Tools for secure systems development with UML

Jürjens, Jan; Shabalin, Pasha

doi:10.1007/s10009-007-0048-8

Cited by 131 publications

(160 citation statements)

References 22 publications

Supporting

Mentioning

160

Contrasting

Order By: Relevance

“…For instance, misuse case [22] provide high level modeling constructs to capture threads to the system assets, but offer no special primitives for modeling nor reasoning about information integrity. In UMLsec [12], integrity was modeled as constraints that can restrict unwanted modification. SecureUML [3] was mainly developed to model access control policies, which can protect information integrity to a certain level.…”

Section: Related Work and Conclusionmentioning

confidence: 99%

See 1 more Smart Citation

Modeling and Analyzing Information Integrity in Safety Critical Systems

Gharib

Giorgini

2013

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

Abstract. In safety critical systems one important aspect of information quality is ensuring information integrity. Typically, information integrity is a problem handled at technical level through solutions such as checksumming, integrity constraints, and integrity correction techniques. However, information integrity cannot be considered only as a technical problem, but it has to be analyzed and studied in the social-technical context of the system. Business processes and relations among all involved actors may also affect correctness and consistency of the information. In this paper, we propose an extended version of i*/Tropos modeling language to capture and analyze information integrity requirements. We illustrate the Datalog formalization of the proposed concepts and analysis techniques to support the analyst in the verification of integrity related properties. A case study concerning Air Traffic Management (ATM) is used throughout the paper.

show abstract

Section: Related Work and Conclusionmentioning

confidence: 99%

“…[22,12,3,13]). In this paper, we propose an extended version of i*/Tropos [23,7] modeling language to capture and analyze information integrity requirements starting from a socio-technical perspective.…”

Section: Introductionmentioning

confidence: 99%

Modeling and Analyzing Information Integrity in Safety Critical Systems

Gharib

Giorgini

2013

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

show abstract

“…This formalisation process relies on UML sequence diagrams that model a security protocol enabling the involved entities to apply security functions to the transferred data and, thus, protect it. To this end, we use the UML extension UMLsec, which offers a cryptographic notation for secure systems development [9].…”

Section: Securing the Recording And Storage Stagementioning

confidence: 99%

“…Due to space restriction, messages related to the TLS protocol are not presented. However, TLS formalisation can be found in [9].…”

Section: Messagesmentioning

confidence: 99%

Securing Provenance-Based Audits

Aldeco-Pérez

Moreau

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Given the significant increase of on-line services that require personal information from users, the risk that such information is misused has become an important concern. In such a context, information accountability is desirable since it allows users (and society in general) to decide, by means of audits, whether information is used appropriately. To ensure information accountability, information flow should be made transparent. It has been argued that data provenance can be used as the mechanism to underpin such a transparency. Under these conditions, an audit's quality depends on the quality of the captured provenance information. Thereby, the integrity of provenance information emerges as a decisive issue in the quality of a provenance-based audit. The aim of this paper is to secure provenance-based audits by the inclusion of cryptographic elements in the communication between the involved entities as well as in the provenance representation. This paper also presents a formalisation and an automatic verification of a set of security properties that increase the level of trust in provenance-based audit results.

show abstract

“…Vulnerable actors take measures to mitigate perceived risks, by using locks on the doors, surveillance cameras, etc. Existing security requirements engineering frameworks focus on various aspects for eliciting security requirements, such as attacker behavior [29,31] and attacker goals [32], design of secure components [15], social aspects [18,11], and events that can cause system failure [1]. However, attacks and consequent security failures often take place because of the exploitation of weaknesses or backdoors within the system.…”

Section: Introductionmentioning

confidence: 99%

A Modeling Ontology for Integrating Vulnerabilities into Security Requirements Conceptual Foundations

Elahi¹,

Zannone

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. This paper proposes a vulnerability-centric modeling ontology, which aims to integrate empirical knowledge of vulnerabilities into the system development process. In particular, we identify the basic concepts for modeling and analyzing vulnerabilities and their effects on the system. These concepts drive the definition of criteria that make it possible to compare and evaluate security frameworks based on vulnerabilities. We show how the proposed modeling ontology can be adopted in various conceptual modeling frameworks through examples.

show abstract

Tools for secure systems development with UML

Cited by 131 publications

References 22 publications

Modeling and Analyzing Information Integrity in Safety Critical Systems

Modeling and Analyzing Information Integrity in Safety Critical Systems

Securing Provenance-Based Audits

A Modeling Ontology for Integrating Vulnerabilities into Security Requirements Conceptual Foundations

Contact Info

Product

Resources

About