Abstract
We present an approach that integrates a language for precise and high-level specification of application security requirements, the Security Requirement Language (SRL), with an existing modeling technique, namely, the Unified Modeling Language (UML). SRL is based on first-order logic extended with a small set of modal operators and a syntactic abstraction mechanism. It offers extensibility in that new application/domain-specific requirements can be defined and reused. The focus of SRL is the security of communication in distributed systems. The integrated framework enables developers to add to system models security requirements, such as confidentiality, non-repudiation, and authentication, at an early stage of development, making security an integral part of the system development process. We illustrate the practical usability of our approach by presenting an example, and discuss the experiences that the users of our approach, i.e., system developers, have reported.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Gordon, A.D.: A Calculus for Cryptographic Protocols, The Spi Calculus. Research Report, digital Systems Research Center (January 1998)
Aredo, D.B., Kristoffersen, T., Mazaher, S.: Abstract Security Requirement Specification. Technical Report DART/03/04, Norsk Regnesentral, Oslo, Norway (March 2004)
Bieber, P.: A Logic of Communication in a Hostile environment. In: Proceedings of the Computer Security Foundations Workshop III, June 1990, IEEE Computer Society Press, Los Alamitos (1990)
Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. ACM Transactions on Computer Systems 8(1) (February 1990)
CASENET, IST project 2001-32446: User Trial Progress Report. Deliverable CASENET/WP5/D5.2 (June 2003)
CASENET, IST project IST-2001-32446: http://www.casenet-eu.org/
Denker, G., Millen, J., Rues, H.: The CAPSL Integrated Protocol Environment. Technical Report SRI-CSL-2000-02, SRI International, Computer Science Laboratory (October 2000)
Higginbotham, M.D., Maley, J.G., Milheizler, A.J., Suskie, B.j.: Integrating Information Security Engineering with System Engineering with System Engineering Tools. In: Proceedings of WETICE 1998 (July 1998)
Jurjens, J.: UMLsec: Extending UML for Secure Systems Development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 412. Springer, Heidelberg (2002)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-based modeling language for model-driven security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 426. Springer, Heidelberg (2002)
Lowe, G.: Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR. In: Brinksma, E., Steffen, B., Cleaveland, W.R., Larsen, K.G., Margaria, T. (eds.) TACAS 1995. LNCS, vol. 1019, Springer, Heidelberg (1996)
Meadows, C., Syverson, P.: A Formal Language for Cryptographic Protocol Requirements. Designs, Codes and Cryptography 7(1-2) (January 1996)
Meadows, C.: The NRL Protocol Analyzer: An Overview. Journal of Logic Programming 26(2) (1996)
Moser, L.: A Logic of Knowledge and Belief for Reasoning about Computer Security. In: Proceedings of the Computer Security Foundations Workshop II, June 1989, IEEE Computer Society Press, Los Alamitos (1989)
Mouratidis, H., Giorgini, P., Manson, G.: Integrating Security and Systems Engineering: Towards the Modeling of Secure Information Systems. In: Eder, J., Missikoff, M. (eds.) CAiSE 2003. LNCS, vol. 2681, Springer, Heidelberg (2003)
OMG: The Unified Modeling Language Specification V1.5., Object Management Group, Needham, MA, U.S.A.” (March 2003)
OMG, http://www.omg.org/technology/documents/modeling_spec_catalog.htm
Shroff, M., France, R.: Towards a Formalization of UML Class Structures in Z. In: Proceedings of COMPSAC 1997 (August 1997)
Syverson, P.: Formal Semantics of Logics of Cryptographic Protocols. In: Proceedings of the Computer Security Foundations Workshop III, June 1990, IEEE Computer Society Press, Los Alamitos (1990)
Wimmel, G., Wißpeintner, A.: Extended Description Techniques for Security Engineering. In: Dupuy, M., Paradinas, P. (eds.) Trusted Information, The New Decade Challenge, Proceedings of the IFIP 16th International Conference on Information Security (Sec 2001), Kluwer Academic Publishers, Dordrecht (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Abie, H., Aredo, D.B., Kristoffersen, T., Mazaher, S., Raguin, T. (2004). Integrating a Security Requirement Language with UML. In: Baar, T., Strohmeier, A., Moreira, A., Mellor, S.J. (eds) «UML» 2004 — The Unified Modeling Language. Modeling Languages and Applications. UML 2004. Lecture Notes in Computer Science, vol 3273. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30187-5_25
Download citation
DOI: https://doi.org/10.1007/978-3-540-30187-5_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23307-7
Online ISBN: 978-3-540-30187-5
eBook Packages: Springer Book Archive