Model-Based Security Engineering with UML: Introducing Security Aspects

  • Jan Jürjens
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4111)


Developing security-critical systems is difficult and there are many well-known examples of security weaknesses exploited in practice. Thus a sound methodology supporting secure systems development is urgently needed.

Our aim is to aid the difficult task of developing security-critical systems in a formally based approach using the notation of the Unified Modeling Language. We present the extension UMLsec of UML that allows one to express security-relevant information within the diagrams in a system specification. UMLsec is defined in form of a UML profile using the standard UML extension mechanisms. In particular, the associated constraints give criteria to evaluate the security aspects of a system design, by referring to a formal semantics of a simplified fragment of UML. In this tutorial exposition, we concentrate on an approach to develop and analyze security-critical specifications and implementations using aspect-oriented modeling.


Security Requirement Security Analysis Sequence Diagram Formal Semantic Automate Theorem Prover 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [ABdBS04]
    Ábráham, E., Bonsangue, M.M., de Boer, F.S., Steffen, M.: Object connectivity and full abstraction for a concurrent calculus of classes. In: Liu, Z., Araki, K. (eds.) ICTAC 2004. LNCS, vol. 3407, pp. 37–51. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. [Abs04]
    AbsInt. Aicall. (2004),
  3. [AJ01]
    Abadi, M., Jürjens, J.: Formal eavesdropping and its computational interpretation. In: Kobayashi, N., Pierce, B.C. (eds.) TACS 2001. LNCS, vol. 2215, pp. 82–94. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. [BM03]
    Braun, P., Marschall, F.: The BOTL tool (2003),
  5. [BS01]
    Broy, M., Stølen, K.: Specification and Development of Interactive Systems. Springer, Heidelberg (2001)MATHGoogle Scholar
  6. [dBBSA04]
    de Boer, F.S., Bonsangue, M.M., Steffen, M., Ábráham, E.: A fully abstract semantics for UML components. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2004. LNCS, vol. 3657, pp. 49–69. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. [dBKPR89]
    de Boer, F.S., Koek, J.N., Palamidessi, C., Rutten, J.J.M.M.: Control flow versus logic: a denotational and a declarative model for guarded Horn clauses. In: Kreczmar, A., Mirkowska, G. (eds.) MFCS 1989. LNCS, vol. 379, pp. 165–176. Springer, Heidelberg (1989)Google Scholar
  8. [DHH02]
    Dams, D., Hesse, W., Holzmann, G.J.: Abstracting C with abC. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 515–520. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. [DY83]
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory IT-29(2), 198–208 (1983)CrossRefMathSciNetGoogle Scholar
  10. [FELR98]
    France, R.B., Evans, A., Lano, K., Rumpe, B.: The UML as a formal modeling notation. Computer Standards & Interfaces 19, 325–334 (1998)CrossRefGoogle Scholar
  11. [FRGG04]
    France, R.B., Ray, I., Georg, G., Ghosh, S.: Aspect-oriented approach to early design modelling. IEE Proceedings - Software 151(4), 173–186 (2004)CrossRefGoogle Scholar
  12. [FSKdR05]
    Fecher, H., Schönborn, J., Kyas, M., de Roever, W.P.: 29 new unclarities in the semantics of UML 2.0 state machines. In: Lau, K.-K., Banach, R. (eds.) ICFEM 2005. LNCS, vol. 3785, pp. 52–65. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. [Gur00]
    Gurevich, Y.: Abstract state machines. In: Rus, T. (ed.) AMAST 2000. LNCS, vol. 1816. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  14. [HLN04]
    Haley, C., Laney, R., Nuseibeh, B.: Deriving security requirements from crosscutting threat descriptions. In: 3rd International Conference on Aspect Oriented Software Development (AOSD 2004). ACM, New York (2004)Google Scholar
  15. [HS03]
    Haugen, Ø., Stølen, K.: STAIRS – Steps To Analyze Interactions with Refinement Semantics. In: Stevens, P., Whittle, J., Booch, G. (eds.) UML 2003. LNCS, vol. 2863, pp. 388–402. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. [JH05]
    Jürjens, J., Houmb, S.H.: Dynamic secure aspect modeling with UML: From models to code. In: Briand, L.C., Williams, C. (eds.) MoDELS 2005. LNCS, vol. 3713, pp. 142–155. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. [Jür01]
    Jürjens, J.: Towards development of secure systems using UMLsec. In: Hussmann, H. (ed.) ETAPS 2001 and FASE 2001. LNCS, vol. 2029, pp. 187–200. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. [Jür02]
    Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)Google Scholar
  19. [Jür04]
    Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)Google Scholar
  20. [Jür05a]
    Jürjens, J.: Code security analysis of a biometric authentication system using automated theorem provers. In: ACSAC 2005. IEEE, Los Alamitos (2005)Google Scholar
  21. [Jür05b]
    Jürjens, J.: Sound methods and effective tools for model-based security engineering with UML. In: 27th International Conference on Software Engineering (ICSE 2005). IEEE, Los Alamitos (2005)Google Scholar
  22. [Jür06]
    Jürjens, J.: Security analysis of crypto-based Java programs using automated theorem provers. In: Easterbrook, S., Uchitel, S. (eds.) 21st IEEE/ACM International Conference on Automated Software Engineering (ASE 2006). ACM Press, New York (2006)Google Scholar
  23. [OGO04]
    Graf, S., Ober, I., Ober, I.: Validation of UML models via a mapping to communicating extended timed automata. In: Graf, S., Mounier, L. (eds.) SPIN 2004. LNCS, vol. 2989, pp. 127–145. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  24. [UML03]
    UML Revision Task Force. OMG UML Specification v. 1.5. OMG Document formal/03-03-01 (March 2003), Available at:
  25. [UML04]
    UMLsec group. Security analysis tool (2004),

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jan Jürjens
    • 1
  1. 1.Dep. of InformaticsTU MunichGermany

Personalised recommendations