UMLsec: Extending UML for Secure Systems Development

  • Jan Jürjens
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2460)


Developing secure-critical systems is difficult and there are many well-known examples of security weaknesses exploitedin practice. Thus a sound methodology supporting secure systems development is urgently needed.

Our aim is to aid the difficult task of developing security-critical systems in an approach basedon the notation of the Unified Modeling Language. We present the extension UMLsec of UML that allows to express securityrelevant information within the diagrams in a system specification. UMLsec is defined in form of a UML profile using the standard UML extension mechanisms. In particular, the associatedc onstraints give criteria to evaluate the security aspects of a system design, by referring to a formal semantics of a simplified fragment of UML. We demonstrate the concepts with examples.


Security Requirement Local Area Network Formal Semantic Activity Diagram Adversary Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [ACM02]
    ACM. Symposium of Applied Computing 2002, Madrid, March 11–14 2002.Google Scholar
  2. [BCR00]
    E. Börger, A. Cavarra, and E. Riccobene. Modeling the dynamics of UML State Machines. In ASMs, volume 1912 of LNCS. Springer, 2000.Google Scholar
  3. [BLMF00]
    J.-Michel Bruel, J. Lilius, A. Moreira, and R. B. France. Defining Precise Semantics for UML. In ECOOP’2000 Workshop Reader, volume 1964 of LNCS. Springer, 2000.Google Scholar
  4. [DS00]
    P. Devanbu and S. Stubblebine. Software engineering for security: a roadmap. In The Future of Software Engineering (ICSE 2000), pages 227–239, 2000.Google Scholar
  5. [EHHS00]
    G. Engels, J. Hausmann, R. Heckel, and S. Sauer. Dynamic metamodeling. In Evans et al. [EKS00], pages 323–337.Google Scholar
  6. [EKS00]
    A. Evans, S. Kent, and B. Selic, editors. The Unified Modeling Language: Advancing the Standard (UML’2000), volume 1939 of LNCS. Springer, 2000.Google Scholar
  7. [FH97]
    E. B. Fernandez and J. C. Hawkins. Determining role rights from use cases. In Workshop on Role-Based Access Control, pages 121–125. ACM, 1997.Google Scholar
  8. [GPP98]
    M. Gogolla and F. Parisi-Presicce. State diagrams in UML. In PSMT’98. TU München, TUM-I9803, 1998.Google Scholar
  9. [HJGP99]
    W.-M. Ho, J.-M. Jézéquel, A. Le Guennec, and F. Pennaneac'h. UMLAUT: an extendible UML transformation framework. In ASE, 1999.Google Scholar
  10. [Huß01]
    H. Hußmann, editor. Fundamental Approaches to Software Engineering (FASE, 4th International Conference), volume 2029 of LNCS. Springer, 2001.zbMATHGoogle Scholar
  11. [Jür01]
    J. Jürjens. Towards development of secure systems using UML. In Hußmann [Huß01], pages 187–200.Google Scholar
  12. [Jür02a]
    J. Jürjens. A UML statecharts semantics with message-passing. In Symposium of Applied Computing 2002 [ACM02], pages 1009–1013.Google Scholar
  13. [Jür02b]
    J. Jürjens. Formal Semantics for Interacting UML subsystems. In FMOODS 2002, pages 29–44. IFIP, Kluwer, 2002.Google Scholar
  14. [Jür02c]
    J. Jürjens. Principles for Secure Systems Design. PhD thesis, Oxford University Computing Laboratory, Trinity Term 2002. Submitted.Google Scholar
  15. [Jür02d]
    J. Jürjens. Using UMLsec andG oal-Trees for Secure Systems Development. In Symposium of Applied Computing 2002 [ACM02], pages 1026–1031.Google Scholar
  16. [JW01]
    J. Jürjens and G. Wimmel. Security modelling for electronic commerce: The Common Electronic Purse Specifications. In I3E 2001, pages 489–506. IFIP, Kluwer, 2001.Google Scholar
  17. [KER99]
    S. Kent, A. Evans, and B. Rumpe. UML Semantics FAQ. In ECOOP’99 Workshop Reader, volume 1743 of LNCS. Springer, 1999.Google Scholar
  18. [Kob01]
    C. Kobryn. Modeling Distributed Applications with UML, Part IV. In J. Siegel, editor, Quick CORBA 3, chapter 1. Wiley, 2001.Google Scholar
  19. [MC01]
    W. E. McUmber and B. H. C. Cheng. A Generic Framework for Formalizing UML. In ICSE. IEEE Computer Society, 2001.Google Scholar
  20. [MCY99]
    J. Mylopoulos, L. Chung, and E. Yu. From object-oriented to goaloriented requirements analysis. Communications of the ACM, 42(1):31–37, 1999.CrossRefGoogle Scholar
  21. [RJB99]
    J. Rumbaugh, I. Jacobson, and G. Booch. The Unified Modeling Language Reference Manual. Addison-Wesley, 1999.Google Scholar
  22. [Ste01]
    P. Stevens. On use cases and their relationships in the Unified Modelling Language. In Hußmann [Huß01], pages 140–155.Google Scholar
  23. [SW98]
    A. Schürr and A. Winter. Formal Definition of UML’s Package Concept. In UML—Technical Aspects and Applications, pages 144–159, 1998.Google Scholar
  24. [UML01]
    UML Revision Task Force. OMG UML Specification v. 1.4. OMG Document ad/01-09-67. Available at, 2001.
  25. [Whi00]
    J. Whittle. Formal approaches to systems analysis using UML: An overview. Journal of Database Management, 11(4):4–13, 2000.Google Scholar
  26. [WW01]
    G. Wimmel and A. Wißpeitner. Extended description techniques for security engineering. In IFIP SEC 2001. Kluwer, 2001.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Jan Jürjens
    • 1
  1. 1.Software & Systems Engineering, Dep. of InformaticsMunich University of TechnologyGermany

Personalised recommendations