Title :
Automated security hardening for evolving UML models
Author_Institution :
Fraunhofer ISST, Tech. Univ. Dortmund, Dortmund, Germany
Abstract :
Developing security-critical software correctly and securely is difficult. To address this problem, there has been a significant amount of work over the last 10 years on providing model-based development approaches based on the Unified Modeling Language which aim to raise the trustworthiness of security-critical systems, some of them including tools allowing the user to check whether a UML model satisfies the relevant security requirements. However, when the requirements are not satisfied by a given model, it can be challenging for the user to determine which changes to do to the model so that it will indeed satisfy the security requirements. Also, the fact that software continues to evolve on an ongoing basis, even after the implementation has been shipped to the customer, increases the challenge since in principle, the software has to be re-verified after each modification, requiring significant efforts. We present work on automated tool-support that exploits recent work on secure software evolution in the Secure Change project in order to support the security hardening of evolving UML models (within the context of the UML security extension UMLsec).
Keywords :
Unified Modeling Language; safety-critical software; security of data; UMLsec security extension; Unified Modeling Language; evolving UML model; model-based development; secure change project; security hardening; security requirement; security-critical software; software evolution; Analytical models; Computational modeling; Context; Context modeling; Security; Software; Unified modeling language; model-based development; security-critical software; umlsec;
Conference_Titel :
Software Engineering (ICSE), 2011 33rd International Conference on
Conference_Location :
Honolulu, HI
Print_ISBN :
978-1-4503-0445-0
Electronic_ISBN :
0270-5257
DOI :
10.1145/1985793.1985968
