Secure UML Information Flow using FlowUML

Khaled Alghathbar, Duminda Wijesekera, Csilla Farkas†

Abstract

FlowUML is a logic-based system to validate information flow policies at the requirements specification phase of UML based designs. It uses Horn clauses to specify information flow polices that can be checked against flow information extracted from UML sequence diagrams. FlowUML policies can be written at a coarse grain level of caller-callee relationships or at a finer level involving passed attributes.

References

  1. K. Alghathbar, D. Wijesekera. “authUML: A Three-phased framework to analyze access control specifications in Use Cases”. In proc. of the Workshop on Formal Methods in Security Engineering (FMSE), Washington, DC. October 2003. ACM Press.
  2. D. Bell and L. LaPadula. “Secure computer system: United exposition and Multics interpretation”. Technical Report, ESD-TR-75-306, MITRE Corp. MTR-2997. Bedford, MA, 1975.
  3. E. Bertino and V. Atluri. “The specification and enforcement of authorization constraints in workflow management”. ACM transactions on Information Systems Security, February 1999.
  4. B. Boehm. Software engineering economics. Englewood Cliffs, NJ: Prentice-Hall. (1981)
  5. G. Booch, J. Rumbaugh, and I. Jacobson. The Unified Modeling Language User Guide. Addison-Wesley, Reading, MA, 1999.
  6. S.Chen, D. Wijesekera, S. Jajodia. “FlexFlow: A Flexible Flow Control Policy Specification Framework”. In proceedings of the 17th Annual IFIP WG 11.3 Working Conference on Database and Applications Security. Estes Park, Colorado. August 2003.
  7. L. Chung, B. Nixon, E. Yu, J. Mylopoulos. Non-Functional Requirements in Software Engineering. Kluwer Academic Publishers (2000).
  8. P. T. Devanbu and S. Stubblebine. “Software engineering for security:A roadmap”. In A. Finkelstein, editor, The Future of Software Engineering. ACM Press, 2000.
  9. D. Gabbay and A. Hunter, “Making Inconsistency Respectable: A Logical Framework for Inconsistency in Reasoning, Phase1 - A Position Paper”, Proceedings of Fundamentals of Artificial Intelligence Research 7891, 19-32, Springer-Verlag.
  10. D. Gabbay and A. Hunter, “Making Inconsistency Respectable: A Logical Framework for Inconsistency in Reasoning, Phase2”, In Symbolic and Quantitative Approaches to Reasoning and Uncertainty, 129-136, LNCS, Springer-Verlag, 1992.
  11. M. Gelfond, V. Lifschitz. 1988. “The stable model semantics for logic programming”. In Proceedings, 5th International Conference and Symposium on Logic Programming. Seattle, Wash. pp. 1070-1080.
  12. A. Myers. “JFlow: Practical mostly-static information flow control”. In Proc. 26th ACM Symp. on Principles of Programming Languages (POPL), pages 228--241, San Antonio, TX, January 1999.
  13. B. Nuseibeh, S. Easterbrook and A. Russo, “Making Respectable in Software Development”, Journal of Systems and Software, 56(11), November 2001, Elsevier Science Publishers
  14. B. Nuseibeh and S. Easterbrook. “Requirements engineering: A roadmap”. In A. Finkelstein, editor, The Future of Software Engineering. ACM Press, 2000.
  15. Rational Rose. http://www.rational.com.
  16. P. Samarati, E. Bertino, A. Ciampichetti, and S. Jajodia. “Information flow control in object-oriented systems. IEEE Transactions on Knowledge and Data Engineering”, 9(4):524- 538, July-Aug. 1997.
  17. The Unified Modeling Language version 1.5. http://www.omg.org/uml/. Accessed in September 2003.
  18. T. Lodderstedt, D. Basin, and J. Doser. “SecureUML: A UML-Based Modeling Language for Model-Driven Security,” in Proceedings of the 5th International Conference on The Unified Modeling Language, pp. 426-441, 2002.
  19. J. Jurjens. “UMLsec: Extending UML for Secure Systems Development,” in Proceedings of the 5th International Conference on the Unified Modeling Language, pp. 412-425, 2002.
Download


Paper Citation


in Harvard Style

Alghathbar K., Wijesekera D. and Farkas† C. (2005). Secure UML Information Flow using FlowUML . In Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005) ISBN 972-8865-25-2, pages 229-238. DOI: 10.5220/0002569802290238


in Bibtex Style

@conference{wosis05,
author={Khaled Alghathbar and Duminda Wijesekera and Csilla Farkas†},
title={Secure UML Information Flow using FlowUML},
booktitle={Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005)},
year={2005},
pages={229-238},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002569802290238},
isbn={972-8865-25-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005)
TI - Secure UML Information Flow using FlowUML
SN - 972-8865-25-2
AU - Alghathbar K.
AU - Wijesekera D.
AU - Farkas† C.
PY - 2005
SP - 229
EP - 238
DO - 10.5220/0002569802290238