Towards a Business Process-Driven Framework for Security Engineering with the UML

Vivas, José Luis; Montenegro, José Antonio; López, Javier

doi:10.1007/10958513_29

Cited by 18 publications

(10 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other efforts that are comparable to ours on a general level in that they address security in an MDA-setting and/or model-based security, can be roughly classified into (1) access control related works: [2,4,7,8,9,18,23,24,28,29], (2) secure database development [10], and (3) specification of high-level security requirements [1,6,11,32]. Although all these works are comparable to ours on a general level, they are in fact quite different in that they do not deal with a formalized notion of refinement, nor do they address information flow security.…”

Section: Related Workmentioning

confidence: 97%

Information flow property preserving transformation of UML interaction diagrams

Seehusen

Stølen

2006

Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies - SACMAT '06

View full text Add to dashboard Cite

We present an approach for secure information flow property preserving refinement and transformation of UML inspired interaction diagrams. The approach is formally underpinned by trace-semantics. The semantics is sufficiently expressive to distinguish underspecification from explicit nondeterminism. A running example is used to introduce the approach and to demonstrate that it is of practical value.

show abstract

Section: Related Workmentioning

confidence: 97%

Information flow property preserving transformation of UML interaction diagrams

Seehusen

Stølen

2006

Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies - SACMAT '06

View full text Add to dashboard Cite

show abstract

“…Vivas et al propose an approach for the development of business process-driven systems where security requirements are integrated into the business model [28]. Security requirements are first stated at the high level of abstraction within a functional representation of the system given by UML diagrams using tagged values.…”

Section: State Of the Art Surveymentioning

confidence: 99%

“…Many contributions have been presented in the state of the art for specifying and enforcing security at UML design [1,2,4,5,6,7,8,14,16,17,18,19,20,22,23,27,28,30]. While sharing almost the same objectives, these contributions Cite this document as follows: http://www.jot.fm/general/JOT template LaTeX.tgz * The research leading to this work was possible due to funding and scientific collaboration with Software Research, Ericsson Canada.…”

Section: Introductionmentioning

confidence: 99%

Usability of Security Specification Approaches for UML Design: A Survey.

Talhi¹,

Mouheb²,

Lima³

et al. 2009

JOT

View full text Add to dashboard Cite

Since it is the de facto language for software specification and design, UML is the target language used by almost all state of the art contributions handling security at specification and design level. However, these contributions differ in the covered security requirements, specification approaches, verification tools, etc. This paper investigates the main approaches adopted for specifying and enforcing security at UML design and surveys the related state of the art. The main contribution of this paper is a discussion of these approaches from usability viewpoint. A set of criteria has been defined and used in this usability discussion. The discussed UML approaches are stereotypes and tagged values, OCL, and behavior diagrams. Extending the UML meta-language or creating new meta-languages for security specification are also covered by this study.

show abstract

“…Works related to business process security [6,27,28,39,59,60,64,67] have contributed interesting ideas, but most of the cases do not make it possible to model security needs together with the standard languages for modelling businesses process. Nor do they offer continuity and traceability of these requirements in the rest of the software development process.…”

Section: Introductionmentioning

confidence: 99%