Incremental Security Verification for Evolving UMLsec models

  • Jan Jürjens
  • Loïc Marchal
  • Martín Ochoa
  • Holger Schmidt
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6698)


There exists a substantial amount of work on methods, techniques and tools for developing security-critical systems. However, these approaches focus on ensuring that the security properties are enforced during the initial system development and they usually have a significant cost associated with their use (in time and resources). In order to enforce that the systems remain secure despite their later evolution, it would be infeasible to re-apply the whole secure software development methodology from scratch. This work presents results towards addressing this challenge in the context of the UML security extension UMLsec. We investigate the security analysis of UMLsec models by means of a change-specific notation allowing multiple evolution paths and sound algorithms supporting the incremental verification process of evolving models. The approach is validated by a tool implementation of these verification techniques that extends the existing UMLsec tool support.


Model Element Security Requirement Class Diagram Evolution Path Security Property 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Andries, M., Engels, G., Habel, A., Hoffmann, B., Kreowski, H.-J., Kuske, S., Plump, D., Schürr, A., Taentzer, G.: Graph transformation for specification and programming. Science of Computer Programming 34(1), 1–54 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Bézivin, J., Büttner, F., Gogolla, M., Jouault, F., Kurtev, I., Lindow, A.: Model transformations? Transformation models! In: Wang, J., Whittle, J., Harel, D., Reggio, G. (eds.) MoDELS 2006. LNCS, vol. 4199, pp. 440–453. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Garlan, D., Barnes, J., Schmerl, B., Celiku, O.: Evolution styles: Foundations and tool support for software architecture evolution. In: WICSA/ECSA 2009, pp. 131 –140 (September 2009)Google Scholar
  4. 4.
    Heckel, R.: Compositional verification of reactive systems specified by graph transformation. In: Astesiano, E. (ed.) ETAPS 1998 and FASE 1998. LNCS, vol. 1382, pp. 138–153. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  5. 5.
    Johann, S., Egyed, A.: Instant and incremental transformation of models. In: Proceedings of the International Conference on Automated Software Engineering (ASE), pp. 362–365. IEEE Computer Society, Washington, DC, USA (2004)Google Scholar
  6. 6.
    Jürjens, J.: Principles for Secure Systems Design. PhD thesis, Oxford University Computing Laboratory (2002)Google Scholar
  7. 7.
    Jürjens, J., Ochoa, M., Schmidt, H., Marchal, L., Houmb, S., Islam, S.: Modelling secure systems evolution: Abstract and concrete change specifications (invited lecture). In: Bernardo, I. (ed.) 11th School on Formal Methods (SFM 2011), Bertinoro, Italy, June 13-18. LNCS. Springer, Heidelberg (2011)Google Scholar
  8. 8.
    Jürjens, J., Shabalin, P.: Tools for secure systems development with UML. Intern. Journal on Software Tools for Technology Transfer 9(5-6), 527–544 (2007); Invited submission to the special issue for FASE 2004/05CrossRefGoogle Scholar
  9. 9.
    Kolovos, D.S., Paige, R.F., Polack, F., Rose, L.M.: Update transformations in the small with the epsilon wizard language. Journal of Object Technology 6(9), 53–69 (2007)CrossRefGoogle Scholar
  10. 10.
    Lehman, M.M., Ramil, J.F., Wernick, P.D., Perry, D.E., Turski, W.M.: Metrics and Laws of Software Evolution – The Nineties View. In: METRICS 1997, pp. 20–32. IEEE Computer Society, Washington, DC, USA (1997)Google Scholar
  11. 11.
    Mellado, D., Rodriguez, J., Fernandez-Medina, E., Piattini, M.: Automated Support for Security Requirements Engineering in Software Product Line Domain Engineering. In: AReS 2009, pp. 224–231. IEEE Computer Society, Los Alamitos, CA, USA (2009)Google Scholar
  12. 12.
    Mens, T., D’Hondt, T.: Automating support for software evolution in UML. Automated Software Engineering Journal 7(1), 39–59 (2000)CrossRefGoogle Scholar
  13. 13.
    Mens, T., Magee, J., Rumpe, B.: Evolving Software Architecture Descriptions of Critical Systems. Computer 43(5), 42–48 (2010)CrossRefGoogle Scholar
  14. 14.
    Rensink, A., Schmidt, Á., Varró, D.: Model checking graph transformations: A comparison of two approaches. In: Ehrig, H., Engels, G., Parisi-Presicce, F., Rozenberg, G. (eds.) ICGT 2004. LNCS, vol. 3256, pp. 226–241. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    Secure Change Project. Deliverable 4.2,
  16. 16.
    Shin, M.E., Gomaa, H.: Software requirements and architecture modeling for evolving non-secure applications into secure applications. Science of Computer Programming 66(1), 60–70 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Tun, T.T., Yu, Y., Haley, C.B., Nuseibeh, B.: Model-based argument analysis for evolving security requirements. In: SSIRI 2010, pp. 88–97. IEEE Computer Society, Los Alamitos (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Jan Jürjens
    • 1
    • 2
  • Loïc Marchal
    • 3
  • Martín Ochoa
    • 1
  • Holger Schmidt
    • 1
  1. 1.Software Engineering, Department of Computer ScienceTU DortmundGermany
  2. 2.Fraunhofer ISSTGermany
  3. 3.Hermès EngineeringBelgium

Personalised recommendations