Skip to main content
SpringerLink
Log in

Incremental Security Verification for Evolving UMLsec models

  • Conference paper
Modelling Foundations and Applications (ECMFA 2011)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 6698))

Included in the following conference series:

Abstract

There exists a substantial amount of work on methods, techniques and tools for developing security-critical systems. However, these approaches focus on ensuring that the security properties are enforced during the initial system development and they usually have a significant cost associated with their use (in time and resources). In order to enforce that the systems remain secure despite their later evolution, it would be infeasible to re-apply the whole secure software development methodology from scratch. This work presents results towards addressing this challenge in the context of the UML security extension UMLsec. We investigate the security analysis of UMLsec models by means of a change-specific notation allowing multiple evolution paths and sound algorithms supporting the incremental verification process of evolving models. The approach is validated by a tool implementation of these verification techniques that extends the existing UMLsec tool support.

This research was partially supported by the EU project Security Engineering for Lifelong Evolvable Systems (Secure Change, ICT-FET-231101).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Andries, M., Engels, G., Habel, A., Hoffmann, B., Kreowski, H.-J., Kuske, S., Plump, D., Schürr, A., Taentzer, G.: Graph transformation for specification and programming. Science of Computer Programming 34(1), 1–54 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  2. Bézivin, J., Büttner, F., Gogolla, M., Jouault, F., Kurtev, I., Lindow, A.: Model transformations? Transformation models! In: Wang, J., Whittle, J., Harel, D., Reggio, G. (eds.) MoDELS 2006. LNCS, vol. 4199, pp. 440–453. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  3. Garlan, D., Barnes, J., Schmerl, B., Celiku, O.: Evolution styles: Foundations and tool support for software architecture evolution. In: WICSA/ECSA 2009, pp. 131 –140 (September 2009)

    Google Scholar 

  4. Heckel, R.: Compositional verification of reactive systems specified by graph transformation. In: Astesiano, E. (ed.) ETAPS 1998 and FASE 1998. LNCS, vol. 1382, pp. 138–153. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  5. Johann, S., Egyed, A.: Instant and incremental transformation of models. In: Proceedings of the International Conference on Automated Software Engineering (ASE), pp. 362–365. IEEE Computer Society, Washington, DC, USA (2004)

    Google Scholar 

  6. Jürjens, J.: Principles for Secure Systems Design. PhD thesis, Oxford University Computing Laboratory (2002)

    Google Scholar 

  7. Jürjens, J., Ochoa, M., Schmidt, H., Marchal, L., Houmb, S., Islam, S.: Modelling secure systems evolution: Abstract and concrete change specifications (invited lecture). In: Bernardo, I. (ed.) 11th School on Formal Methods (SFM 2011), Bertinoro, Italy, June 13-18. LNCS. Springer, Heidelberg (2011)

    Google Scholar 

  8. Jürjens, J., Shabalin, P.: Tools for secure systems development with UML. Intern. Journal on Software Tools for Technology Transfer 9(5-6), 527–544 (2007); Invited submission to the special issue for FASE 2004/05

    Article  Google Scholar 

  9. Kolovos, D.S., Paige, R.F., Polack, F., Rose, L.M.: Update transformations in the small with the epsilon wizard language. Journal of Object Technology 6(9), 53–69 (2007)

    Article  Google Scholar 

  10. Lehman, M.M., Ramil, J.F., Wernick, P.D., Perry, D.E., Turski, W.M.: Metrics and Laws of Software Evolution – The Nineties View. In: METRICS 1997, pp. 20–32. IEEE Computer Society, Washington, DC, USA (1997)

    Google Scholar 

  11. Mellado, D., Rodriguez, J., Fernandez-Medina, E., Piattini, M.: Automated Support for Security Requirements Engineering in Software Product Line Domain Engineering. In: AReS 2009, pp. 224–231. IEEE Computer Society, Los Alamitos, CA, USA (2009)

    Google Scholar 

  12. Mens, T., D’Hondt, T.: Automating support for software evolution in UML. Automated Software Engineering Journal 7(1), 39–59 (2000)

    Article  Google Scholar 

  13. Mens, T., Magee, J., Rumpe, B.: Evolving Software Architecture Descriptions of Critical Systems. Computer 43(5), 42–48 (2010)

    Article  Google Scholar 

  14. Rensink, A., Schmidt, Á., Varró, D.: Model checking graph transformations: A comparison of two approaches. In: Ehrig, H., Engels, G., Parisi-Presicce, F., Rozenberg, G. (eds.) ICGT 2004. LNCS, vol. 3256, pp. 226–241. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  15. Secure Change Project. Deliverable 4.2, http://www-jj.cs.tu-dortmund.de/jj/deliverable_4_2.pdf

  16. Shin, M.E., Gomaa, H.: Software requirements and architecture modeling for evolving non-secure applications into secure applications. Science of Computer Programming 66(1), 60–70 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  17. Tun, T.T., Yu, Y., Haley, C.B., Nuseibeh, B.: Model-based argument analysis for evolving security requirements. In: SSIRI 2010, pp. 88–97. IEEE Computer Society, Los Alamitos (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Software Engineering, Department of Computer Science, TU Dortmund, Germany

    Jan Jürjens, Martín Ochoa & Holger Schmidt

  2. Fraunhofer ISST, Germany

    Jan Jürjens

  3. Hermès Engineering, Belgium

    Loïc Marchal

Authors
  1. Jan Jürjens
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Loïc Marchal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Martín Ochoa
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Holger Schmidt
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, Colorado State University, USA

    Robert B. France

  2. IBM Research Zürich, Säumerstr. 4, 8803, Rüschlikon, Switzerland

    Jochen M. Kuester

  3. University of Birmingham, UK

    Behzad Bordbar

  4. University of York Department of Computer Science York, UK

    Richard F. Paige

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jürjens, J., Marchal, L., Ochoa, M., Schmidt, H. (2011). Incremental Security Verification for Evolving UMLsec models. In: France, R.B., Kuester, J.M., Bordbar, B., Paige, R.F. (eds) Modelling Foundations and Applications. ECMFA 2011. Lecture Notes in Computer Science, vol 6698. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21470-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-21470-7_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-21469-1

  • Online ISBN: 978-3-642-21470-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation