Developing Secure Systems with UMLsec — From Business Processes to Implementation

  • Jan Jürjens
Part of the DuD-Fachbeiträge book series (DUD)


In practice, security of computer systems is compromised most often not by breaking dedicated mechanisms (such as security protocols), but by exploiting vulnerabilities in the way they are employed. We show how UML (the industry standard in object-oriented modelling) can be used to encapsulate rules of prudent security engineering to make them available to developers without a background in security. UML diagrams can be evaluated wrt. these rules, violations indicated and suggestions for modifications derived. We also show how to use transformations between UML models to introduce patterns by refinement.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [Aba00]
    M. Abadi. Security protocols and their properties. In F. Bauer and R. Steinbrueggen, editors, Foundations of Secure Computation. IOS 2000.Google Scholar
  2. [AJ01C]
    M. Abadi and Jan Jürjens. Formal eavesdropping and its computational interpretation,2001. Submitted.Google Scholar
  3. [And0I]
    R. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, 2001.Google Scholar
  4. [APS99]
    V. Apostolopoulos, V. Penis, and D. Saha. Transport layer security: How much does it really cost? In Conference on Computer Communications (IEEE Infocom), New York, March 1999.Google Scholar
  5. [ASW98]
    N. Asokan, V. Shoup, and M. Waidner. Asynchronous protocols for optimistic fair exchange. In IEEE Symposium on Security and Privacy, 1998.Google Scholar
  6. [IBD00I]
    C. Bolton and J. Davies. Activity graphs and processes. In Integrated Formal Methods, LNCS. Springer, 2000.Google Scholar
  7. [Bis95]
    J. Biskup. Grundlagen von Informationssystemen. Vieweg, 1995.Google Scholar
  8. [Brü97]
    H. Brüggemann. Spezifikation von objektorientierten Rechten. Vieweg, 1997.Google Scholar
  9. [CEPOI]
    CEPSCO. Common Electronic Purse Specifications,2001. Business Requirements vers. 7.0, Functional Requirements vers. 6.3, Technical Specification vers. 2.3, available from Scholar
  10. [CKM+99]
    S. Cook, A. Kleppe, R. Mitchell, B. Rumpe, J. Warmer, and A. Wills. Defining UML family members using prefaces. In Ch. Mingins and B. Meyer, editors, TOOLS’99 Pacific. IEEE Computer Society, 1999.Google Scholar
  11. [Cri01]
    C. Crichton. UML statecharts and CSP,2001. In preparation.Google Scholar
  12. [DS00]
    P. Devanbu and S. Stubblebine. Software engineering for security: a roadmap. In The Future of Software Engineering, 2000. Special Volume (ICSE 2000 ).Google Scholar
  13. [Eck00]
    C. Eckert. IT-Sicherheit — Konzepte, Verfahren, Protokolle. R. Oldenbourg Verlag, 2000.Google Scholar
  14. [FH99]
    D. Fox and P. Horster. Realisierung von Public Key-Infrastrukturen. Pages 283–304. Vieweg Verlag, 1999.Google Scholar
  15. [GHJV95]
    E. Gamma, R. Helm, R. Johnson, and J. Vlissides. Design Patterns -Elements of Reusable Object-Oriented Software. Addison-Wesley, 1995.Google Scholar
  16. [Go196]
    D. Gollmann. What do we mean by entity authentication? In IEEE Symposium on Security and Privacy, 1996.Google Scholar
  17. [Go199]
    D. Gollmann. Computer Security. J. Wiley, 1999.Google Scholar
  18. [Gon99]
    Li Gong. Inside Java 2 Platform Security -Architecture, API Design, and I mplementation. Addison-Wesley, 1999.Google Scholar
  19. [Hor00]
    P. Horster, editor. Systemsicherheit. Vieweg Verlag, 2000. Conference proceedings.Google Scholar
  20. [Huß01]
    H. Hußmann, editor. Fundamental Approaches to Software Engineering FASE/ETAPS, International Conference, volume 2029 of LNCS. Springer, 2001.Google Scholar
  21. [Jür0la]
    Jan Jürjens. Encapsulating Rules of Prudent Security Engineering. In International Workshop on Security Protocols, Springer Verlag, 2001 (to be published).Google Scholar
  22. [Jür01b]
    Jan Jürjens. Modelling audit security for smart-card payment schemes with UMLsec. In P. Paradinas, editor, IFIP/SEC 2001–16th International Conference on Information Security. Kluwer, 2001.Google Scholar
  23. [Jür01c]
    Jan Jürjens. Towards development of secure systems using UMLsec. In [Huß0I], 2001.Google Scholar
  24. [Jür01d]
    Jan Jürjens. Secrecy-preserving refinement. In Formal Methods Europe (International Symposium), volume 2021 of LNCS, pages 135–152. Springer, 2001.Google Scholar
  25. [Jür01e]
    Jan Jürjens. Secure Java development with UMLsec. 2001. Submitted.Google Scholar
  26. [JW01a]
    Jan Jürjens and Guido Wimmel. Security modelling for electronic commerce: The Common Electronic Purse Specifications. In First IFIP conference on e-commerce, e-business, and e-government (13E). Kluwer, 2001.Google Scholar
  27. [JW01b]
    Jan Jürjens and Guido Wimmel. Specification-based testing of firewalls. In Andrei Ershov 4th International Conference “Perspectives of System Informatics” (PSI’01), LNCS. Springer, 2001. To be published.Google Scholar
  28. [Lot00]
    V. Lotz. Ein methodischer Rahmen zur formalen Entwicklung sicherer Systeme. In [Hor00], 2000.Google Scholar
  29. [OMG99]
    UML Revision Task Force, OMG. UML Specification 1.3. Available at, 1999.Google Scholar
  30. [Pau98]
    L. Paulson. Inductive analysis of the Internet protocol TLS (transcript of discussion). In B. Christianson, B. Crispo, W.S. Harbison, and M. Roe, editors, Security Protocols -6th International Workshop, number 1550 in LNCS, page 13 ff., Cambridge, UK, April 1998.Google Scholar
  31. [Pfi99]
    A. Pfitzmann. Sicherheit in Rechnernetzen, 1999. Lecture Notes (in German).Google Scholar
  32. [Pom9I]
    K. Pommenering. Datenschutz und Datensicherheit. BI-Wissenschaftsverlag, 1991.Google Scholar
  33. [PW00]
    B. Pfitzmann and M. Waidner. Composition and integrity preservation of secure reactive systems. In 7th ACM Conference on Computer and Communications Security, 2000.Google Scholar
  34. [PW01]
    Birgit Pfitzmann and Michael Waidner. A model for asynchronous reactive systems and its applications to secure message transmissions. In IEEE Symposium on Security and Privacy, 2001.Google Scholar
  35. [RJB99]
    J. Rumbaugh, I. Jacobson, and G. Booch. The Unified Modeling Language Reference Manual. Addison-Wesley, 1999.Google Scholar
  36. [RSG+01]
    P. Ryan, S. Schneider, M. Goldsmith, G. Lowe, and B. Roscoe. Modelling and Analysis of Security Protocols. Addison Wesley, 2001. (to be published).Google Scholar
  37. [SP00]
    P. Stevens and R. Pooley. Using UML. Addison-Wesley, 2000.Google Scholar
  38. [Ste01]
    P. Stevens. On use cases and their relationships in the Unified Modelling Language. In [Huß01], LNCS. Springer, 2001.Google Scholar
  39. [Wa100]
    M. Walker. On the security of 3GPP networks. In Advances in Cryptology EUROCRYPT, volume 1807 of LNCS. Springer, 2000.Google Scholar
  40. [WP00]
    G. Wolf and A. Pfitzmann. Charakteristika von Schutzzielen und Konsequenzen für Benutzungsschnittstellen. Informatik-Spektrum, 23 (3): 173–191, 2000.CrossRefGoogle Scholar
  41. [WW01]
    G. Wimmel and A. Wißpeitner. Extended description techniques for security engineering. In IFIP SEC, 2001.Google Scholar

Copyright information

© Springer Fachmedien Wiesbaden 2001

Authors and Affiliations

  • Jan Jürjens
    • 1
  1. 1.Computing LaboratoryUniversity of OxfordGB

Personalised recommendations