Systematic Development of UMLsec Design Models Based on Security Requirements

  • Denis Hatebur
  • Maritta Heisel
  • Jan Jürjens
  • Holger Schmidt
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6603)


Developing security-critical systems in a way that makes sure that the developed systems actually enforce the desired security requirements is difficult, as can be seen by many security vulnerabilities arising in practice on a regular basis. Part of the difficulty is the transition from the security requirements analysis to the design, which is highly non-trivial and error-prone, leaving the risk of introducing vulnerabilities. Unfortunately, existing approaches bridging this gap largely only provide informal guidelines for the transition from security requirements to secure design.

We present a method to systematically develop structural and behavioral UMLsec design models based on security requirements. Each step of our method is supported by model generation rules expressed as pre- and postconditions using the formal specification language OCL. Moreover, we present a concept for a CASE tool based on the model generation rules. Thus, applying our method to generate UMLsec design models supported by this tool and based on previously captured and analyzed security requirements becomes systematic, less error-prone, and a more routine engineering activity.

We illustrate our method by the example of a patient monitoring system.


Security Requirement Sequence Diagram Eclipse Modeling Framework Patient Monitoring System Security Requirement Engineering 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Cariou, E., Marvie, R., Seinturier, L., Duchien, L.: OCL for the specification of model transformation contracts. In: Baar, T., Strohmeier, A., Moreira, A., Mellor, S.J. (eds.) UML 2004. LNCS, vol. 3273, Springer, Heidelberg (2004)Google Scholar
  2. 2.
    Côté, I., Hatebur, D., Heisel, M., Schmidt, H., Wentzlaff, I.: A systematic account of problem frames. In: Proceedings of the European Conference on Pattern Languages of Programs (EuroPLoP), pp. 749–767. Universitätsverlag Konstanz (2008)Google Scholar
  3. 3.
    Fabian, B., Gürses, S., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements engineering methods. Requirements Engineering – Special Issue on Security Requirements Engineering 15(1), 7–40 (2010)Google Scholar
  4. 4.
    Giorgini, P., Mouratidis, H.: Secure tropos: A security-oriented extension of the tropos methodology. International Journal of Software Engineering and Knowledge Engineering 17(2), 285–309 (2007)CrossRefGoogle Scholar
  5. 5.
    Hatebur, D., Heisel, M.: A UML profile for requirements analysis of dependable software. In: Schoitsch, E. (ed.) SAFECOMP 2010. LNCS, vol. 6351, pp. 317–331. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Hatebur, D., Heisel, M., Schmidt, H.: Analysis and component-based realization of security requirements. In: Proceedings of the International Conference on Availability, Reliability and Security (AReS), pp. 195–203. IEEE Computer Society Press, Los Alamitos (2008)Google Scholar
  7. 7.
    Houmb, S.H., Islam, S., Knauss, E., Jürjens, J., Schneider, K.: Eliciting security requirements and tracing them to design: An integration of common criteria, heuristics, and UMLsec. Requirements Engineering – Special Issue on Security Requirements Engineering 15(1), 63–93 (2010)Google Scholar
  8. 8.
    Jackson, M.: Problem Frames. Analyzing and structuring software development problems. Addison-Wesley, Reading (2001)Google Scholar
  9. 9.
    Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)zbMATHGoogle Scholar
  10. 10.
    Lodderstedt, T., Basin, D.A., Doser, J.: SecureUML: A UML-based modeling language for model-driven security. In: Proceedings of the International Conference on the Unified Modeling Language (UML), London, UK, pp. 426–441. Springer, Heidelberg (2002)Google Scholar
  11. 11.
    Millan, T., Sabatier, L., Le Thi, T.-T., Bazex, P., Percebois, C.: An OCL extension for checking and transforming uml models. In: Proceedings of the WSEAS International Conference on Software Engineering, Parallel and distributed Systems (SEPADS), Stevens Point, Wisconsin, USA, pp. 144–149. World Scientific and Engineering Academy and Society (WSEAS), Singapore (2009)Google Scholar
  12. 12.
    Mouratidis, H., Jürjens, J.: From goal-driven security requirements engineering to secure design. International Journal of Intelligent Systems – Special issue on Goal-Driven Requirements Engineering 25(8), 813–840 (2010)Google Scholar
  13. 13.
    Schmidt, H.: A Pattern- and Component-Based Method to Develop Secure Software. Deutscher Wissenschafts-Verlag (DWV) Baden-Baden (April 2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Denis Hatebur
    • 1
    • 4
  • Maritta Heisel
    • 1
  • Jan Jürjens
    • 2
    • 3
  • Holger Schmidt
    • 2
  1. 1.Software Engineering, Department of Computer Science and Applied Cognitive Science, Faculty of EngineeringUniversity Duisburg-EssenGermany
  2. 2.Software Engineering, Department of Computer ScienceTU DortmundGermany
  3. 3.Fraunhofer Institut für Software- und SystemtechnikGermany
  4. 4.Institut für technische Systeme GmbHGermany

Personalised recommendations