Dynamic Secure Aspect Modeling with UML: From Models to Code

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3713)


Security engineering deals with modeling, analysis, and implementation of complex security mechanisms. The dynamic nature of such mechanisms makes it difficult to anticipate undesirable emergent behavior. In this work, we propose an approach to develop and analyze security-critical specifications and implementations using aspect-oriented modeling. Since we focus on the dynamic views of a system, our work is complementary to existing approaches to security aspects mostly concerned with static views. Our approach includes a link to implementations in so far as the code which is constructed from the models can be analyzed automatically for satisfaction of the security requirements stated in the UML diagrams. We present tool support for our approach.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [Abs04]
    AbsInt. aicall (2004),
  2. [BJCR05]
    Broy, M., Jürjens, J., Cengarle, V., Rumpe, B.: Towards a system model for UML. Technical report, TU Munich (2005)Google Scholar
  3. [BM03]
    Braun, P., Marschall, F.: The BOTL tool (2003),
  4. [DY83]
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory IT-29(2), 198–208 (1983)CrossRefMathSciNetGoogle Scholar
  5. [EAB02]
    Elrad, T., Aldawud, O., Bader, A.: Aspect-oriented modeling: Bridging the gap between implementation and design. In: Batory, D., Consel, C., Taha, W. (eds.) GPCE 2002. LNCS, vol. 2487, pp. 189–201. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. [EAK+01]
    Elrad, T., Aksit, M., Kiczales, G., Lieberherr, K.J., Ossher, H.: Discussing aspects of AOP. Commun. ACM 44(10), 33–38 (2001)CrossRefGoogle Scholar
  7. [FKGS04]
    France, R.B., Kim, D., Ghosh, S., Song, E.: A UML-based pattern specification technique. IEEE Trans. Software Eng. 30(3), 193–206 (2004)CrossRefGoogle Scholar
  8. [FRGG04]
    France, R.B., Ray, I., Georg, G., Ghosh, S.: Aspect-oriented approach to early design modelling. IEE Proceedings - Software 151(4), 173–186 (2004)CrossRefGoogle Scholar
  9. [GS04]
    Gomaa, H., Shin, M.E.: Modeling complex systems by separating application and security concerns. In: ICECCS, pp. 19–28. IEEE Computer Society, Los Alamitos (2004)Google Scholar
  10. [Jür02]
    Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)Google Scholar
  11. [Jür03]
    Jürjens, J.: Developing safety-critical systems with UML. In: Stevens, P., Whittle, J., Booch, G. (eds.) UML 2003. LNCS, vol. 2863, pp. 360–372. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. [Jür04a]
    Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)Google Scholar
  13. [Jür04b]
    Jürjens, J.: Security analysis tool (webinterface and download) (2004),
  14. [Jür05]
    Jürjens, J.: Sound methods and effective tools for model-based security engineering with UML. In: 27th International Conference on Software Engineering (ICSE 2005), IEEE Computer Society, Los Alamitos (2005)Google Scholar
  15. [LB04]
    Lee, J.-S., Bae, D.-H.: An aspect-oriented framework for developing component-based software with the collaboration-based architectural style. Information & Software Technology 46(2), 81–97 (2004)CrossRefGoogle Scholar
  16. [MSRM04]
    Marcus, A., Sergeyev, A., Rajlich, V., Maletic, J.I.: An information retrieval approach to concept location in source code. In: WCRE, pp. 214–223. IEEE Computer Society, Los Alamitos (2004)Google Scholar
  17. [SFWW03]
    Schumann, J., Fischer, B., Whalen, M.W., Whittle, J.: Certification support for automatically generated programs. In: HICSS, p. 337 (2003)Google Scholar
  18. [SS01]
    Sutcliffe, G., Suttner, C.: The TPTP problem library for automated theorem proving (2001), Available at
  19. [SW00]
    Stenz, G., Wolf, A.: E-SETHEO: An automated3 theorem prover. In: Dyckhoff, R. (ed.) TABLEAUX 2000. LNCS, vol. 1847, pp. 436–440. Springer, Heidelberg (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  1. 1.Software & Systems Engineering, Dep. of InformaticsTU MunichGermany
  2. 2.Department of Computer and Information ScienceNorwegian University of Science and TechnologyNorway

Personalised recommendations