Intrusion detection aware component-based systems: A specification-based framework
Journal of Systems and Software
UMLtrust: towards developing trust-aware software
Proceedings of the 2008 ACM symposium on Applied computing
A model-based aspect-oriented framework for building intrusion-aware software systems
Information and Software Technology
An aspect oriented model of efficient and secure card-based payment system
Proceedings of the 2011 International Conference on Communication, Computing & Security
A model-based attack injection approach for security validation
Proceedings of the 4th international conference on Security of information and networks
Comparing attack trees and misuse cases in an industrial setting
Information and Software Technology
Hi-index | 0.01 |
Specifications of non-functional requirements (NFR) such as security, safety, usability are as important as specification of functional requirements (FR). Non conformance to some NFR may render the whole software useless. There are many difficulties associated with the representation of NFR and the complexity of their subsequent validation. The main objective of this work is towards incorporating an important aspect of NFR, i.e., security from the very beginning of a software development process. In this paper, a framework is presented for specifying intrusion scenarios in the Unified Modeling Language (UML). We describe a UML profile called UMLintr (UML for intrusion specifications) that allows developers to specify intrusions using UML notations extended to suit the context of intrusion scenarios. The framework utilizes the expressiveness of UML and eliminates the need of using attack languages that are proposed only to describe attack scenarios. Since developers do not need to learn a separate language to describe attacks, the task of specifying intrusion scenarios becomes much easier. This approach also helps to avoid conflicting (e.g., security vs. usability), ambiguous, and redundant requirements. Examples are provided to show the usage of the proposed UML profile.