Skip to main content
SpringerLink
Log in

Integrating a Security Requirement Language with UML

  • Conference paper
«UML» 2004 — The Unified Modeling Language. Modeling Languages and Applications (UML 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3273))

Included in the following conference series:

Abstract

We present an approach that integrates a language for precise and high-level specification of application security requirements, the Security Requirement Language (SRL), with an existing modeling technique, namely, the Unified Modeling Language (UML). SRL is based on first-order logic extended with a small set of modal operators and a syntactic abstraction mechanism. It offers extensibility in that new application/domain-specific requirements can be defined and reused. The focus of SRL is the security of communication in distributed systems. The integrated framework enables developers to add to system models security requirements, such as confidentiality, non-repudiation, and authentication, at an early stage of development, making security an integral part of the system development process. We illustrate the practical usability of our approach by presenting an example, and discuss the experiences that the users of our approach, i.e., system developers, have reported.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Gordon, A.D.: A Calculus for Cryptographic Protocols, The Spi Calculus. Research Report, digital Systems Research Center (January 1998)

    Google Scholar 

  2. Aredo, D.B., Kristoffersen, T., Mazaher, S.: Abstract Security Requirement Specification. Technical Report DART/03/04, Norsk Regnesentral, Oslo, Norway (March 2004)

    Google Scholar 

  3. Bieber, P.: A Logic of Communication in a Hostile environment. In: Proceedings of the Computer Security Foundations Workshop III, June 1990, IEEE Computer Society Press, Los Alamitos (1990)

    Google Scholar 

  4. Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. ACM Transactions on Computer Systems 8(1) (February 1990)

    Google Scholar 

  5. CASENET, IST project 2001-32446: User Trial Progress Report. Deliverable CASENET/WP5/D5.2 (June 2003)

    Google Scholar 

  6. CASENET, IST project IST-2001-32446: http://www.casenet-eu.org/

  7. Denker, G., Millen, J., Rues, H.: The CAPSL Integrated Protocol Environment. Technical Report SRI-CSL-2000-02, SRI International, Computer Science Laboratory (October 2000)

    Google Scholar 

  8. Higginbotham, M.D., Maley, J.G., Milheizler, A.J., Suskie, B.j.: Integrating Information Security Engineering with System Engineering with System Engineering Tools. In: Proceedings of WETICE 1998 (July 1998)

    Google Scholar 

  9. Jurjens, J.: UMLsec: Extending UML for Secure Systems Development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 412. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  10. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-based modeling language for model-driven security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 426. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  11. Lowe, G.: Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR. In: Brinksma, E., Steffen, B., Cleaveland, W.R., Larsen, K.G., Margaria, T. (eds.) TACAS 1995. LNCS, vol. 1019, Springer, Heidelberg (1996)

    Google Scholar 

  12. Meadows, C., Syverson, P.: A Formal Language for Cryptographic Protocol Requirements. Designs, Codes and Cryptography 7(1-2) (January 1996)

    Google Scholar 

  13. Meadows, C.: The NRL Protocol Analyzer: An Overview. Journal of Logic Programming 26(2) (1996)

    Google Scholar 

  14. Moser, L.: A Logic of Knowledge and Belief for Reasoning about Computer Security. In: Proceedings of the Computer Security Foundations Workshop II, June 1989, IEEE Computer Society Press, Los Alamitos (1989)

    Google Scholar 

  15. Mouratidis, H., Giorgini, P., Manson, G.: Integrating Security and Systems Engineering: Towards the Modeling of Secure Information Systems. In: Eder, J., Missikoff, M. (eds.) CAiSE 2003. LNCS, vol. 2681, Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  16. OMG: The Unified Modeling Language Specification V1.5., Object Management Group, Needham, MA, U.S.A.” (March 2003)

    Google Scholar 

  17. OMG, http://www.omg.org/technology/documents/modeling_spec_catalog.htm

  18. Shroff, M., France, R.: Towards a Formalization of UML Class Structures in Z. In: Proceedings of COMPSAC 1997 (August 1997)

    Google Scholar 

  19. Syverson, P.: Formal Semantics of Logics of Cryptographic Protocols. In: Proceedings of the Computer Security Foundations Workshop III, June 1990, IEEE Computer Society Press, Los Alamitos (1990)

    Google Scholar 

  20. Wimmel, G., Wißpeintner, A.: Extended Description Techniques for Security Engineering. In: Dupuy, M., Paradinas, P. (eds.) Trusted Information, The New Decade Challenge, Proceedings of the IFIP 16th International Conference on Information Security (Sec 2001), Kluwer Academic Publishers, Dordrecht (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Norwegian Computing Center, P. O. Box 114, N-0314, Blindern, Oslo, Norway

    H. Abie, D. B. Aredo, T. Kristoffersen & S. Mazaher

  2. NetUnion sarl, Avenue de Villamont 19, CH-1005, Lausanne, Switzerland

    T. Raguin

Authors
  1. H. Abie
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. D. B. Aredo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. T. Kristoffersen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. S. Mazaher
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. T. Raguin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. École Polytechnique Fédérale de Lausanne (EPFL), School of Computer and Communication Sciences, CH-1015, Lausanne, Switzerland

    Thomas Baar  & Alfred Strohmeier  & 

  2. Universidade Nova de Lisboa, Portugal

    Ana Moreira

  3. Accelerated Technology, 739 N. University Blvd., Mobile, AL 36608, U.S.A

    Stephen J. Mellor

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Abie, H., Aredo, D.B., Kristoffersen, T., Mazaher, S., Raguin, T. (2004). Integrating a Security Requirement Language with UML. In: Baar, T., Strohmeier, A., Moreira, A., Mellor, S.J. (eds) «UML» 2004 — The Unified Modeling Language. Modeling Languages and Applications. UML 2004. Lecture Notes in Computer Science, vol 3273. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30187-5_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30187-5_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23307-7

  • Online ISBN: 978-3-540-30187-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation