1 / 12

Enhancing Software Security with UMLsec Approach

Explore UMLsec for secure software development, security requirements, extensions, analysis techniques, and the benefits for design phase. Learn about term algebra logic and tools for security verification.

cwoods
Download Presentation

Enhancing Software Security with UMLsec Approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Model Based Security with UMLsec Pankaj Chechani 005240093

  2. Agenda • Approach for secure software • Security requirements provided by UMLsec • UML Extension Mechanism • UMLsec Analysis • Conclusion

  3. Approach for secure software • Penetrate-and-Patch • insecure, delay, annoying • Formal verification • Very expensive • Security at design time

  4. Security requirements provided by UMLsec • Fair Exchange • Secure Information Flow • Secure Communication Link • Role-based Access Control • Authenticity

  5. Uml extension mechanism “Light-Weight” Extension Mechanism • Constrains • Properties that have to hold • {xor} • Tagged values • Describe properties of model elements • {username=“abc”, pass =“xyz”} • Stereotypes “Lots of” constraints and tagged values • Class + <<interface>> = Interface

  6. Example <<secure link>>[1] • Security requirements • dependency stereotypes • Physical layer • link stereotypes • Communication partners • Node stereotypes

  7. <<secure links>>

  8. UMLsec Analysis • Two popular approaches: • Formulate requirements with a special logic • Use term-algebra Ref: [2] • UMLsec follows term-algebra approach • Both are quite successful

  9. Cont… • Term algebra generated by Variables, Keys and Data • Operations: • _::_(concatenation), • Head(_) and Tail (_), • {_}_ (encryption), • Dec_{_} (decryption), Ref:[1] & [3] • Equations(some): Deck-1 ({E}K) = E (for K E Keys), ExtK (SignK-1(E)) = E(for K E Keys). Ref:[1] & [3]

  10. Conclusion • UMLsec provide security at design phase • Automatisms security analysis by tool support • Concentrates on data security, e-commerce scenarios, protocols • UMLsec itself is extensible

  11. Reference [1] Jan Jurjens, TU Munich: UMLsec - Presenting the Profile [2] Jan Jurjens, Secure System Development With UML [3]Matthias Wurm, Seminar Advanced System: Development of Secure Systems with UMLsec [4] Joe Combs, 15 Feb 2006: Discussing “Developing Secure Systems with UMLSec”

  12. Thank you

More Related