Automated Verification of UMLsec Models for Security Requirements

  • Jan Jürjens
  • Pasha Shabalin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3273)


For model-based development to be a success in practice, it needs to have a convincing added-value associated with its use. Our goal is to provide such added-value by developing tool-support for the analysis of UML models against difficult system requirements. Towards this goal, we describe a UML verification framework supporting the construction of automated requirements analysis tools for UML diagrams. The framework is connected to industrial CASE tools using XMI and allows convenient access to this data and to the human user.

As a particular example for usage of this framework, we present verification routines for verifying models of the security extension UMLsec of UML. These plug-ins should not only contribute towards usage of UMLsec in practice by offering automated analysis routines connected to popular CASE tools. The verification framework should also allow advanced users of the UMLsec approach to themselves implement verification routines for the constraints of self-defined stereotypes, in a way that allows them to concentrate on the verification logic. In particular, we focus on an analysis plug-in that utilises the model-checker Spin to verify security properties of UMLsec models which make use of cryptography (such as cryptographic protocols).


Security Requirement Class Diagram Cryptographic Protocol Adversary Model Deployment Diagram 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BP04]
    Breu, R., Popp, G.: Actor-centric modeling of user rights. In: Wermelinger and Margaria [WM04], pp. 165–179Google Scholar
  2. [CBC+01]
    Cho, S.M., Bae, D.-H., Cha, S.D., Kim, Y.G., Yoo, B.K., Kim, S.T.: Applying model checking to concurrent object-oriented software. In: ISADS 1999, pp. 380–383. IEEE Computer Society, Los Alamitos (2001)Google Scholar
  3. [CRS04]
    Cavarra, A., Riccobene, E., Scandurra, P.: A framework to simulate UML models: moving from a semi-formal to a formal environment. In: SAC, pp. 1519–1523. ACM, New York (2004)Google Scholar
  4. [Dir02]
    Dirckze, R.: Java Metadata Interface (JMI) API 1.0 Specification (June 2002), Available at
  5. [EKHL03]
    Engels, G., Küster, J., Heckel, R., Lohmann, M.: Model-based verification and validation of properties. Electr. Notes Theor. Comput. Sci. 82(7) (2003)Google Scholar
  6. [Gen03]
    Gentleware, February 2004 (2003),
  7. [HJ03]
    Höhn, S., Jürjens, J.: Automated checking of SAP security permissions. In: 6th Working Conference on Integrity and Internal Control in Information Systems (IICIS), Lausanne, Switzerland, November 13-14, IFIP, Kluwer (2003)Google Scholar
  8. [HMR+98]
    Huber, F., Molterer, S., Rausch, A., Schätz, B., Sihling, M., Slotosch, O.: Tool supported specification and simulation of distributed systems. In: International Symposium on Software Engineering for Parallel and Distributed Systems, pp. 155–164 (1998)Google Scholar
  9. [Hol03]
    Holzmann, G.: The Spin Model Checker. Addison-Wesley, Reading (2003)Google Scholar
  10. [HW04]
    Houmb, S., Winther, R.: Security assessment object language (SOL). In: Software and Systems Modeling, Special issue on the CSDUML workshop (2004) (to be published)Google Scholar
  11. [Jür02]
    Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. [Jür04]
    Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)Google Scholar
  13. [KRFL04]
    Kim, D., Ray, I., France, R., Li, N.: Modeling role-based access control using parameterized UML models. In: Wermelinger and Margaria [WM04], pp. 180 – 193Google Scholar
  14. [LP99]
    Lilius, J., Porres, I.: Formalising UML state machines for model checking. In: France, R.B., Rumpe, B. (eds.) UML 1999. LNCS, vol. 1723, pp. 430–445. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  15. [Mat03]
    Matula, M.: Netbeans Metadata Repository, MDR (2003), Available from
  16. [Obj02]
    Object Management Group. OMG XML Metadata Interchange (XMI) Specification (January 2002), Available at (February 2004)
  17. [RSA78]
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21, 120–126 (1978)CrossRefzbMATHMathSciNetGoogle Scholar
  18. [SKM01]
    Schäfer, T., Knapp, A., Merz, S.: Model checking UML state machines and collaborations. In: Stoller, S.D., Visser, W. (eds.) Workshop on Software Model Checking. ENTCS, vol. 55, Elsevier, Amsterdam (2001)Google Scholar
  19. [Ste03]
    Stevens, P.: Small-scale XMI programming; a revolution in UML tool use? Journal of Automated Software Engineering 10(1), 7–21 (2003)CrossRefGoogle Scholar
  20. [UML]
  21. [WM04]
    Wermelinger, M., Margaria, T. (eds.): FASE 2004. LNCS, vol. 2984. Springer, Heidelberg (2004)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Jan Jürjens
    • 1
  • Pasha Shabalin
    • 1
  1. 1.Software & Systems EngineeringTU MunichGermany

Personalised recommendations