Sound methods and effective tools for model-based security engineering with UML

Proceedings - 27th International Conference on Software Engineering, ICSE05

Volumn , Issue , 2005, Pages 322-331

  Jürjens, Jan ^a  

^a TECHNICAL UNIVERSITY OF MUNICH   (Germany)

Author keywords

Biometric authentication; Cryptographic protocol; Security; UML; Unified Modeling Language; Verification; Verification framework

Indexed keywords

COMPUTER PROGRAMMING LANGUAGES; MATHEMATICAL MODELS; SOFTWARE ENGINEERING;

BIOMETRIC AUTHENTICATION; CRYPTOGRAPHIC PROTOCOL; UML; UNIFIED MODELING LANGUAGE; VERIFICATION;

COMPUTER AIDED SOFTWARE ENGINEERING;

EID: 85086954040     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1062455.1062519     Document Type: Conference Paper

References (32)

1. M. Abadi. Security protocols and their properties. In F. Bauer and R Steinbrüggen, editors, Foundations of Secure Computation, pages 39-60. IOS Press, Amsterdam, 2000. 20th International Summer School, Marktoberdorf, Germany.
2. L. Campbell, B. Cheng, W. McUmber, and K. Stirewalt. Automatically detecting and visualising errors in UML diagrams. Requir. Eng., 7(4):264-287, 2002.
3. E. Cohen. First-order verification of cryptographic protocols. Journal of Computer Security, 11(2):189-216, 2003.
4. D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, IT-29(2):198-208, 1983.
5. P. Fenkam, H. Gall, M. Jazayeri, and C. Krügel. DPS: An architectural style for development of secure software. In G. Davida, Y. Frankel, and O. Rees, editors, International Conference on Infrastructure Security (InfraSec 2002), volume 2437 of LNCS, pages 180-198. Springer, 2002.
6. P. Giorgini, F. Massacci, and J. Mylopoulos. Requirement engineering meets security: A case study on modelling secure electronic transactions by VISA and Mastercard. In I.-Y. Song, S. Liddle, T. Ling, and P. Scheuermann, editors, 22nd International Conference on Conceptual Modeling (ER 2003), volume 2813 of LNCS, pages 263-276. Springer, 2003.
7. C. Haley, R. Laney, J. Moffett, and B. Nuseibeh. The effect of trust assumptions on the elaboration of security requirements. In 12th IEEE International Conference on Requirements Engineering (RE 2004)-IEEE Computer Society, 2004.
8. A. Hall and R. Chapman. Correctness by construction: Developing a commercial secure system. IEEE Software, 19(1):18-25, 2002.
9. R. Hall. Specification modeling and validation applied to a family of network security products. In ASE01 [10], pages 71-80.
10. IEEE Computer Society. 16th IEEE International Conference on Automated Software Engineering (ASE 2001), 2001.
11. J. Jürjens. UMLsec: Extending UML for secure systems development. In J.-M. Jézéquel, H. Hußmann, and S. Cook, editors, UML 2002 - The Unified Modeling Language, volume 2460 of LNCS, pages 412-425. Springer, 2002.
12. J. Jurjens. Using UMLsec and goal-trees for secure systems development. In G. Lamont, H. Haddad, G. Papadopoulos, and B. Panda, editors, Proceedings of the 2002 Symposium of Applied Computing (SAC), pages 1026-1031. ACM Press, 2002.
13. J. Jurjens. Secure Systems Development with UML. Springer, 2004.
14. J. Jürjens, E. Fernandez, R. France, and B. Rumpe, editors. Critical Systems Development with UML (CSDUML 2004), TU München Technical Report, 2004. UML 2004 satellite workshop proceedings.
15. J. Jürjens and P. Shabalin. Automated verification of UMLsec models for security requirements. In J.-M. Jézéquel, H. Hußmann, and S. Cook, editors, UML 2004 - The Unified Modeling Language, volume 2460 of LNCS, pages 412-425. Springer, 2004.
16. R. Kemmerer. Analyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications, 7(4):448-457, May 1989.
17. R. Kemmerer. Cybersecurity. In 25th International Conference on Software Engineering (ICSE 2003), pages 705-717. IEEE Computer Society, 2003.
18. J. Kirby, M. Archer, and C. Heitmeyer. Applying formal methods to an information security device: An experience report. In 4th IEEE International Symposium on High Assurance Systems Engineering (HASE 1999), pages 81-88. IEEE Computer Society, 1999.
19. J. Lilius and I. Porres. Formalising UML state machines for model checking. In R. France and B. Rumpe, editors, The Unified Modeling Language (UML 1999), volume 1723 of LNCS, pages 430-445. Springer, 1999.
20. C. Meadows. A system for the specification and analysis of key management protocols. In IEEE Symposium on Security and Privacy, pages 182-195, 1991.
21. C. Meadows. Open issues in formal methods for cryptographic protocol analysis. In DARPA Information Survivability Conference and Exposition (DISCEX 2000), pages 237-250. IEEE Computer Society, 2000.
22. M. Moser, O. Ibens, R. Letz, J. Steinbach, C. Goller, J. Schumann, and K. Mayr. SETHEO and E-SETHEO - The CADE-13 Systems. Journal of Automated Reasoning (JAR), 18(2):237-246, 1997.
23. Netbeans project. Open source. Available from http://mdr.netbeans.org, 2003.
24. Object Management Group. OMG XML Metadata Interchange (XMI) Specification, Jan. 2002.
25. J. Schumann, Automatic verification of cryptographic protocols with SETHEO. In W. McCune, editor, 14th International Conference on Automated Deduction (CADE-14), volume 1249 of LNCS, pages 87-100. Springer, 1997.
26. G. Sutcliffe and C. Suttner. The TPTP problem library for automated theorem proving, 2001. Available at http://www.tptp.org.
27. UMLsec tool, 2002-04. Open-source. Accessible at http://www.umlsec.org.
28. A. van Lamsweerde. Elaborating security requirements by construction of intentional anti-models. In ICSE, pages 148-157. IEEE Computer Society, 2004.
29. Verisoft project webpages. http://www.verisoft.de, 2003.
30. J. Wei, S. Cheung, and X. Wang. Exploiting automatic analysis of e-commerce protocols. In 25th Annual International Computer Software and Applications Conference (COMPSAC 2001), pages 55-62, 2001.
31. C. Weidenbach. Towards an automatic analysis of security protocols in first-order logic. In H. Ganzinger, editor, 16th International Conference on Automated Deduction (CADE-16), volume 1632 of LNCS, pages 314-328, 1999.
32. A. Zisman and A. Kozlenkov. Knowledge base approach to consistency management of UML specification. In ASE01 [10], pages 359-363.