Skip to main content
SpringerLink
Log in

Security Analysis of a Biometric Authentication System Using UMLsec and JML

  • Conference paper
Book cover Model Driven Engineering Languages and Systems (MODELS 2009)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 5795))

Abstract

Quality assurance for security-critical systems is particularly challenging: many systems are developed, deployed, and used that do not satisfy their security requirements. A number of software engineering approaches have been developed over the last few years to address this challenge, both in the context of model-level and code-level security assurance. However, there is little experience so far in using these approaches in an industrial context, the challenges and benefits involved and the relative advantages and disadvantages of different approaches. This paper reports on experiences from a practical application of two of these security assurance approaches. As a representative of model-based security analysis, we considered the UMLsec approach and we investigated the JML annotation language as a representative of a code-level assurance approach. We applied both approaches to the development and security analysis of a biometric authentication system and performed a comparative evaluation based on our experiences.

Empirical results category paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)

    MATH  Google Scholar 

  2. Viti, C., Bistarelli, S.: Study and development of a remote biometric authentication protocol, Technical Report IIT B4-04/2003, Consiglio Nazionale delle Ricerche,Istituto di Informatica e Telematica (September 2003)

    Google Scholar 

  3. Grünbauer, J., Hollmann, H., Jürjens, J., Wimmel, G.: Modelling and Verification of Layered Security Protocols: A Bank Application. In: Anderson, S., Felici, M., Littlewood, B. (eds.) SAFECOMP 2003. LNCS, vol. 2788, pp. 116–129. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  4. Deubler, M., Grünbauer, J., Jürjens, J., Wimmel, G.: Sound Development of Secure Service-based Systems. In: 2nd International Conference on Service Oriented Computing (ICSOC 2004), pp. 115–124. ACM, New York (2004)

    Google Scholar 

  5. Best, B., Jürjens, J., Nuseibeh, B.: Model-based Security Engineering of Distributed Information Systems using UMLsec. In: 29th International Conference on Software Engineering (ICSE 2007), pp. 581–590. ACM, New York (2007)

    Chapter  Google Scholar 

  6. Houmb, S., Georg, G., France, R., Bieman, J., Jürjens, J.: Cost-Benefit Trade-Off Analysis Using BBN for Aspect-Oriented Risk-Driven Development, Engineering of Complex Computer Systems. In: 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS 2005), pp. 195–204 (2005)

    Google Scholar 

  7. Leavens, G., Cheon, Y.: Design by Contract with JML (2006), ftp://ftp.cs.iastate.edu/pub/leavens/JML/jmldbc.pdf

  8. Leavens, G., Baker, A., Ruby, C.: JML: A Notation for Detailed Design. In: Behavioral Specifications of Businesses and Systems, ch. 12, pp. 175–188. Kluwer, Dordrecht (1999)

    Chapter  Google Scholar 

  9. Leavens, G., Baker, A., Ruby, C.: Preliminary Design of JML: A Behavioural Interface Specification Language for Java. ACM SIGSOFT Software Engineering Notes 31(3) (May 2006)

    Google Scholar 

  10. Leavens, G., Poll, E., Clifton, C., Cheon, Y., Ruby, C., Cok, D., Muller, P., Kiniry, J., Chalin, P.: JML Reference Manual, DRAFT, Release 1.210, 2007/7/01 Ames, Iowa State University

    Google Scholar 

  11. Schmidt, R.: Modellbasierte Sicherheitsanalyse mit UMLsec: ein Biometrisches Zugangskontrollsystem (Model-based Security Analysis with UMLsec: a Biometric Access Control System) Ludwig-Maxim. Univ. München (2004)

    Google Scholar 

  12. Jürjens, J.: Model-based Security Engineering with UML. In: Aldini, A., Gorrieri, R., Martinelli, F. (eds.) FOSAD 2005. LNCS, vol. 3655, pp. 42–77. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  13. Agarwal, P., Rubio-Medrano, C., Cheon, Y., Teller, P.: A Formal Specification in JML of the Java Security Package. Computer, Information, and Systems Sciences and Engineering, December 4–14 (2006)

    Google Scholar 

  14. Warnier, M.: Language Based Security for Java and JML, PhD thesis, Radboud University Nijmegen (2006)

    Google Scholar 

  15. Glass, R.: Inspections - Some Surprising Findings. Commun. ACM 42(4), 17–19 (1999)

    Article  Google Scholar 

  16. Burdy, L., Cheon, Y., Cok, D., Ernst, M., Kiniry, J., Leavens, G., Rustan, K., Leino, M., Poll, E.: An overview of JML tools and applications. STTT 7(3), 212–232 (2005)

    Article  Google Scholar 

  17. JML common tools, December 10 (2007), http://sourceforge.net/projects/jmlspecs/

  18. Yu, Y., Jürjens, J., Mylopoulos, J.: Application of Traceability to Maintenance of Secure Software. In: Int. Conf. for Software Maintenance (ICSM). IEEE, Los Alamitos (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Atos Origin, UK

    John Lloyd

  2. Open University (UK) and Microsoft Research, Cambridge, UK

    Jan Jürjens

Authors
  1. John Lloyd
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jan Jürjens
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Fachgebiet Echtzeitsysteme, Technische Universität Darmstadt, Merckstraße 25, 64283, Darmstadt,, Germany

    Andy Schürr

  2. Malina Software Corporation, 10 Blueridge Court, Nepean,, K2J 2J3, Ontario, Canada

    Bran Selic

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lloyd, J., Jürjens, J. (2009). Security Analysis of a Biometric Authentication System Using UMLsec and JML. In: Schürr, A., Selic, B. (eds) Model Driven Engineering Languages and Systems. MODELS 2009. Lecture Notes in Computer Science, vol 5795. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04425-0_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04425-0_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04424-3

  • Online ISBN: 978-3-642-04425-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation