Towards Development of Secure Systems Using UMLsec

  • Jan Jürjens
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2029)


We show how UML (the industry standard in object-oriented modelling) can be used to express security requirements during system development. Using the extension mechanisms provided by UML, we incorporate standard concepts from formal methods regarding multi-level secure systems and security protocols. These definitions evaluate diagrams of various kinds and indicate possible vulnerabilities.

On the theoretical side, this work exemplifies use of the extension mechanisms of UML and of a (simplified) formal semantics for it. A more practical aim is to enable developers (that may not be security specialists) to make use of established knowledge on security engineering through the means of a widely used notation.


Security Level Class Diagram Security Protocol Sequence Diagram Formal Semantic 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [Aba00]
    M. Abadi. Security protocols and their properties. In F.L. Bauer and R. Steinbrueggen, editors, Foundations of Secure Computation, pages 39–60. IOS Press, 2000. 20th Int. Summer School, Marktoberdorf, Germany.Google Scholar
  2. [AJ00]
    M. Abadi and Jan Jurjens. Formal eavesdropping and its computational interpretation, 2000. submitted.Google Scholar
  3. [And94]
    R. Anderson. Why cryptosystems fail. Communications of the ACM, 37(11):32–40, November 1994.CrossRefGoogle Scholar
  4. [APS99]
    V. Apostolopoulos, V. Peris, and D. Saha. Transport layer security: How much does it really cost? In Conference on Computer Communications (IEEE Infocom), New York, March 1999.Google Scholar
  5. [AR00]
    E. Astesiano and G. Reggio. Formalism and method, 2000. to appear in Theoretical Computer Science.Google Scholar
  6. [BAN89]
    M. Burrows, M. Abadi, and R. Needham. A logic of authentication. Proceedings of the Royal Society of London A, 426:233–271, 1989.zbMATHMathSciNetCrossRefGoogle Scholar
  7. [BD00]
    C. Bolton and J. Davies. Using relational and behavioural semantics in the verification of object models. In C. Talcott and S. Smith, editors, Proceedings of FMOODS. Kluwer, 2000.Google Scholar
  8. [BGH+98]
    R. Breu, R. Grosu, F. Huber, B. Rumpe, and W. Schwerin. Systems, views and models of UML. In M. Schader and A. Korthaus, editors, The Unified Modeling Language, Technical Aspects and Applications, pages 93–109. Physica Verlag, Heidelberg, 1998.Google Scholar
  9. [BS00]
    M. Broy and K. St∅len. Specification and Development of Interactive Systems. Springer, 2000. (to be published).Google Scholar
  10. [CKM+99]
    S. Cook, A. Kleppe, R. Mitchell, B. Rumpe, J. Warmer, and A. Wills. Defining UML family members using prefaces. In Ch. Mingins and B. Meyer, editors, TOOLS’99 Pacific. IEEE Computer Society, 1999.Google Scholar
  11. [DS00]
    P. Devanbu and S. Stubblebine. Software engineering for security: a roadmap. In The Future of Software Engineering, 2000. Special volume (ICSE 2000).Google Scholar
  12. [EFLR99]
    A. Evans, R. France, K. Lano, and B. Rumpe. The UML as a formal modeling notation. In J. Bezivin and P.-A. Muller, editors, The Unified Modeling Language-Workshop UML’98: Beyond the Notation, LNCS. Springer, 1999.Google Scholar
  13. [For99]
    UML Revision Task Force. OMG UML Specification 1.3. Available at, 1999.
  14. [GM82]
    J. Goguen and J. Meseguer. Security policies and security models. In Symposium on Security and Privacy, pages 11–20. IEEE Computer Society, 1982.Google Scholar
  15. [GPP98]
    M. Gogolla and F. Parisi-Presicce. State diagrams in UML: A formal semantics using graph transformations. In M. Broy, D. Coleman, T. Maibaum, and B. Rumpe, editors, PSMT’98. TU Munchen, TUM-I9803, 1998.Google Scholar
  16. [Huß99]
    H. Hußmann. Formale Beschreibungstechniken und praktische Softwaretechnik-eine ungluckliche Verbindung? In K. Spies and B. Schatz, editors, Formale Beschreibungstechniken’ 99, pages 1–6. Herbert Utz Verlag, 1999.Google Scholar
  17. [IT95]
    ITU-T. Z.120 B-Message Sequence Chart Algebraic Semantics. ITU-T, Geneva, 1995.Google Scholar
  18. [Jur00]
    Jan Jurjens. Secure information flow for concurrent processes. In C. Palamidessi, editor, CONCUR 2000 (11th International Conference on Concurrency Theory), volume 1877 of LNCS, pages 395–409, Pennsylvania, 2000. Springer.Google Scholar
  19. [Jur01a]
    Jan Jurjens. Object-oriented modelling of audit security-a smart-card case study. 2001. submitted.Google Scholar
  20. [Jur01b]
    Jan Jurjens. Principles of Secure Systems Design. PhD thesis, Oxford University Computing Laboratory, 2001. in preparation.Google Scholar
  21. [Jur01c]
    Jan Jurjens. Secrecy-preserving refinement. In J. Fiadeiro and P. Zave, editors, Formal Methods Europe, LNCS. Springer, 2001. to be published.Google Scholar
  22. [Low96]
    G. Lowe. Breaking and fixing the Needham-Schroeder Public-Key Protocol using FDR. In Margaria and Steffen, editors, TACAS, volume 1055 of LNCS, pages 147–166. Springer, 1996.Google Scholar
  23. [Ove00]
    G. Overgaard. Formal specification of object-oriented meta-modelling. In FASE2000, volume 1783 of LNCS. Springer, 2000.Google Scholar
  24. [PSW+98]
    A. Pfitzmann, A. Schill, A. Westfeld, G. Wicke, G. Wolf, and J. Zollner. A Java-based distributed platform for multilateral security. In IFIP/GI Working Conference “Trends in Electronic Commerce”, volume 1402 of LNCS, pages 52–64. Springer, 1998.Google Scholar
  25. [RACH00]
    G. Reggio, E. Astesiano, C. Choppy, and H. Hußmann. Analysing UML active classes and associated state machines-A lightweight formal approach. In FASE2000, volume 1783 of LNCS. Springer, 2000.Google Scholar
  26. [RCA00]
    G. Reggio, M. Cerioli, and E. Astesiano. An algebraic semantics of UML supporting its multiview approach. In D. Heylen, A. Nijholt, and G. Scollo, editors, AMiLP 2000, 2000.Google Scholar
  27. [RJB99]
    J. Rumbaugh, I. Jacobson, and G. Booch. The Unified Modeling Language Reference Manual. Addison-Wesley, 1999.Google Scholar
  28. [RWW94]
    A. Roscoe, J. Woodcock, and L. Wulf. Non-interference through determinism. In ESORICS 94, volume 875 of LNCS. Springer, 1994.Google Scholar
  29. [SP00]
    P. Stevens and R. Pooley. Using UML. Addison-Wesley, 2000.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Jan Jürjens
    • 1
  1. 1.Computing LaboratoryUniversity of Oxford, GBUK

Personalised recommendations