Abstract
Developing secure-critical systems is difficult and there are many well-known examples of security weaknesses exploitedin practice. Thus a sound methodology supporting secure systems development is urgently needed.
Our aim is to aid the difficult task of developing security-critical systems in an approach basedon the notation of the Unified Modeling Language. We present the extension UMLsec of UML that allows to express securityrelevant information within the diagrams in a system specification. UMLsec is defined in form of a UML profile using the standard UML extension mechanisms. In particular, the associatedc onstraints give criteria to evaluate the security aspects of a system design, by referring to a formal semantics of a simplified fragment of UML. We demonstrate the concepts with examples.
Supported by the German Ministry of Economics within the FairPay project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ACM. Symposium of Applied Computing 2002, Madrid, March 11–14 2002.
E. Börger, A. Cavarra, and E. Riccobene. Modeling the dynamics of UML State Machines. In ASMs, volume 1912 of LNCS. Springer, 2000.
J.-Michel Bruel, J. Lilius, A. Moreira, and R. B. France. Defining Precise Semantics for UML. In ECOOP’2000 Workshop Reader, volume 1964 of LNCS. Springer, 2000.
P. Devanbu and S. Stubblebine. Software engineering for security: a roadmap. In The Future of Software Engineering (ICSE 2000), pages 227–239, 2000.
G. Engels, J. Hausmann, R. Heckel, and S. Sauer. Dynamic metamodeling. In Evans et al. [EKS00], pages 323–337.
A. Evans, S. Kent, and B. Selic, editors. The Unified Modeling Language: Advancing the Standard (UML’2000), volume 1939 of LNCS. Springer, 2000.
E. B. Fernandez and J. C. Hawkins. Determining role rights from use cases. In Workshop on Role-Based Access Control, pages 121–125. ACM, 1997.
M. Gogolla and F. Parisi-Presicce. State diagrams in UML. In PSMT’98. TU München, TUM-I9803, 1998.
W.-M. Ho, J.-M. Jézéquel, A. Le Guennec, and F. Pennaneac'h. UMLAUT: an extendible UML transformation framework. In ASE, 1999.
H. Hußmann, editor. Fundamental Approaches to Software Engineering (FASE, 4th International Conference), volume 2029 of LNCS. Springer, 2001.
J. Jürjens. Towards development of secure systems using UML. In Hußmann [Huß01], pages 187–200.
J. Jürjens. A UML statecharts semantics with message-passing. In Symposium of Applied Computing 2002 [ACM02], pages 1009–1013.
J. Jürjens. Formal Semantics for Interacting UML subsystems. In FMOODS 2002, pages 29–44. IFIP, Kluwer, 2002.
J. Jürjens. Principles for Secure Systems Design. PhD thesis, Oxford University Computing Laboratory, Trinity Term 2002. Submitted.
J. Jürjens. Using UMLsec andG oal-Trees for Secure Systems Development. In Symposium of Applied Computing 2002 [ACM02], pages 1026–1031.
J. Jürjens and G. Wimmel. Security modelling for electronic commerce: The Common Electronic Purse Specifications. In I3E 2001, pages 489–506. IFIP, Kluwer, 2001.
S. Kent, A. Evans, and B. Rumpe. UML Semantics FAQ. In ECOOP’99 Workshop Reader, volume 1743 of LNCS. Springer, 1999.
C. Kobryn. Modeling Distributed Applications with UML, Part IV. In J. Siegel, editor, Quick CORBA 3, chapter 1. Wiley, 2001.
W. E. McUmber and B. H. C. Cheng. A Generic Framework for Formalizing UML. In ICSE. IEEE Computer Society, 2001.
J. Mylopoulos, L. Chung, and E. Yu. From object-oriented to goaloriented requirements analysis. Communications of the ACM, 42(1):31–37, 1999.
J. Rumbaugh, I. Jacobson, and G. Booch. The Unified Modeling Language Reference Manual. Addison-Wesley, 1999.
P. Stevens. On use cases and their relationships in the Unified Modelling Language. In Hußmann [Huß01], pages 140–155.
A. Schürr and A. Winter. Formal Definition of UML’s Package Concept. In UML—Technical Aspects and Applications, pages 144–159, 1998.
UML Revision Task Force. OMG UML Specification v. 1.4. OMG Document ad/01-09-67. Available at http://www.omg.org/uml, 2001.
J. Whittle. Formal approaches to systems analysis using UML: An overview. Journal of Database Management, 11(4):4–13, 2000.
G. Wimmel and A. Wißpeitner. Extended description techniques for security engineering. In IFIP SEC 2001. Kluwer, 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jürjens, J. (2002). UMLsec: Extending UML for Secure Systems Development. In: Jézéquel, JM., Hussmann, H., Cook, S. (eds) ≪UML≫ 2002 — The Unified Modeling Language. UML 2002. Lecture Notes in Computer Science, vol 2460. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45800-X_32
Download citation
DOI: https://doi.org/10.1007/3-540-45800-X_32
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44254-7
Online ISBN: 978-3-540-45800-5
eBook Packages: Springer Book Archive