Abstract
In practice, security of computer systems is compromised most often not by breaking dedicated mechanisms (such as security protocols), but by exploiting vulnerabilities in the way they are employed. Towards a solution of this problem we aim to encapsulate rules of prudent security engineering in such a way that a system specification formulated in (a formal core of) the Unified Modeling Language (UML, the industry-standard in object-oriented modelling) can be evaluated wrt. these rules, violations be indicated and suggestions for modifications be derived.
Supported by the Studienstiftung des deutschen Volkes and the Computing Laboratory.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
M. Abadi. Security protocols and their properties. In F. Bauer and R. Steinbrueggen, editors, Foundations of Secure Computation. IOS Press, 2000.
M. Abadi, Michael Burrows, Butler Lampson, and Gordon Plotkin. A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems, 15(4):706–734, 1993.
R. Anderson. Why cryptosystems fail. Communications of the ACM, 37(11):32–40, November 1994.
R. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, 2001.
CEPSCO. Common Electronic Purse Specifications, 2001. Business Requirements vers. 7.0, Functional Requirements vers. 6.3, Technical Specification vers. 2.3, available from http://www.cepsco.com.
Dieter Gollmann. On the verification of cryptographic protocols-a tale of two committees. In Workshop on Security Architectures and Information Flow, volume 32 of Electronical Notes in Theoretical Computer Science, 2000.
Li Gong. Java™ Security Architecture (JDK1.2). http://java.sun.com/products/jdk/1.2/docs/guide/security/spec/security-spec. doc.html, October 2 1998.
Li Gong. Inside Java 2 Platform Security-Architecture, API Design, and Implementation. Addison-Wesley, 1999.
H. Hußmann, editor. Fundamental Approaches to Software Engineering (FASE/ETAPS, International Conference), volume 2029 of LNCS. Springer, 2001.
Jan Jürjens. Developing secure systems with UMLsec — from business processes to implementation. In VIS 2001. Vieweg-Verlag, 2001. To appear.
Jan Jürjens. Modelling audit security for smart-card payment schemes with UMLsec. In P. Paradinas, editor, IFIP/SEC 2001-16th International Conference on Information Security. Kluwer, 2001.
Jan Jürjens. Secure Java development with UMLsec. 2001. Submitted.
Jan Jürjens. Towards development of secure systems using UMLsec. In [9], 2001.
Jan Jürjens and Guido Wimmel. Security modelling for electronic commerce: The Common Electronic Purse Specifications. In First IFIP conference on e-commerce, e-business, and e-government (I3E). Kluwer, 2001.
Jan Jürjens and Guido Wimmel. Specification-based testing of firewalls. In Andrei Ershov 4th International Conference “Perspectives of System Informatics” (PSI’01), LNCS. Springer, 2001. To be published.
L. Paulson. Inductive analysis of the Internet protocol TLS (transcript of discussion). In B. Christianson, B. Crispo, W.S. Harbison, and M. Roe, editors, Security Protocols-6th International Workshop, number 1550 in LNCS, page 13 ff., Cambridge, UK, April 1998.
R. Pooley and P. King. The unified modeling language and performance engineering. IEE Proceedings-Software, 146(1):2–10, 1999.
J. Rumbaugh, I. Jacobson, and G. Booch. The Unified Modeling Language Reference Manual. Addison-Wesley, 1999.
F. Schneider, editor. Trust in Cyberspace. National Academy Press, 1999.
J. Saltzer and M. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278–1308, September 1975.
M. Walker. On the security of 3GPP networks. In Advances in Cryptology-EUROCRYPT, volume 1807 of LNCS. Springer, 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jürjens, J. (2002). Encapsulating Rules of Prudent Security Engineering. In: Christianson, B., Malcolm, J.A., Crispo, B., Roe, M. (eds) Security Protocols. Security Protocols 2001. Lecture Notes in Computer Science, vol 2467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45807-7_15
Download citation
DOI: https://doi.org/10.1007/3-540-45807-7_15
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44263-9
Online ISBN: 978-3-540-45807-4
eBook Packages: Springer Book Archive