Model-Based Security Engineering for Real

  • Jan Jürjens
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4085)


We give an overview over a soundly based secure software engineering methodology and associated tool-support developed over the last few years under the name of Model-based Security Engineering (MBSE). We focus in particular on applications in industry.


Security Requirement Security Analysis Automate Theorem Prover Abstract State Machine Security Expert 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BAN89]
    Burrows, M., Abadi, M., Needham, R.: A logic of authentication. Proceedings of the Royal Society, Series A 426(1871), 233–271 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  2. [CW96]
    Clarke, E., Wing, J.: Formal methods: State of the art and future directions. ACM Computing Surveys 28(4), 626–643 (1996)CrossRefGoogle Scholar
  3. [DS00]
    Devanbu, P., Stubblebine, S.: Software engineering for security: a roadmap. In: The Future of Software Engineering (ICSE 2000), pp. 227–239 (2000)Google Scholar
  4. [Hei99]
    Heitmeyer, C.: Formal methods for developing software specifications: Paths to wider usage. In: Arabnia, H.R. (ed.) PDPTA 1999 (1999)Google Scholar
  5. [Hoa96]
    Hoare, C.A.R.: How did software get so reliable without proof? In: Gaudel, M.-C., Woodcock, J.C.P. (eds.) FME 1996. LNCS, vol. 1051, pp. 1–17. Springer, Heidelberg (1996)Google Scholar
  6. [Jür02]
    Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 412. Springer, Heidelberg (2002)Google Scholar
  7. [Jür04]
    Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)Google Scholar
  8. [Jür05a]
    Jürjens, J.: Code security analysis of a biometric authentication system using automated theorem provers. In: ACSAC 2005. IEEE, Los Alamitos (2005)Google Scholar
  9. [Jür05b]
    Jürjens, J.: Sound methods and effective tools for model-based security engineering with UML. In: 27th Int. Conf. on Softw.  Engineering. IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
  10. [Jür06]
    Jürjens, J.: Security analysis of crypto-based Java programs using automated theorem provers. In: 21st IEEE/ACM Int. Conf. Autom. Softw. Eng. (2006)Google Scholar
  11. [Jür07]
    Jürjens, J.: IT-Security. Springer, Heidelberg (in preparation, 2007)Google Scholar
  12. [KK04]
    Kilian-Kehr, R.: Can formal verification become mainstream in software engineering? In: Jürjens, J. (ed.) 2nd Works. of the GI-WG FoMSESS (2004)Google Scholar
  13. [KMM94]
    Kemmerer, R., Meadows, C., Millen, J.: Three systems for cryptographic protocol analysis. Journal of Cryptology 7(2), 79–130 (1994)zbMATHCrossRefGoogle Scholar
  14. [Low96]
    Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. Software Concepts and Tools 17(3), 93–102 (1996)Google Scholar
  15. [Pau98]
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6(1–2), 85–128 (1998)Google Scholar
  16. [UML04]
    UMLsec group. Security analysis tool (2004),

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jan Jürjens
    • 1
  1. 1.Software & Systems Engineering, Dep. of InformaticsTU MunichGermany

Personalised recommendations