition Framework for SOA-Based Systems
WISE '09 Proceedings of the 10th International Conference on Web Information Systems Engineering
Foundations for Designing Secure Architectures
Electronic Notes in Theoretical Computer Science (ENTCS)
An MDA approach to Access Control Specifications Using MOF and UML Profiles
Electronic Notes in Theoretical Computer Science (ENTCS)
Information and Software Technology
A transformation approach for security enhanced business processes
SE '08 Proceedings of the IASTED International Conference on Software Engineering
Analysis of Secure Mobile Grid Systems: A systematic approach
Information and Software Technology
A systematic review of security requirements engineering
Computer Standards & Interfaces
Verifying smart card applications: an ASM approach
IFM'07 Proceedings of the 6th international conference on Integrated formal methods
Deriving XACML policies from business process models
WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
Modeling of task-based authorization constraints in BPMN
BPM'07 Proceedings of the 5th international conference on Business process management
Defining security architectural patterns based on viewpoints
ICCSA'07 Proceedings of the 2007 international conference on Computational science and its applications - Volume Part III
Unified modeling of attacks, vulnerabilities and security activities
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
An XACML extension for business process-centric access control policies
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Security requirements engineering framework for software product lines
Information and Software Technology
Constructing authorization systems using assurance management framework
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
A comparison of software design security metrics
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Security-driven model-based dynamic adaptation
Proceedings of the IEEE/ACM international conference on Automated software engineering
A systematic review on the definition of UML profiles
MODELS'10 Proceedings of the 13th international conference on Model driven engineering languages and systems: Part I
Evolution of security requirements tests for service-centric systems
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
A decade of model-driven security
Proceedings of the 16th ACM symposium on Access control models and technologies
Towards a better integration of patterns in secure component-based systems design
ICCSA'11 Proceedings of the 2011 international conference on Computational science and Its applications - Volume Part V
A feature-based approach for modeling role-based access control systems
Journal of Systems and Software
Enforcing S&D pattern design in RCES with modeling and formal approaches
Proceedings of the 14th international conference on Model driven engineering languages and systems
Combining UML, ASTD and B for the formal specification of an access control filter
Innovations in Systems and Software Engineering
Model-based security engineering with UML: introducing security aspects
FMCO'05 Proceedings of the 4th international conference on Formal Methods for Components and Objects
Building security requirements using state transition diagram at security threat location
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
A verifiable modeling approach to configurable role-based access control
FASE'10 Proceedings of the 13th international conference on Fundamental Approaches to Software Engineering
Role slices: a notation for RBAC permission assignment and enforcement
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
For-LySa: UML for authentication analysis
GC'04 Proceedings of the 2004 IST/FET international conference on Global Computing
A theorem proving approach to analysis of secure information flow
SPC'05 Proceedings of the Second international conference on Security in Pervasive Computing
Dynamic secure aspect modeling with UML: from models to code
MoDELS'05 Proceedings of the 8th international conference on Model Driven Engineering Languages and Systems
ER'05 Proceedings of the 24th international conference on Conceptual Modeling
Vulnerabilities detection in the configurations of MS windows operating system
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Choreographing security and performance analysis for web services
EPEW'05/WS-FM'05 Proceedings of the 2005 international conference on European Performance Engineering, and Web Services and Formal Methods, international conference on Formal Techniques for Computer Systems and Business Processes
Trust obstacle mitigation for database systems
BNCOD'06 Proceedings of the 23rd British National Conference on Databases, conference on Flexible and Efficient Information Handling
Model-based security engineering for real
FM'06 Proceedings of the 14th international conference on Formal Methods
A requirement centric framework for information security evaluation
IWSEC'06 Proceedings of the 1st international conference on Security
Evaluation of the unified modeling language for security requirements analysis
WISA'05 Proceedings of the 6th international conference on Information Security Applications
Tools for critical systems development with UML (tool demo)
UML'04 Proceedings of the 2004 international conference on UML Modeling Languages and Applications
Tools for critical systems development with UML (tool demo)
UML Modeling Languages and Applications
Design, Implementation and Verification of MILS Systems
Software—Practice & Experience
Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL
Information and Software Technology
A metamodel-based approach for analyzing security-design models
MODELS'07 Proceedings of the 10th international conference on Model Driven Engineering Languages and Systems
Software and Systems Modeling (SoSyM)
Modelling and analysing resilience as a security issue within UML
Proceedings of the 2nd International Workshop on Software Engineering for Resilient Systems
How to select a security requirements method? a comparative study with students and practitioners
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Toward a model-driven access-control enforcement mechanism for pervasive systems
Proceedings of the Workshop on Model-Driven Security
Towards Security Assurance in Round-Trip Engineering: A Type-Based Approach
Electronic Notes in Theoretical Computer Science (ENTCS)
Model-driven adaptive delegation
Proceedings of the 12th annual international conference on Aspect-oriented software development
Building high assurance secure applications using security patterns for capability-based platforms
Proceedings of the 2013 International Conference on Software Engineering
Comparing attack trees and misuse cases in an industrial setting
Information and Software Technology
Information and Software Technology
| Hi-index | 0.00 |
Developing secure-critical systems is difficult and there are many well-known examples of security weaknesses exploitedin practice. Thus a sound methodology supporting secure systems development is urgently needed.Our aim is to aid the difficult task of developing security-critical systems in an approach basedon the notation of the Unified Modeling Language. We present the extension UMLsec of UML that allows to express securityrelevant information within the diagrams in a system specification. UMLsec is defined in form of a UML profile using the standard UML extension mechanisms. In particular, the associatedc onstraints give criteria to evaluate the security aspects of a system design, by referring to a formal semantics of a simplifiedfragm ent of UML. We demonstrate the concepts with examples.