Title :
Sound methods and effective tools for model-based security engineering with UML
Author_Institution :
Dept. of Informatics, TU, Munich, Germany
Abstract :
Developing security-critical systems is difficult and there are many well-known examples of security weaknesses exploited in practice. Thus a sound methodology supporting secure systems development is urgently needed. We present an extensible verification framework for verifying UML models for security requirements. In particular, it includes various plugins performing different security analyses on models of the security extension UMLsec of UML. Here, we concentrate on an automated theorem prover binding to verify security properties of UMLsec models which make use of cryptography (such as cryptographic protocols). The paper aims to contribute towards usage of UML for secure systems development in practice by offering automated analysis routines connected to popular CASE tools. We present an example of such an application where our approach found and corrected several serious design flaws in an industrial biometric authentication system.
Keywords :
Unified Modeling Language; computer aided software engineering; cryptography; program verification; safety-critical software; software tools; theorem proving; CASE tools; UML model verification; Unified Modeling Language; automated theorem prover; cryptography; extensible verification framework; model-based security engineering; secure systems development; security-critical systems; Acoustical engineering; Authentication; Biometrics; Computer aided software engineering; Cryptographic protocols; Cryptography; Information security; Object oriented modeling; Software engineering; Unified modeling language;
Conference_Titel :
Software Engineering, 2005. ICSE 2005. Proceedings. 27th International Conference on
Print_ISBN :
1-59593-963-2
DOI :
10.1109/ICSE.2005.1553575
