Representing Security Goals, Policies, and Objects

As information security is increasingly becoming critical for today´s computer based systems, there is increasing need for integrating security concerns into the early phases system development processes. As a result, more attention is being drawn to modeling of security goals and their refinements into implementable security policies. With the growing adoption of the UML for object oriented analysis and design, there is need to incorporate security concepts into UML models to offer an attractive approach to engineering security into the system being developed. In this paper, we present a visual approach to unifying goal oriented analysis of security objectives and their associated security policies, with UML functional models. We also show how this representation leads to the early discovery of conflicts and inconsistencies in security policies during analysis. A simplified college department information system is used to illustrate the major concepts of this approach