Abstract
Security protocols can be difficult to specify and analyze. These difficulties motivate the need for models that will support the development of secure systems from the design to the implementation stages. We used the Unified Modeling Language (UML), an industry standard in object-oriented systems modeling, to express security requirements. We also developed an application, the UML Analyzer, to help identify possible vulnerabilities in the modeled protocol. This was achieved by checking the XML Meta-data Interchange (XMI) files generated from the UML diagrams. When compared with other analyses of IKE, our results indicate that UML diagrams and XMI files offer promising possibilities in the modeling and analysis of security protocols.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Support for this research was provided by the University of the Philippines and the University of the Philippines Engineering Research and Development Foundation Inc.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Gentleware: Poseidon for UML, Community Edition version 3.1 (2005), http://www.gentleware.com
Harkins, D., Carrel, D.: The Internet Key Exchange (RFC 2409) (1998), http://www.ietf.org/rfc/rfc2409.txt
Unified modeling language 2.0 draft specifications (2003), http://www.omg.org/uml/
Jürjens, J.: Developing secure systems with UMLsec - from business processes to implementation. In: Proceedings of VIS 2001, Kiel, Germany (2001)
Jürjens, J.: Modelling audit security for smart-card payment schemes with UMLsec. In: Proceedings of IFIP/SEC 2001 - 16th International Conference on Information Security, Paris, France (2001)
Jürjens, J.: Secure Java development with UML. In: Proceedings of I-NetSec 01 - First International IFIP TC-11 WG 11.4 Working Conference on Network Security, Leuven, Belgium (2001)
Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 412. Springer, Heidelberg (2002)
Devanbu, P., Stubblebine, S.: Software engineering for security: a roadmap. In: The Future of Software Engineering (2000); Special volume published in conjunction with International Conference on Software Engineering, Limerick, Ireland
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-based modeling language for model-driven security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 426. Springer, Heidelberg (2002)
Jürjens, J.: Towards development of secure systems using UMLsec. In: Hussmann, H. (ed.) FASE 2001. LNCS, vol. 2029, pp. 187–200. Springer, Heidelberg (2001)
Pachl, J.: UML model for CORBA security (1999), http://www.omg.org/docs/security
Maughhan, D., Schertler, M., Schneider, M., Turner, J.: Internet Security Association and Key Management Protocol (RFC 2408) (1998), http://www.ietf.org/rfc/rfc2408.txt
Consortium, W.W.W.: XSL transformations (XSLT) version 1.0 (1999), http://www.w3.org/TR/1999/REC-xslt-19991116.html
Meadows, C.: Analysis of the Internet key exchange protocol using the NRL protocol analyzer. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, pp. 216–231 (1999)
Zhou, J.: Fixing a security flaw in IKE protocols. Electronics Letters 35, 1072–1073 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ontua, M.G., Pancho-Festin, S. (2006). Evaluation of the Unified Modeling Language for Security Requirements Analysis. In: Song, JS., Kwon, T., Yung, M. (eds) Information Security Applications. WISA 2005. Lecture Notes in Computer Science, vol 3786. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11604938_6
Download citation
DOI: https://doi.org/10.1007/11604938_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-31012-9
Online ISBN: 978-3-540-33153-7
eBook Packages: Computer ScienceComputer Science (R0)