Integrating Security Properties with Systems Design Artefacts

  • Khaled Md. Khan
Conference paper


This paper makes an attempt to propose a framework that enables systems developers to express and integrate security properties with the system functionality from the beginning of the information systems (IS) development process. We propose a UML based security integration framework that will enable IS developer to specify and incorporate underlying security properties with the corresponding functional properties in the design artefacts. In current practices, a system is analysed and designed around business objects and operations. IS developers only consider objects and functionality during the system analysis and design process, whereas security designers define the security of the system. We use UML to show how the security properties defined by the security experts can be incorporated with the use case, class diagram, and interaction diagrams along with the systems functionality designed by systems analysts and designers.


Information System Security Policy System Functionality Class Diagram Security Property 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    J. Viega, G. McGraw, Building Secure Software: How to Avoid Security Problems the Right Way. ( Addison-Wesley, Reading, Mass., 2001 ).Google Scholar
  2. 2.
    A. Ghosh, C. Howell, J. Whittaker, Building Software Securely from the Ground Up, IEEE Software, Vol. 19, no. I, 14–16 ( IEEE CS press, Los Alamitos, Calif., 2002 ).Google Scholar
  3. 3.
    G. Abowd, R. Allen, and D. Garlan, Formalizing Style to Understand Descriptions of Software Architecture, ACM Trans. on Software Engineering and Methodology, 4 (4), 319–365 (1995).CrossRefGoogle Scholar
  4. 4.
    C. Larman, Applying UML and Patterns (Prentice Hall, 1997 ).Google Scholar
  5. 5.
    B. Friedman, P. Kahn Jr., and D. Howe, Trust Online, Communications of the ACM, Vol. 43, No. 12, 34–44 ( ACM press, December 2000 ).Google Scholar
  6. 6.
    L. Bass, P. Clements, R. Kazman, Software Architecture in Practice (Addison-Wesley, 1998 ).Google Scholar
  7. 7.
    J. Juryens, UMLsec: Extending UML for Secure Systems Development, Proc. 5th International Conference on UML, 412–425 (Springer-verlag, 2002 ).Google Scholar
  8. 8.
    K. Khan, J. Han, Composing Security-Aware Composition, IEEE Software, Vol. 19–1, January-February 3441 ( IEEE CS press, Los Alamitos, Calif., 2002 ).Google Scholar
  9. 9.
    G. Ribeiro-Justo, A. Saleh, Non-functional Integration and Coordination of Distributed Component Services, Proc. 6th European Conference on Software Maintenance and Reengineering, (IEEE CS press, Los Alamitos, Calif. 2002 ).Google Scholar
  10. 10.
    Common Criteria ISO/IEC-15408. Common Criteria for Information Technology Security Evaluation, version 2.0, (NIST, USA, 1999 ), Google Scholar

Copyright information

© Springer Science+Business Media New York 2004

Authors and Affiliations

  • Khaled Md. Khan
    • 1
    • 2
  1. 1.School of Computing and Information TechnologyUniversity of Western SydneyAustralia
  2. 2.Monash UniversityAustralia

Personalised recommendations