An approach to the specification of security concerns in UML
Author(s)
Tran, Xuan-Vinh
Truong, Ninh-Thuan
Nguyen, Anne
Griffith University Author(s)
Year published
2013
Metadata
Show full item recordAbstract
The Object Oriented methodology has been applied in software engineering for a wide range of large and critical systems. One of the modeling languages frequently used for this purpose is UML. As yet, however, the means provided by UML to specify and deal with security concerns are rather sparse. In this paper we propose a practical approach that could readily be incorporated into existing software development processes. We begin by reviewing the main types of security concerns in the various phases of the software development cycle, and set up stereotypes to specify those concerns. The stereotypes are then attached to use ...
View more >The Object Oriented methodology has been applied in software engineering for a wide range of large and critical systems. One of the modeling languages frequently used for this purpose is UML. As yet, however, the means provided by UML to specify and deal with security concerns are rather sparse. In this paper we propose a practical approach that could readily be incorporated into existing software development processes. We begin by reviewing the main types of security concerns in the various phases of the software development cycle, and set up stereotypes to specify those concerns. The stereotypes are then attached to use case diagrams and later to activity diagrams (and other derived diagrams). At the implementation stage, security concerns can be transformed into more detailed aspects via AOP (aspect oriented programming) techniques. By maintaining the consistency of security stereotypes from phase to phase, the concerns about system security are implemented in a traceable fashion. Such use of security stereotypes does not require a high level of skills or deep knowledge of UML, and can therefore be integrated, with relatively little effort, with many current system development methodologies.
View less >
View more >The Object Oriented methodology has been applied in software engineering for a wide range of large and critical systems. One of the modeling languages frequently used for this purpose is UML. As yet, however, the means provided by UML to specify and deal with security concerns are rather sparse. In this paper we propose a practical approach that could readily be incorporated into existing software development processes. We begin by reviewing the main types of security concerns in the various phases of the software development cycle, and set up stereotypes to specify those concerns. The stereotypes are then attached to use case diagrams and later to activity diagrams (and other derived diagrams). At the implementation stage, security concerns can be transformed into more detailed aspects via AOP (aspect oriented programming) techniques. By maintaining the consistency of security stereotypes from phase to phase, the concerns about system security are implemented in a traceable fashion. Such use of security stereotypes does not require a high level of skills or deep knowledge of UML, and can therefore be integrated, with relatively little effort, with many current system development methodologies.
View less >
Conference Title
Robot Intelligence Technology and Applications: Proceedings of the 1st International Conference on Robot Intelligence Technology and Applications 2012
Publisher URI
Subject
Computer System Security