Abstract
For model-based development to be a success in practice, it needs to have a convincing added-value associated with its use. Our goal is to provide such added-value by developing tool-support for the analysis of UML models against difficult system requirements. Towards this goal, we describe a UML verification framework supporting the construction of automated requirements analysis tools for UML diagrams. The framework is connected to industrial CASE tools using XMI and allows convenient access to this data and to the human user.
As a particular example for usage of this framework, we present verification routines for verifying models of the security extension UMLsec of UML. These plug-ins should not only contribute towards usage of UMLsec in practice by offering automated analysis routines connected to popular CASE tools. The verification framework should also allow advanced users of the UMLsec approach to themselves implement verification routines for the constraints of self-defined stereotypes, in a way that allows them to concentrate on the verification logic. In particular, we focus on an analysis plug-in that utilises the model-checker Spin to verify security properties of UMLsec models which make use of cryptography (such as cryptographic protocols).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Breu, R., Popp, G.: Actor-centric modeling of user rights. In: Wermelinger and Margaria [WM04], pp. 165–179
Cho, S.M., Bae, D.-H., Cha, S.D., Kim, Y.G., Yoo, B.K., Kim, S.T.: Applying model checking to concurrent object-oriented software. In: ISADS 1999, pp. 380–383. IEEE Computer Society, Los Alamitos (2001)
Cavarra, A., Riccobene, E., Scandurra, P.: A framework to simulate UML models: moving from a semi-formal to a formal environment. In: SAC, pp. 1519–1523. ACM, New York (2004)
Dirckze, R.: Java Metadata Interface (JMI) API 1.0 Specification (June 2002), Available at http://jcp.org/aboutJava/communityprocess/final/jsr040/index.html
Engels, G., Küster, J., Heckel, R., Lohmann, M.: Model-based verification and validation of properties. Electr. Notes Theor. Comput. Sci. 82(7) (2003)
Gentleware, February 2004 (2003), http://www.gentleware.com
Höhn, S., Jürjens, J.: Automated checking of SAP security permissions. In: 6th Working Conference on Integrity and Internal Control in Information Systems (IICIS), Lausanne, Switzerland, November 13-14, IFIP, Kluwer (2003)
Huber, F., Molterer, S., Rausch, A., Schätz, B., Sihling, M., Slotosch, O.: Tool supported specification and simulation of distributed systems. In: International Symposium on Software Engineering for Parallel and Distributed Systems, pp. 155–164 (1998)
Holzmann, G.: The Spin Model Checker. Addison-Wesley, Reading (2003)
Houmb, S., Winther, R.: Security assessment object language (SOL). In: Software and Systems Modeling, Special issue on the CSDUML workshop (2004) (to be published)
Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)
Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)
Kim, D., Ray, I., France, R., Li, N.: Modeling role-based access control using parameterized UML models. In: Wermelinger and Margaria [WM04], pp. 180 – 193
Lilius, J., Porres, I.: Formalising UML state machines for model checking. In: France, R.B., Rumpe, B. (eds.) UML 1999. LNCS, vol. 1723, pp. 430–445. Springer, Heidelberg (1999)
Matula, M.: Netbeans Metadata Repository, MDR (2003), Available from http://mdr.netbeans.org
Object Management Group. OMG XML Metadata Interchange (XMI) Specification (January 2002), Available at http://www.omg.org/cgi-bin/doc?formal/2002-01-01 (February 2004)
Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21, 120–126 (1978)
Schäfer, T., Knapp, A., Merz, S.: Model checking UML state machines and collaborations. In: Stoller, S.D., Visser, W. (eds.) Workshop on Software Model Checking. ENTCS, vol. 55, Elsevier, Amsterdam (2001)
Stevens, P.: Small-scale XMI programming; a revolution in UML tool use? Journal of Automated Software Engineering 10(1), 7–21 (2003)
Wermelinger, M., Margaria, T. (eds.): FASE 2004. LNCS, vol. 2984. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jürjens, J., Shabalin, P. (2004). Automated Verification of UMLsec Models for Security Requirements. In: Baar, T., Strohmeier, A., Moreira, A., Mellor, S.J. (eds) «UML» 2004 — The Unified Modeling Language. Modeling Languages and Applications. UML 2004. Lecture Notes in Computer Science, vol 3273. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30187-5_26
Download citation
DOI: https://doi.org/10.1007/978-3-540-30187-5_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23307-7
Online ISBN: 978-3-540-30187-5
eBook Packages: Springer Book Archive