Dynamic Secure Aspect Modeling with UML: From Models to Code

Jürjens, Jan; Houmb, Siv Hilde

doi:10.1007/11557432_11

Jan Jürjens¹⁸ &
Siv Hilde Houmb¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 3713))

Included in the following conference series:

International Conference on Model Driven Engineering Languages and Systems

1634 Accesses
7 Citations

Abstract

Security engineering deals with modeling, analysis, and implementation of complex security mechanisms. The dynamic nature of such mechanisms makes it difficult to anticipate undesirable emergent behavior. In this work, we propose an approach to develop and analyze security-critical specifications and implementations using aspect-oriented modeling. Since we focus on the dynamic views of a system, our work is complementary to existing approaches to security aspects mostly concerned with static views. Our approach includes a link to implementations in so far as the code which is constructed from the models can be analyzed automatically for satisfaction of the security requirements stated in the UML diagrams. We present tool support for our approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Aspect-oriented modeling framework for security hardening

Article 29 October 2015

Achieving dynamicity in security policies enforcement using aspects

Article 09 January 2017

Development of Critical Systems with UML/OCL and FoCaLiZe

References

AbsInt. aicall (2004), http://www.aicall.de/
Broy, M., Jürjens, J., Cengarle, V., Rumpe, B.: Towards a system model for UML. Technical report, TU Munich (2005)
Google Scholar
Braun, P., Marschall, F.: The BOTL tool (2003), http://www4.in.tum.de/~marschal/botl/index.htm
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory IT-29(2), 198–208 (1983)
Article MathSciNet Google Scholar
Elrad, T., Aldawud, O., Bader, A.: Aspect-oriented modeling: Bridging the gap between implementation and design. In: Batory, D., Consel, C., Taha, W. (eds.) GPCE 2002. LNCS, vol. 2487, pp. 189–201. Springer, Heidelberg (2002)
Chapter Google Scholar
Elrad, T., Aksit, M., Kiczales, G., Lieberherr, K.J., Ossher, H.: Discussing aspects of AOP. Commun. ACM 44(10), 33–38 (2001)
Article Google Scholar
France, R.B., Kim, D., Ghosh, S., Song, E.: A UML-based pattern specification technique. IEEE Trans. Software Eng. 30(3), 193–206 (2004)
Article Google Scholar
France, R.B., Ray, I., Georg, G., Ghosh, S.: Aspect-oriented approach to early design modelling. IEE Proceedings - Software 151(4), 173–186 (2004)
Article Google Scholar
Gomaa, H., Shin, M.E.: Modeling complex systems by separating application and security concerns. In: ICECCS, pp. 19–28. IEEE Computer Society, Los Alamitos (2004)
Google Scholar
Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)
Google Scholar
Jürjens, J.: Developing safety-critical systems with UML. In: Stevens, P., Whittle, J., Booch, G. (eds.) UML 2003. LNCS, vol. 2863, pp. 360–372. Springer, Heidelberg (2003)
Chapter Google Scholar
Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)
Google Scholar
Jürjens, J.: Security analysis tool (webinterface and download) (2004), http://www4.in.tum.de/csduml/interface
Jürjens, J.: Sound methods and effective tools for model-based security engineering with UML. In: 27th International Conference on Software Engineering (ICSE 2005), IEEE Computer Society, Los Alamitos (2005)
Google Scholar
Lee, J.-S., Bae, D.-H.: An aspect-oriented framework for developing component-based software with the collaboration-based architectural style. Information & Software Technology 46(2), 81–97 (2004)
Article Google Scholar
Marcus, A., Sergeyev, A., Rajlich, V., Maletic, J.I.: An information retrieval approach to concept location in source code. In: WCRE, pp. 214–223. IEEE Computer Society, Los Alamitos (2004)
Google Scholar
Schumann, J., Fischer, B., Whalen, M.W., Whittle, J.: Certification support for automatically generated programs. In: HICSS, p. 337 (2003)
Google Scholar
Sutcliffe, G., Suttner, C.: The TPTP problem library for automated theorem proving (2001), Available at http://www.tptp.org
Stenz, G., Wolf, A.: E-SETHEO: An automated3 theorem prover. In: Dyckhoff, R. (ed.) TABLEAUX 2000. LNCS, vol. 1847, pp. 436–440. Springer, Heidelberg (2000)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Software & Systems Engineering, Dep. of Informatics, TU Munich, Germany
Jan Jürjens
Department of Computer and Information Science, Norwegian University of Science and Technology, Norway
Siv Hilde Houmb

Authors

Jan Jürjens
View author publications
You can also search for this author in PubMed Google Scholar
Siv Hilde Houmb
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Simula Research Laboratory, University of Oslo, P.O. Box 134, Lysaker, Norway
Lionel Briand
IBM T J Watson Research Center, 19 Skyline Drive, 10532, Hawthorne, NY
Clay Williams

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Jürjens, J., Houmb, S.H. (2005). Dynamic Secure Aspect Modeling with UML: From Models to Code. In: Briand, L., Williams, C. (eds) Model Driven Engineering Languages and Systems. MODELS 2005. Lecture Notes in Computer Science, vol 3713. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11557432_11

Download citation

DOI: https://doi.org/10.1007/11557432_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29010-0
Online ISBN: 978-3-540-32057-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics