research-article

Automated security hardening for evolving UML models

Author:

Jan JürjensAuthors Info & Claims

ICSE '11: Proceedings of the 33rd International Conference on Software Engineering

Pages 986 - 988

https://doi.org/10.1145/1985793.1985968

Published: 21 May 2011 Publication History

Get Access

Abstract

Developing security-critical software correctly and securely is difficult. To address this problem, there has been a significant amount of work over the last 10 years on providing model-based development approaches based on the Unified Modeling Language which aim to raise the trustworthiness of security-critical systems, some of them including tools allowing the user to check whether a UML model satisfies the relevant security requirements. However, when the requirements are not satisfied by a given model, it can be challenging for the user to determine which changes to do to the model so that it will indeed satisfy the security requirements. Also, the fact that software continues to evolve on an ongoing basis, even after the implementation has been shipped to the customer, increases the challenge since in principle, the software has to be re-verified after each modification, requiring significant efforts. We present work on automated tool-support that exploits recent work on secure software evolution in the Secure Change project in order to support the security hardening of evolving UML models (within the context of the UML security extension UMLsec).

References

[1]

P. Bottoni, M. Koch, F. Parisi-Presicce, and G. Taentzer. Consistency checking and visualization of OCL constraints. In UML, volume 1939 of LNCS, pages 294--308. Springer, 2000.

Digital Library

Google Scholar

[2]

G. Engels, R. Heckel, and J. Küster. The Consistency Workbench: A tool for consistency management in UML-based development. In UML'03, volume 2863 of LNCS, pages 356--359, 2003.

Crossref

Google Scholar

[3]

J. Jürjens. Secure Systems Development with UML. Springer, 2005.

Crossref

Google Scholar

[4]

J. Jürjens. Sound methods and effective tools for model-based security engineering with UML. In ICSE. IEEE, 2005.

Google Scholar

[5]

J. Jürjens, L. Montrieux, P.-Y. Schobbens, J. Schreck, and Y. Yu. Automated security hardening for UML models, 2011. Draft.

Digital Library

Google Scholar

[6]

J. Jürjens, J. Schreck, and P. Bartmann. Model-based security analysis for mobile communications. In ICSE. ACM, 2008.

Digital Library

Google Scholar

[7]

Á. Schmidt and D. Varró. CheckVML: A tool for model checking visual modeling languages. In UML, volume 2863 of LNCS, pages 92--95. Springer, 2003.

Google Scholar

[8]

I. Siveroni, A. Zisman, and G. Spanoudakis. Property specification and static verification of UML models. In 3rd International Conference on Availability, Reliability, and Security (ARES'08), 2008.

Digital Library

Google Scholar

[9]

UMLsec tool, 2001-2011. http://jan.jurjens.de/umlsectool.

Google Scholar

Cited By

View all

Peñil PDíaz APosadas HMedina JSánchez P(2017)High-Level Design of Wireless Sensor Networks for Performance Optimization Under Security HazardsACM Transactions on Sensor Networks10.1145/307835913:3(1-37)Online publication date: 1-Aug-2017
https://dl.acm.org/doi/10.1145/3078359

Index Terms

Automated security hardening for evolving UML models
1. Software and its engineering
  1. Software creation and management
    1. Software development techniques
      1. Object oriented development
  2. Software notations and tools
    1. Development frameworks and environments
      1. Object oriented frameworks

Recommendations

Aspect-Oriented Security Hardening of UML Design Models
Tools for secure systems development with UML

For model-based development to be a success in practice, it needs to have a convincing added-value associated with its use. Our goal is to provide such added-value by developing tool-support for the analysis of UML models against difficult system ...
Aspect-Oriented Security Hardening of UML Design Models

Comments

Information & Contributors

Information

Published In

ICSE '11: Proceedings of the 33rd International Conference on Software Engineering

May 2011

1258 pages

ISBN:9781450304450

DOI:10.1145/1985793

General Chair:
Richard N. Taylor
UC Irvine, USA
,
Program Chairs:
Harald Gall
University of Zurich, Switzerland
,
Nenad Medvidović
University of Southern California, USA

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 May 2011

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICSE11

Sponsor:

SIGSOFT

ICSE11: International Conference on Software Engineering

May 21 - 28, 2011

HI, Waikiki, Honolulu, USA

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
226
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Peñil PDíaz APosadas HMedina JSánchez P(2017)High-Level Design of Wireless Sensor Networks for Performance Optimization Under Security HazardsACM Transactions on Sensor Networks10.1145/307835913:3(1-37)Online publication date: 1-Aug-2017
https://dl.acm.org/doi/10.1145/3078359

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Aspect-Oriented Security Hardening of UML Design Models

Tools for secure systems development with UML

Aspect-Oriented Security Hardening of UML Design Models