Title :
Automated threat identification for UML
Author :
Yee, George ; Xie, Xingli ; Majumdar, Shikharesh
Author_Institution :
Dept. of Systems and Computer Engineering, Carleton University, Colonel By Drive, Ottawa, Canada
Abstract :
In tandem with the growing important roles of software in modern society is the increasing number of threats to software. Building software systems that are resistant to these threats is one of the greatest challenges in information technology. Threat identification methods for secure software development can be found in the literature. However, none of these methods has involved automatic threat identification based on analyzing UML models. Such an automated approach should offer benefits in terms of speed and accuracy when compared to manual methods, and at the same time be widely applicable due to the ubiquity of UML. This paper addresses this shortcoming by proposing an automated threat identification method based on parsing UML diagrams.
Keywords :
Analytical models; Data models; Databases; Expert systems; Object oriented modeling; Software; Unified modeling language; Secure software development; Software threat identification; Software threat modeling; UML; expert systems;
Conference_Titel :
Security and Cryptography (SECRYPT), Proceedings of the 2010 International Conference on
Conference_Location :
Athens
