A UML-based methodology for secure systems: The design stage

Proceedings of the 3rd International Workshop on Security in Information Systems, WOSIS 2005, in Conjunction with ICEIS 2005

Volumn , Issue , 2005, Pages 208-216

  Fernandez, Eduardo B ^a   Sorgente, Tami ^a   Larrondo Petrie, María M ^a  

^a Florida Atlantic University   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ARCHITECTURAL LAYERS; COMBINED ANALYSIS; CONCEPTUAL MODEL; DESIGN ARTIFACTS; DESIGN STAGE; SECURE SYSTEM; SECURITY CONSTRAINT; SECURITY PATTERNS;

DESIGN; INFORMATION SYSTEMS;

SECURITY OF DATA;

EID: 78651429914     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (24)

1. Fernandez, E. B., and Yuan, X.: Semantic analysis patterns. In: Proceedings of 19th International Conference on Conceptual Modeling, (2000) 183-195. Also available from: http://www.cse.fau.edu/-ed/SAPpaper2.pdf
2. Fernandez, E. B., and Yuan, X.: An analysis pattern for reservation and use of entities. In: Proceedings of the Pattern Languages of Programs Conference, PLoP99 (1999). http://st-www.cs.uiuc.edu/-plop/plop99
3. Fernandez, E. B., Yuan, X., and Brey, S.: Analysis Patterns for the Order and Shipment of a Product. In: Proceeding of the Pattern Languages of Programs Conference, PLoPOO, (2000). http://hillside.net/plop/2000/
4. Fernandez, E. B., and Yuan, X.: An Analysis Pattern for Repair of an Entity. In: Proceedings of the Pattern Languages of Programs Conference, PLoP01 (2001). http://jerry.cs.uiuc.edu/-plop/plop2001/accepted-submissions
5. Sorgente, T., and Fernandez, E. B.: Analysis patterns for patient treatment. In: Proceedings of the Pattern Languages of Programs Conference, PLoP04 (2004). http://jerry.cs.uiuc.edu/-plop/plop2004/accepted-submissions
6. Yuan, X., and Fernandez, E. B.: An analysis pattern for course management. In: Proceedings of the Pattern Languages of Programs Conference, PLoP03 (2003). http://hillside.net/europlop
7. Fowler, M.: Analysis patterns - Reusable object models, Addison-Wesley (1997).
8. Hamza, H. S. and Fayad, M. E.: The Negotiation Analysis Pattern. In: Proceedings of the Pattern Languages of Programs Conference, PLoP04 (2004). http://hillside.net/plop/2004/
9. Fernandez, E. B.: A methodology for secure software design. In: Proceedings of the 2004 Intl. Symposium on. Web Services and Applications, ISWS'04, Las Vegas, Nevada, 21-24 June 2004 (2004).
10. Fernandez, E. B., and Pan, R.: A Pattern Language for security models. In: Proceedings of the Pattern Languages of Programs Conference, PLoP01 (2001). http://jerry.cs.uiuc.edu/-plop/plop2001/accepted-submissions
11. Delessy-Gassant, N., Fernandez, E.B., Rajput, S., and Larrondo-Petrie, M. M: "Patterns for application firewalls. In: Proceedings of the Pattern Languages of Programs Conference (PLoP2004). http://hillside.net/plop/2004/
12. Fernandez, E. B.: Layers and non-functional patterns. In: Proceedings of ChiliPLoP03, Phoenix, Arizona, 10-15March 2003 (2003). http://hillside.net/ chiliplop/2003/
13. Larman, C.: Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design and Iterative Development, 3rd edition, Prentice-Hall (2005).
14. Fernandez, E. B., and Hawkins, J. C.: Determining Role Rights from Use Cases. In: Proceedings of the 2nd ACM Workshop on Role-Based Access Control, ACM (1997) 121-125. http://www.cse.fau.edu/-ed/RBAC.pdf
15. Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P., and Stal, M.: Pattern-Oriented Software Architecture: A System of Patterns, Vol. 1, Wiley (1996).
16. Koved, L., Nadalin, A., Nagarathan, N., Pistoia, M., and Schrader, T.: Security challenges for Enterprise Java in an e-business environment. In: IBM Systems Journal, Vol. 40, No. 1, (2001), 130-152.
17. Fernandez, E. B.: Coordination of security levels for Internet architectures. In: Proceedings of the 10th International Workshop on Database and Expert Systems Applications (1999) 837-841. http://www.cse.fau.edu/-ed/ Coordinationsecurity4.pdf
18. Wood, C Summers, R. C. and Fernandez, E. B.: Authorization in multilevel database models. In: Information Systems, Vol. 4 (1979) 155-161.
19. Georg, G., France, R., and Ray, I.: Creating Security Mechanism Aspect Models from Abstract Security Aspect Models. In: Workshop on Critical Systems Development with UML, UML2003, October 2003 (2003) http://www.cs.colostate.edu/- georg/aspectsPub/CSDUML03.pdf
20. Ray, I., France, R. B., Li, N., and Georg, G.: An Aspect-Based Approach to Modeling Access Control Concerns. In: Journal of Information and Software Technology, Vol, 46, No. 9, July 2004, (2004) 575-587, http://www.cs.colostate. edu/-georg/aspectsPub/IST04.pdf
21. Fernandez, E. B., Larrondo-Petrie, M. M., Sorgente, T., Rajput, S., and VanHilst, M.: UML-based access control models. Submitted for publication.
22. Lodderstedt, T., Basin, D. A., and Doser, J.: SecureUML: A UML-based modeling language for model-driven security. In: Proceedings of the 5th International Conference on UML, UML 2002, Lecture Notes in Computer Science, Vol. 2460, Springer-Verlag, Berlin Heidelberg New York (2002) 426-441.
23. Object Management Group, http://www.omg.org/uml
24. Mouratidis, H., and Giorgini, P.: Analyzing security in information systems. In: Proceedings of the 2nd International Workshop on Security and Information Systems, WOSIS 2004, Porto, Portugal (2004).