Usability of security specification approaches for UML design: A survey

Journal of Object Technology

Volumn 8, Issue 6, 2009, Pages 1-20

  Talhi, C ^a   Mouheb, D ^a   Lima, V ^a   Debbabi, M ^a   Wang, L ^a   Pourzandi, M ^b  

^a University of Concordia   (Canada)

^b Ericsson Canada   (Canada)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 77956325951     PISSN: None     EISSN: 16601769     Source Type: Journal    
DOI: 10.5381/jot.2009.8.6.a1     Document Type: Article

References (30)

1. G-J. Ahn and M.E. Shin. Role-based authorization constraints specification using object constraint language. In WETICE '01: Proceedings of the 10th IEEE International Workshops on Enabling Technologies, pages 157-162, Washington, DC, USA, 2001. IEEE Computer Society.
2. K. Alghathbar and D. Wijeskera. Consistent and complete access control policies in use cases. In UML 2003 - The Unified Modeling Language. Model Languages and Applications. 6th International Conference, San Francisco, CA, USA, October 2003, Proceedings, pages 373-387, October 2003.
3. A. Bogdanov, S.J. Garland, and N.A. Lynch7. Mechanical translation of i/o automaton specifications into first-order logic. In In proceedings of the 22nd IFIP WG 6.1 International Conference Houston, pages 364-368, 2002.
4. G. Brose, M. Koch, and K.P. Lohr. Integrating access control design into the software development process. In Proceedings of the sixth biennial world conference on the Integrated Design and Process Technology, IDPT, Pasadena, CA, June 2002.
5. M-T. Chan and L-F. Kwok. Integrating security design into the software development process for e-commerce systems. Information Management & Computer Security, 9(3):112-122, 2001.
6. T. Doan, L.D. Michel, and S.A. Demurjian. A formal framework for secure design and constraint checking in UML. In Proceedings of the International Symposium on Secure Software Engineering, ISSSE'06, Washington, DC, Mars 2006.
7. P. Epstein and R.S. Sandhu. Towards a UML based approach to role engineering. In Proceedings of the 4th ACM Workshop on Role-Based Access Control, pages 135-143. ACM Press, 1999.
8. E.B. Fernández. A methodology for secure software design. In Software Engi-neering Research and Practice, pages 130-136, 2004.
9. M. Gogolla and B. Henderson-Sellers. Analysis of uml stereotypes within the uml metamodel. In UML '02: Proceedings of the 5th International Conference on The Unified Modeling Language, pages 84-99, London, UK, 2002.
10. Object Management Group. Meta object facility (mof) specification, version 2.0, 2006.
11. Object Management Group. Uml 2.0 ocl specification, version 2.0, 2006.
12. Object Management Group. Unified modeling language: Superstructure, version 2.1.2, 2007.
13. A. Hamie, F. Civello, J. Howse, S. Kent, and R. Mitchell. Reections on the Object Constraint Language. In The Unified Modeling Language, UML'98 -Beyond the Notation. First International Workshop, Mulhouse, France, pages 137-145, 1998.
14. J. Jürjens. Secure Systems Development with UML. Springer Verlag, 2004.
15. G. Kiczales, J. Lamping, A. Menhdhekar, C. Maeda, C. Lopes, J-M. Loingtier, and J. Irwin. Aspect-oriented programming. In Proceedings European Conference on Object-Oriented Programming, volume 1241, pages 220-242. Springer-Verlag, Berlin, Heidelberg, and New York, 1997.
16. Y. Ledru, R. Laleau, M. Lemoine, S. Vignes, D. Bert, V. Donzeau-Gouge, C. Dubois, and F. Peureux. An attempt to combine UML and formal methods to model airport security. In Forum of the 18th International Conference on Advanced Information Systems Engineering, pages 47-50, Luxembourg, 2006.
17. T. Lodderstedt, D. Basin, and J. Doser. Secureuml: A uml-based modeling language for model-driven security. In Proceedings of the International Conference on the Unified Modeling Language, UML'2002, pages 426-441, 2002.
18. C. Montangero, M. Buchholtz, L. Perrone, and S. Semprini. For-lysa: UML for authentication analysis. In Global Computing: IST/FET International Work-shop, GC'2004, pages 93-106, 2005.
19. F. Painchaud, D. Azambre, M. Bergeron, J. Mullins, and R.M. Oarga. Socle: Integrated design of software applications and security. In Proceedings of the 10th International Command and Control Research and Technology Symposium, ICCRTS'2005, McLean, VA, USA, 2005.
20. J. Pavlich-Mariscal, L. Michel, and S. Demurjian. Enhancing UML to model custom security aspects. In Proceedings of the 11th International Workshop on Aspect-Oriented Modeling, 2007.
21. A. Pnueli. The temporal logic of programs. In Proceedings of the 18th IEEE Symposium on Foundations of Computer Science, pages 46-57, 1977.
22. G. Popp, J. Jürjens, G. Wimmel, and R. Breu. Security-critical system development with extended use cases. In Proceedings of the 10th Asia-Pacific Software Engineering Conference, APSEC, pages 478-487, 2003.
23. I. Ray, N. Li, D.K. Kim, and R. France. Using parameterized UML to specify and compose access control models. In Proceedings of the 6th IFIP TC-11 WG 11.5 Working Confrence on Integrity and Internal Control in Information Systems, IICIS'03, Lausanne, Switzerland, November 2003.
24. A. Rodriguez, E. Fernandez-Medina, and M. Piattini. Security requirement with a uml 2.0 profile. In ARES '06: Proceedings of the First International Conference on Availability, Reliability and Security, pages 670-677, Washington, DC, USA, 2006. IEEE Computer Society.
25. A. Schleicher and B. Westfechtel. Beyond stereotyping: Metamodeling approaches for the uml. In HICSS, 2001.
26. F.B. Schneider. Enforceable security policies. ACM Transactions on Information and Systems Security, 3(1):30-50, 2000.
27. E. Song, R. Reddy, R. France, I. Ray, G. Georg, and R. Alexander. Verifiable composition of access control and application features. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, SAC-MAT'05, pages 120-129. ACM, 2005.
28. J.L. Vivas, J.A. Montenegro, and J. Lopez. Towards a business process-driven framework for security engineering with the UML. In Proceedings of the 6th Information Security Conference, ISC'03, pages 381-395, Bristol, U.K., 2003.
29. P. Ziemann and M. Gogolla. An extension of ocl with temporal logic. pages 53-62, September 2002.
30. A. Zisman. A static verification framework for secure peer-to-peer applications. In Second International Conference on Internet and Web Applications and Services, ICIW'07, page 8, 2007.