Evaluation of the Unified Modeling Language for Security Requirements Analysis

Ontua, Marife G.; Pancho-Festin, Susan

doi:10.1007/11604938_6

Marife G. Ontua¹⁹ &
Susan Pancho-Festin¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3786))

Included in the following conference series:

International Workshop on Information Security Applications

879 Accesses

Abstract

Security protocols can be difficult to specify and analyze. These difficulties motivate the need for models that will support the development of secure systems from the design to the implementation stages. We used the Unified Modeling Language (UML), an industry standard in object-oriented systems modeling, to express security requirements. We also developed an application, the UML Analyzer, to help identify possible vulnerabilities in the modeled protocol. This was achieved by checking the XML Meta-data Interchange (XMI) files generated from the UML diagrams. When compared with other analyses of IKE, our results indicate that UML diagrams and XMI files offer promising possibilities in the modeling and analysis of security protocols.

Support for this research was provided by the University of the Philippines and the University of the Philippines Engineering Research and Development Foundation Inc.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Gentleware: Poseidon for UML, Community Edition version 3.1 (2005), http://www.gentleware.com
Harkins, D., Carrel, D.: The Internet Key Exchange (RFC 2409) (1998), http://www.ietf.org/rfc/rfc2409.txt
Unified modeling language 2.0 draft specifications (2003), http://www.omg.org/uml/
Jürjens, J.: Developing secure systems with UMLsec - from business processes to implementation. In: Proceedings of VIS 2001, Kiel, Germany (2001)
Google Scholar
Jürjens, J.: Modelling audit security for smart-card payment schemes with UMLsec. In: Proceedings of IFIP/SEC 2001 - 16th International Conference on Information Security, Paris, France (2001)
Google Scholar
Jürjens, J.: Secure Java development with UML. In: Proceedings of I-NetSec 01 - First International IFIP TC-11 WG 11.4 Working Conference on Network Security, Leuven, Belgium (2001)
Google Scholar
Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 412. Springer, Heidelberg (2002)
Google Scholar
Devanbu, P., Stubblebine, S.: Software engineering for security: a roadmap. In: The Future of Software Engineering (2000); Special volume published in conjunction with International Conference on Software Engineering, Limerick, Ireland
Google Scholar
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-based modeling language for model-driven security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 426. Springer, Heidelberg (2002)
Google Scholar
Jürjens, J.: Towards development of secure systems using UMLsec. In: Hussmann, H. (ed.) FASE 2001. LNCS, vol. 2029, pp. 187–200. Springer, Heidelberg (2001)
Chapter Google Scholar
Pachl, J.: UML model for CORBA security (1999), http://www.omg.org/docs/security
Maughhan, D., Schertler, M., Schneider, M., Turner, J.: Internet Security Association and Key Management Protocol (RFC 2408) (1998), http://www.ietf.org/rfc/rfc2408.txt
Consortium, W.W.W.: XSL transformations (XSLT) version 1.0 (1999), http://www.w3.org/TR/1999/REC-xslt-19991116.html
Meadows, C.: Analysis of the Internet key exchange protocol using the NRL protocol analyzer. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, pp. 216–231 (1999)
Google Scholar
Zhou, J.: Fixing a security flaw in IKE protocols. Electronics Letters 35, 1072–1073 (1999)
Article Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science, University of the Philippines, Diliman, Quezon City, 1101, Philippines
Marife G. Ontua & Susan Pancho-Festin

Authors

Marife G. Ontua
View author publications
You can also search for this author in PubMed Google Scholar
Susan Pancho-Festin
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computer Science, Yonsei University, Shinchon-Dong, 134, Seodaemun-gu, 120-749, Seoul, Korea
Joo-Seok Song
School of Computer Science and Engineering, Seoul National University,
Taekyoung Kwon
Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, 10027, New York, NY, USA
Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Ontua, M.G., Pancho-Festin, S. (2006). Evaluation of the Unified Modeling Language for Security Requirements Analysis. In: Song, JS., Kwon, T., Yung, M. (eds) Information Security Applications. WISA 2005. Lecture Notes in Computer Science, vol 3786. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11604938_6

Download citation

DOI: https://doi.org/10.1007/11604938_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-31012-9
Online ISBN: 978-3-540-33153-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics