Abstract
The Object Oriented methodology has been applied in software engineering for a wide range of large and critical systems. One of the modeling languages frequently used for this purpose is UML. As yet, however, the means provided by UML to specify and deal with security concerns are rather sparse. In this paper we propose a practical approach that could readily be incorporated into existing software development processes. We begin by reviewing the main types of security concerns in the various phases of the software development cycle, and set up stereotypes to specify those concerns. The stereotypes are then attached to use case diagrams and later to activity diagrams (and other derived diagrams). At the implementation stage, security concerns can be transformed into more detailed aspects via AOP (aspect oriented programming) techniques. By maintaining the consistency of security stereotypes from phase to phase, the concerns about system security are implemented in a traceable fashion. Such use of security stereotypes does not require a high level of skills or deep knowledge of UML, and can therefore be integrated, with relatively little effort, with many current system development methodologies.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Chizmadia, D.: Security Risks in Systems of Distributed Objects, Components, and Services. In: OMG 7th Workshop on Distributed Objects and Component Security, Baltimore, MD, USA (2003)
Pavlich-Mariscal, J., Michel, L., Demurjian, S.: Enhancing UML to Model Custom Security Aspects. In: Proceedings of the 11th International Workshop on Aspect-Oriented Modeling, AOM@ AOSD 2007 (2007)
Peralta, K.P., Orozco, A.M., Zorzo, A.F., Oliveira, F.M.: Specifying Security Aspects in UML Models. In: Proceedings of the Workshop on Modeling Security, International Conference on Model Driven Engineering Languages and Systems. Toulouse, France (2008)
Mouheb, D., Talhi, C., Lima, V., Debbabi, M., Wang, L., Pourzandi, M.: Weaving security aspects into UML 2.0 design models. In: AOM 2009, Proceedings of the 13th Workshop on Aspect-Oriented Modeling, New York, NY, USA (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Tran, V.X., Truong, NT., Nguyen, A.T.A. (2013). An Approach to the Specification of Security Concerns in UML. In: Kim, JH., Matson, E., Myung, H., Xu, P. (eds) Robot Intelligence Technology and Applications 2012. Advances in Intelligent Systems and Computing, vol 208. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37374-9_77
Download citation
DOI: https://doi.org/10.1007/978-3-642-37374-9_77
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37373-2
Online ISBN: 978-3-642-37374-9
eBook Packages: EngineeringEngineering (R0)