Using UMLsec and goal trees for secure systems development
Proceedings of the 2002 ACM symposium on Applied computing
SETHEO and E-SETHEO - The CADE-13 Systems
Journal of Automated Reasoning
Applying Formal Methods to an Information Security Device: An Experience Report
HASE '99 The 4th IEEE International Symposium on High-Assurance Systems Engineering
Exploiting Automatic Analysis of E-Commerce Protocols
COMPSAC '01 Proceedings of the 25th International Computer Software and Applications Conference on Invigorating Software Development
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
DPS: An Architectural Style for Development of Secure Software
InfraSec '02 Proceedings of the International Conference on Infrastructure Security
Automatic Verification of Cryptographic Protocols with SETHEO
CADE-14 Proceedings of the 14th International Conference on Automated Deduction
Proceedings of the 25th International Conference on Software Engineering
First-order verification of cryptographic protocols
Journal of Computer Security - CSFW13
Knowledge Base Approach to Consistency Management of UML Specifications
Proceedings of the 16th IEEE international conference on Automated software engineering
Specification Modeling and Validation Applied to a Family of Network Security Products
Proceedings of the 16th IEEE international conference on Automated software engineering
Elaborating Security Requirements by Construction of Intentional Anti-Models
Proceedings of the 26th International Conference on Software Engineering
The Effect of Trust Assumptions on the Elaboration of Security Requirements
RE '04 Proceedings of the Requirements Engineering Conference, 12th IEEE International
Formalising UML state machines for model checking
UML'99 Proceedings of the 2nd international conference on The unified modeling language: beyond the standard
Secure Systems Development with UML
Secure Systems Development with UML
Code security analysis with assertions
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
QSIC '05 Proceedings of the Fifth International Conference on Quality Software
Tools for model-based security engineering
Proceedings of the 28th international conference on Software engineering
Proceedings of the 13th ACM conference on Computer and communications security
Model-Based Security Engineering of Distributed Information Systems Using UMLsec
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Developing Secure Embedded Systems: Pitfalls and How to Avoid Them
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Engineering Trust Management into Software Models
MISE '07 Proceedings of the International Workshop on Modeling in Software Engineering
Tools for model-based security engineering: models vs. code
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Model-based security analysis for mobile communications
Proceedings of the 30th international conference on Software engineering
Role-based trust management security policy analysis and correction environment (RT-SPACE)
Companion of the 30th international conference on Software engineering
An experimental environment for teaching Java security
Proceedings of the 6th international symposium on Principles and practice of programming in Java
Performance analysis of security aspects by weaving scenarios extracted from UML models
Journal of Systems and Software
Model-Based Run-Time Checking of Security Permissions Using Guarded Objects
Runtime Verification
A security-aware metamodel for multi-agent systems (MAS)
Information and Software Technology
Automated Security Verification for Crypto Protocol Implementations: Verifying the Jessie Project
Electronic Notes in Theoretical Computer Science (ENTCS)
Towards Model-Based Automatic Testing of Attack Scenarios
SAFECOMP '09 Proceedings of the 28th International Conference on Computer Safety, Reliability, and Security
A comparison of two approaches to safety analysis based on use cases
ER'07 Proceedings of the 26th international conference on Conceptual modeling
Automated analysis of permission-based security using UMLsec
FASE'08/ETAPS'08 Proceedings of the Theory and practice of software, 11th international conference on Fundamental approaches to software engineering
Introducing mitigation use cases to enhance the scope of test cases
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
A framework to support alignment of secure software engineering with legal regulations
Software and Systems Modeling (SoSyM)
Model-based security engineering with UML: introducing security aspects
FMCO'05 Proceedings of the 4th international conference on Formal Methods for Components and Objects
Tools for secure systems development with UML: security analysis with ATPs
FASE'05 Proceedings of the 8th international conference, held as part of the joint European Conference on Theory and Practice of Software conference on Fundamental Approaches to Software Engineering
Model-Based security engineering with UML
Foundations of Security Analysis and Design III
Dynamic secure aspect modeling with UML: from models to code
MoDELS'05 Proceedings of the 8th international conference on Model Driven Engineering Languages and Systems
Model-based security engineering for real
FM'06 Proceedings of the 14th international conference on Formal Methods
Tools for traceable security verification
VoCS'08 Proceedings of the 2008 international conference on Visions of Computer Science: BCS International Academic Conference
Generic modelling of security awareness in agent based systems
Information Sciences: an International Journal
Specifying model changes with UMLchange to support security verification of potential evolution
Computer Standards & Interfaces
Hi-index | 0.00 |
Developing security-critical systems is difficult and there are many well-known examples of security weaknesses exploited in practice. Thus a sound methodology supporting secure systems development is urgently needed.We present an extensible verification framework for verifying UML models for security requirements. In particular, it includes various plugins performing different security analyses on models of the security extension UMLsec of UML. Here, we concentrate on an automated theorem prover binding to verify security properties of UMLsec models which make use of cryptography (such as cryptographic protocols). The work aims to contribute towards usage of UML for secure systems development in practice by offering automated analysis routines connected to popular CASE tools. We present an example of such an application where our approach found and corrected several serious design flaws in an industrial biometric authentication system.