Skip to main content
SpringerLink
Log in

UMLsec: Extending UML for Secure Systems Development

  • Conference paper
  • First Online:
≪UML≫ 2002 — The Unified Modeling Language (UML 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2460))

Included in the following conference series:

Abstract

Developing secure-critical systems is difficult and there are many well-known examples of security weaknesses exploitedin practice. Thus a sound methodology supporting secure systems development is urgently needed.

Our aim is to aid the difficult task of developing security-critical systems in an approach basedon the notation of the Unified Modeling Language. We present the extension UMLsec of UML that allows to express securityrelevant information within the diagrams in a system specification. UMLsec is defined in form of a UML profile using the standard UML extension mechanisms. In particular, the associatedc onstraints give criteria to evaluate the security aspects of a system design, by referring to a formal semantics of a simplified fragment of UML. We demonstrate the concepts with examples.

Supported by the German Ministry of Economics within the FairPay project.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ACM. Symposium of Applied Computing 2002, Madrid, March 11–14 2002.

    Google Scholar 

  2. E. Börger, A. Cavarra, and E. Riccobene. Modeling the dynamics of UML State Machines. In ASMs, volume 1912 of LNCS. Springer, 2000.

    Google Scholar 

  3. J.-Michel Bruel, J. Lilius, A. Moreira, and R. B. France. Defining Precise Semantics for UML. In ECOOP’2000 Workshop Reader, volume 1964 of LNCS. Springer, 2000.

    Google Scholar 

  4. P. Devanbu and S. Stubblebine. Software engineering for security: a roadmap. In The Future of Software Engineering (ICSE 2000), pages 227–239, 2000.

    Google Scholar 

  5. G. Engels, J. Hausmann, R. Heckel, and S. Sauer. Dynamic metamodeling. In Evans et al. [EKS00], pages 323–337.

    Google Scholar 

  6. A. Evans, S. Kent, and B. Selic, editors. The Unified Modeling Language: Advancing the Standard (UML’2000), volume 1939 of LNCS. Springer, 2000.

    Google Scholar 

  7. E. B. Fernandez and J. C. Hawkins. Determining role rights from use cases. In Workshop on Role-Based Access Control, pages 121–125. ACM, 1997.

    Google Scholar 

  8. M. Gogolla and F. Parisi-Presicce. State diagrams in UML. In PSMT’98. TU München, TUM-I9803, 1998.

    Google Scholar 

  9. W.-M. Ho, J.-M. Jézéquel, A. Le Guennec, and F. Pennaneac'h. UMLAUT: an extendible UML transformation framework. In ASE, 1999.

    Google Scholar 

  10. H. Hußmann, editor. Fundamental Approaches to Software Engineering (FASE, 4th International Conference), volume 2029 of LNCS. Springer, 2001.

    MATH  Google Scholar 

  11. J. Jürjens. Towards development of secure systems using UML. In Hußmann [Huß01], pages 187–200.

    Google Scholar 

  12. J. Jürjens. A UML statecharts semantics with message-passing. In Symposium of Applied Computing 2002 [ACM02], pages 1009–1013.

    Google Scholar 

  13. J. Jürjens. Formal Semantics for Interacting UML subsystems. In FMOODS 2002, pages 29–44. IFIP, Kluwer, 2002.

    Google Scholar 

  14. J. Jürjens. Principles for Secure Systems Design. PhD thesis, Oxford University Computing Laboratory, Trinity Term 2002. Submitted.

    Google Scholar 

  15. J. Jürjens. Using UMLsec andG oal-Trees for Secure Systems Development. In Symposium of Applied Computing 2002 [ACM02], pages 1026–1031.

    Google Scholar 

  16. J. Jürjens and G. Wimmel. Security modelling for electronic commerce: The Common Electronic Purse Specifications. In I3E 2001, pages 489–506. IFIP, Kluwer, 2001.

    Google Scholar 

  17. S. Kent, A. Evans, and B. Rumpe. UML Semantics FAQ. In ECOOP’99 Workshop Reader, volume 1743 of LNCS. Springer, 1999.

    Google Scholar 

  18. C. Kobryn. Modeling Distributed Applications with UML, Part IV. In J. Siegel, editor, Quick CORBA 3, chapter 1. Wiley, 2001.

    Google Scholar 

  19. W. E. McUmber and B. H. C. Cheng. A Generic Framework for Formalizing UML. In ICSE. IEEE Computer Society, 2001.

    Google Scholar 

  20. J. Mylopoulos, L. Chung, and E. Yu. From object-oriented to goaloriented requirements analysis. Communications of the ACM, 42(1):31–37, 1999.

    Article  Google Scholar 

  21. J. Rumbaugh, I. Jacobson, and G. Booch. The Unified Modeling Language Reference Manual. Addison-Wesley, 1999.

    Google Scholar 

  22. P. Stevens. On use cases and their relationships in the Unified Modelling Language. In Hußmann [Huß01], pages 140–155.

    Google Scholar 

  23. A. Schürr and A. Winter. Formal Definition of UML’s Package Concept. In UML—Technical Aspects and Applications, pages 144–159, 1998.

    Google Scholar 

  24. UML Revision Task Force. OMG UML Specification v. 1.4. OMG Document ad/01-09-67. Available at http://www.omg.org/uml, 2001.

  25. J. Whittle. Formal approaches to systems analysis using UML: An overview. Journal of Database Management, 11(4):4–13, 2000.

    Google Scholar 

  26. G. Wimmel and A. Wißpeitner. Extended description techniques for security engineering. In IFIP SEC 2001. Kluwer, 2001.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Software & Systems Engineering, Dep. of Informatics, Munich University of Technology, Germany

    Jan Jürjens

Authors
  1. Jan Jürjens
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Irisa - Univesité de Rennes 1, Campus de Beaulieu, 35042, Rennes cedex, France

    Jean-Marc Jézéquel

  2. Fakultät Informatik, Technische Universität Dresden, Mommsenstr. 13, 01062, Dresden, Germany

    Heinrich Hussmann

  3. IBM United Kingdom Ltd, Sunbury House, 79 Staines Road West Sunbury-on-Thames, TW16 7AN, Middlesex, UK

    Stephen Cook

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jürjens, J. (2002). UMLsec: Extending UML for Secure Systems Development. In: Jézéquel, JM., Hussmann, H., Cook, S. (eds) ≪UML≫ 2002 — The Unified Modeling Language. UML 2002. Lecture Notes in Computer Science, vol 2460. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45800-X_32

Download citation

  • DOI: https://doi.org/10.1007/3-540-45800-X_32

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-44254-7

  • Online ISBN: 978-3-540-45800-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation