Secure Systems Development with UML

Read more

Attacks against computer systems can cause considerable economic or physical damage. High-quality development of security-critical systems is difficult, mainly because of the conflict between development costs and verifiable correctness.
Jürjens presents the UML extension UMLsec for secure systems development. It uses the standard UML extension mechanisms, and can be employed to evaluate UML specifications for vulnerabilities using a formal semantics of a simplified fragment of UML. Established rules of security engineering can be encapsulated and hence made available even to developers who are not specialists in security. As one example, Jürjens uncovers a flaw in the Common Electronic Purse Specification, and proposes and verifies a correction.
With a clear separation between the general description of his approach and its mathematical foundations, the book is ideally suited both for researchers and graduate students in UML or formal methods and security, and for advanced professionals writing critical applications.

List of contents

Prologue.- Walk-through: Using UML for Security.- Background.- Developing Secure Systems.- Model-based Security Engineering with UML.- Applications.- Tool Support.- Tool support for UMLsec.- A Formal Foundation.- Formal Systems Development with UML.- Epilogue.- Further Material.- Outlook.

Summary

The extension UMLsec of the Unified Modeling Language for secure systems development is presented in this text. The book is written in a way which keeps the first part accessible to anyone with a basic background on object-oriented systems. The second part covers the mathematical tools needed to use the UMLsec approach to verify UML specifications against security requirements. It can also be used as part of a general course on applying UML or on computer security. A practically relevant example is used throughout the book to demonstrate the presented methods.