Abstract
This paper makes an attempt to propose a framework that enables systems developers to express and integrate security properties with the system functionality from the beginning of the information systems (IS) development process. We propose a UML based security integration framework that will enable IS developer to specify and incorporate underlying security properties with the corresponding functional properties in the design artefacts. In current practices, a system is analysed and designed around business objects and operations. IS developers only consider objects and functionality during the system analysis and design process, whereas security designers define the security of the system. We use UML to show how the security properties defined by the security experts can be incorporated with the use case, class diagram, and interaction diagrams along with the systems functionality designed by systems analysts and designers.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
J. Viega, G. McGraw, Building Secure Software: How to Avoid Security Problems the Right Way. ( Addison-Wesley, Reading, Mass., 2001 ).
A. Ghosh, C. Howell, J. Whittaker, Building Software Securely from the Ground Up, IEEE Software, Vol. 19, no. I, 14–16 ( IEEE CS press, Los Alamitos, Calif., 2002 ).
G. Abowd, R. Allen, and D. Garlan, Formalizing Style to Understand Descriptions of Software Architecture, ACM Trans. on Software Engineering and Methodology, 4 (4), 319–365 (1995).
C. Larman, Applying UML and Patterns (Prentice Hall, 1997 ).
B. Friedman, P. Kahn Jr., and D. Howe, Trust Online, Communications of the ACM, Vol. 43, No. 12, 34–44 ( ACM press, December 2000 ).
L. Bass, P. Clements, R. Kazman, Software Architecture in Practice (Addison-Wesley, 1998 ).
J. Juryens, UMLsec: Extending UML for Secure Systems Development, Proc. 5th International Conference on UML, 412–425 (Springer-verlag, 2002 ).
K. Khan, J. Han, Composing Security-Aware Composition, IEEE Software, Vol. 19–1, January-February 3441 ( IEEE CS press, Los Alamitos, Calif., 2002 ).
G. Ribeiro-Justo, A. Saleh, Non-functional Integration and Coordination of Distributed Component Services, Proc. 6th European Conference on Software Maintenance and Reengineering, (IEEE CS press, Los Alamitos, Calif. 2002 ).
Common Criteria ISO/IEC-15408. Common Criteria for Information Technology Security Evaluation, version 2.0, (NIST, USA, 1999 ), http://csrc.nist.gov/cc/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Science+Business Media New York
About this paper
Cite this paper
Khan, K.M. (2004). Integrating Security Properties with Systems Design Artefacts. In: Linger, H., et al. Constructing the Infrastructure for the Knowledge Economy. Springer, Boston, MA. https://doi.org/10.1007/978-1-4757-4852-9_27
Download citation
DOI: https://doi.org/10.1007/978-1-4757-4852-9_27
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-3459-8
Online ISBN: 978-1-4757-4852-9
eBook Packages: Springer Book Archive