MASC: Modelling Architectural Security Concerns

Author

Sion, Laurens ; Yskout, Koen ; van den Berghe, Alexander ; Scandariato, Riccardo ; Joosen, Wouter

Author_Institution

iMinds-DistriNet, KU Leuven, Leuven, Belgium

fYear

2015

fDate

16-17 May 2015

Firstpage

36

Lastpage

41

Abstract

Security decisions are an important part of software architecture design, and thus deserve to be explicitly represented in the design documentation. While UML is the best-known language for creating such documentation, it lacks security specific notations, which makes it difficult to represent the effect of the security decisions. Several security extensions for UML exist in the literature, but they represent security concerns at a lower level of abstraction, or only support a limited subset of security concerns. We propose a new notation, MASC, to model security concerns at the architectural level. It has been designed as an extension of UML, and is based on recurring security concepts that have been distilled from well-known security principles, goals, and patterns. By using our notation, a designer obtains a technique to express security concerns more explicitly in the architectural design documentation.

Keywords

Unified Modeling Language; security of data; software architecture; MASC; UML; architectural design documentation; modelling architectural security concerns; security decisions; security specific notations; software architecture design; Documentation; Encryption; Mediation; Unified modeling language; MASC; UML; notation; security; software architecture;

fLanguage

English

Publisher

ieee

Conference_Titel

Modeling in Software Engineering (MiSE), 2015 IEEE/ACM 7th International Workshop on

Conference_Location

Florence

Type

conf

DOI

10.1109/MiSE.2015.14

Filename

7167400