A UML-Based Methodology for Secure Systems: The Design Stage

Eduardo B. Fernandez, Tami Sorgente, María M. Larrondo-Petrie

2005

Abstract

We have previously proposed a UML-based secure systems development methodology that uses patterns and architectural layers. We studied requirements and analysis aspects and combined analysis patterns with security patterns to build secure conceptual models. Here we extend this methodology to the design stage. Design artifacts provide a way to enforce security constraints. We consider the use of views, components, and distribution.

References

  1. Fernandez, E. B., and Yuan, X.: Semantic analysis patterns. In: Proceedings of 19th International Conference on Conceptual Modeling, (2000) 183-195. Also available from: http://www.cse.fau.edu/ed/SAPpaper2.pdf
  2. Fernandez, E. B., and Yuan, X.: An analysis pattern for reservation and use of entities. In: Proceedings of the Pattern Languages of Programs Conference, PLoP99 (1999). http://st-www.cs.uiuc.edu/plop/plop99
  3. Fernandez,E. B., Yuan, X., and Brey, S.: Analysis Patterns for the Order and Shipment of a Product. In: Proceeding of the Pattern Languages of Programs Conference, PLoP00, (2000). http://hillside.net/plop/2000/
  4. Fernandez, E. B., and Yuan, X.: An Analysis Pattern for Repair of an Entity. In: Proceedings of the Pattern Languages of Programs Conference, PLoP01 (2001). http://jerry.cs.uiuc.edu/plop/plop2001/accepted_submissions
  5. Sorgente, T., and Fernandez, E. B.: Analysis patterns for patient treatment. In: Proceedings of the Pattern Languages of Programs Conference, PLoP04 (2004). http://jerry.cs.uiuc.edu/plop/plop2004/accepted_submissions
  6. Yuan, X., and Fernandez, E. B.: An analysis pattern for course management. In: Proceedings of the Pattern Languages of Programs Conference, PLoP03 (2003). http://hillside.net/europlop
  7. Fowler, M.: Analysis patterns - Reusable object models, Addison-Wesley (1997).
  8. Hamza, H. S. and Fayad, M. E.: The Negotiation Analysis Pattern. In: Proceedings of the Pattern Languages of Programs Conference, PLoP04 (2004). http://hillside.net/plop/2004/
  9. Fernandez, E. B.: A methodology for secure software design. In: Proceedings of the 2004 Intl. Symposium on Web Services and Applications, ISWS'04, Las Vegas, Nevada, 21-24 June 2004 (2004).
  10. Fernandez, E. B., and Pan, R.: A Pattern Language for security models. In: Proceedings of the Pattern Languages of Programs Conference, PLoP01 (2001). http://jerry.cs.uiuc.edu/plop/plop2001/accepted_submissions
  11. Delessy-Gassant, N., Fernandez, E.B., Rajput, S., and Larrondo-Petrie, M. M: "Patterns for application firewalls. In: Proceedings of the Pattern Languages of Programs Conference (PLoP2004). http://hillside.net/plop/2004/
  12. Fernandez, E. B.: Layers and non-functional patterns. In: Proceedings of ChiliPLoP03, Phoenix, Arizona, 10-15March 2003 (2003). http://hillside.net/chiliplop/2003/
  13. Larman, C.: Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design and Iterative Development, 3rd edition, Prentice-Hall (2005).
  14. Fernandez, E. B., and Hawkins, J. C.: Determining Role Rights from Use Cases. In: Proceedings of the 2nd ACM Workshop on Role-Based Access Control, ACM (1997) 121-125. http://www.cse.fau.edu/ed/RBAC.pdf
  15. Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P., and Stal, M.: Pattern-Oriented Software Architecture: A System of Patterns, Vol. 1, Wiley (1996).
  16. Koved, L., Nadalin, A., Nagarathan, N., Pistoia, M., and Schrader, T.: Security challenges for Enterprise Java in an e-business environment. In: IBM Systems Journal, Vol. 40, No. 1, (2001), 130-152.
  17. Fernandez, E. B.: Coordination of security levels for Internet architectures. In: Proceedings of the 10th International Workshop on Database and Expert Systems Applications (1999) 837-841. http://www.cse.fau.edu/ed/Coordinationsecurity4.pdf
  18. Wood, C. Summers, R. C. and Fernandez, E. B.: Authorization in multilevel database models. In: Information Systems, Vol. 4 (1979) 155-161.
  19. Georg, G., France, R., and Ray, I.: Creating Security Mechanism Aspect Models from Abstract Security Aspect Models. In: Workshop on Critical Systems Development with UML, UML2003, October 2003 (2003) http://www.cs.colostate.edu/georg/aspectsPub/CSDUML03.pdf
  20. Ray, I., France, R. B., Li, N., and Georg, G.: An Aspect-Based Approach to Modeling Access Control Concerns. In: Journal of Information and Software Technology, Vol, 46, No. 9, July 2004, (2004) 575-587, http://www.cs.colostate.edu/georg/aspectsPub/IST04.pdf
  21. Fernandez, E. B., Larrondo-Petrie, M. M., Sorgente, T., Rajput, S., and VanHilst, M.: UML-based access control models. Submitted for publication.
  22. Lodderstedt, T., Basin, D. A., and Doser, J.: SecureUML: A UML-based modeling language for model-driven security. In: Proceedings of the 5th International Conference on UML, UML 2002, Lecture Notes in Computer Science, Vol. 2460, Springer-Verlag, Berlin Heidelberg New York (2002) 426-441.
  23. Object Management Group. http://www.omg.org/uml
  24. Mouratidis, H., and Giorgini, P.: Analyzing security in information systems. In: Proceedings of the 2nd International Workshop on Security and Information Systems, WOSIS 2004, Porto, Portugal (2004).
Download


Paper Citation


in Harvard Style

B. Fernandez E., Sorgente T. and M. Larrondo-Petrie M. (2005). A UML-Based Methodology for Secure Systems: The Design Stage . In Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005) ISBN 972-8865-25-2, pages 207-216. DOI: 10.5220/0002558102070216


in Bibtex Style

@conference{wosis05,
author={Eduardo B. Fernandez and Tami Sorgente and María M. Larrondo-Petrie},
title={A UML-Based Methodology for Secure Systems: The Design Stage},
booktitle={Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005)},
year={2005},
pages={207-216},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002558102070216},
isbn={972-8865-25-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005)
TI - A UML-Based Methodology for Secure Systems: The Design Stage
SN - 972-8865-25-2
AU - B. Fernandez E.
AU - Sorgente T.
AU - M. Larrondo-Petrie M.
PY - 2005
SP - 207
EP - 216
DO - 10.5220/0002558102070216