Abstract
There exists a substantial amount of work on methods, techniques and tools for developing security-critical systems. However, these approaches focus on ensuring that the security properties are enforced during the initial system development and they usually have a significant cost associated with their use (in time and resources). In order to enforce that the systems remain secure despite their later evolution, it would be infeasible to re-apply the whole secure software development methodology from scratch. This work presents results towards addressing this challenge in the context of the UML security extension UMLsec. We investigate the security analysis of UMLsec models by means of a change-specific notation allowing multiple evolution paths and sound algorithms supporting the incremental verification process of evolving models. The approach is validated by a tool implementation of these verification techniques that extends the existing UMLsec tool support.
This research was partially supported by the EU project Security Engineering for Lifelong Evolvable Systems (Secure Change, ICT-FET-231101).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Andries, M., Engels, G., Habel, A., Hoffmann, B., Kreowski, H.-J., Kuske, S., Plump, D., Schürr, A., Taentzer, G.: Graph transformation for specification and programming. Science of Computer Programming 34(1), 1–54 (1999)
Bézivin, J., Büttner, F., Gogolla, M., Jouault, F., Kurtev, I., Lindow, A.: Model transformations? Transformation models! In: Wang, J., Whittle, J., Harel, D., Reggio, G. (eds.) MoDELS 2006. LNCS, vol. 4199, pp. 440–453. Springer, Heidelberg (2006)
Garlan, D., Barnes, J., Schmerl, B., Celiku, O.: Evolution styles: Foundations and tool support for software architecture evolution. In: WICSA/ECSA 2009, pp. 131 –140 (September 2009)
Heckel, R.: Compositional verification of reactive systems specified by graph transformation. In: Astesiano, E. (ed.) ETAPS 1998 and FASE 1998. LNCS, vol. 1382, pp. 138–153. Springer, Heidelberg (1998)
Johann, S., Egyed, A.: Instant and incremental transformation of models. In: Proceedings of the International Conference on Automated Software Engineering (ASE), pp. 362–365. IEEE Computer Society, Washington, DC, USA (2004)
Jürjens, J.: Principles for Secure Systems Design. PhD thesis, Oxford University Computing Laboratory (2002)
Jürjens, J., Ochoa, M., Schmidt, H., Marchal, L., Houmb, S., Islam, S.: Modelling secure systems evolution: Abstract and concrete change specifications (invited lecture). In: Bernardo, I. (ed.) 11th School on Formal Methods (SFM 2011), Bertinoro, Italy, June 13-18. LNCS. Springer, Heidelberg (2011)
Jürjens, J., Shabalin, P.: Tools for secure systems development with UML. Intern. Journal on Software Tools for Technology Transfer 9(5-6), 527–544 (2007); Invited submission to the special issue for FASE 2004/05
Kolovos, D.S., Paige, R.F., Polack, F., Rose, L.M.: Update transformations in the small with the epsilon wizard language. Journal of Object Technology 6(9), 53–69 (2007)
Lehman, M.M., Ramil, J.F., Wernick, P.D., Perry, D.E., Turski, W.M.: Metrics and Laws of Software Evolution – The Nineties View. In: METRICS 1997, pp. 20–32. IEEE Computer Society, Washington, DC, USA (1997)
Mellado, D., Rodriguez, J., Fernandez-Medina, E., Piattini, M.: Automated Support for Security Requirements Engineering in Software Product Line Domain Engineering. In: AReS 2009, pp. 224–231. IEEE Computer Society, Los Alamitos, CA, USA (2009)
Mens, T., D’Hondt, T.: Automating support for software evolution in UML. Automated Software Engineering Journal 7(1), 39–59 (2000)
Mens, T., Magee, J., Rumpe, B.: Evolving Software Architecture Descriptions of Critical Systems. Computer 43(5), 42–48 (2010)
Rensink, A., Schmidt, Á., Varró, D.: Model checking graph transformations: A comparison of two approaches. In: Ehrig, H., Engels, G., Parisi-Presicce, F., Rozenberg, G. (eds.) ICGT 2004. LNCS, vol. 3256, pp. 226–241. Springer, Heidelberg (2004)
Secure Change Project. Deliverable 4.2, http://www-jj.cs.tu-dortmund.de/jj/deliverable_4_2.pdf
Shin, M.E., Gomaa, H.: Software requirements and architecture modeling for evolving non-secure applications into secure applications. Science of Computer Programming 66(1), 60–70 (2007)
Tun, T.T., Yu, Y., Haley, C.B., Nuseibeh, B.: Model-based argument analysis for evolving security requirements. In: SSIRI 2010, pp. 88–97. IEEE Computer Society, Los Alamitos (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jürjens, J., Marchal, L., Ochoa, M., Schmidt, H. (2011). Incremental Security Verification for Evolving UMLsec models. In: France, R.B., Kuester, J.M., Bordbar, B., Paige, R.F. (eds) Modelling Foundations and Applications. ECMFA 2011. Lecture Notes in Computer Science, vol 6698. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21470-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-21470-7_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21469-1
Online ISBN: 978-3-642-21470-7
eBook Packages: Computer ScienceComputer Science (R0)