scholarly journals Tools for Secure Systems Development with UML: Security Analysis with ATPs

2005 ◽  
pp. 305-309 ◽  
Author(s):  
Jan Jürjens ◽  
Pasha Shabalin
Keyword(s):  
Security Analysis ◽  
Systems Development ◽  
Secure Systems

An Integrated Security Verification and Security Solution Design Trade-Off Analysis Approach

2007 ◽  
pp. 190-219 ◽  
Author(s):  
S. H. Houmb ◽  
G. Georg ◽  
J. Jurjens ◽  
R. France
Keyword(s):  
Systems Development ◽  
End Users ◽  
Security Requirements ◽  
Security Level ◽  
Critical System ◽  
Time To Market ◽  
Trade Off ◽  
Secure Systems ◽  
Alternative Design ◽  
Solution Design

This chapter describes the integrated security veri?cation and security solution design trade-off analysis (SVDT) approach. SVDT is useful when there is a diverse set of requirements imposed upon a security critical system, such as a required security level, time-to-market and budget constraints and end users’ expectations. Balancing these needs requires developers to evaluate alternative security solutions, and SVDT makes this evaluation effective. UMLsec, an extension to UML for secure systems development, is used to specify security requirements, and UMLsec tools are used to verify if the alternative design solutions satisfy security requirements.

scholarly journals MBSEsec: Model-Based Systems Engineering Method for Creating Secure Systems

2020 ◽  
Vol 10 (7) ◽  
pp. 2574 ◽  
Author(s):  
Donatas Mažeika ◽  
Rimantas Butleris
Keyword(s):  
Systems Engineering ◽  
Impact Analysis ◽  
Early Stage ◽  
System Development ◽  
Security Analysis ◽  
Security Requirements ◽  
Security Risks ◽  
Secure Systems ◽  
Model Based ◽  
Analysis Process

This paper presents how Model-Based System Engineering (MBSE) could be leveraged in order to mitigate security risks at an early stage of system development. Primarily, MBSE was used to manage complex engineering projects in terms of system requirements, design, analysis, verification, and validation activities, leaving security aspects aside. However, previous research showed that security requirements and risks could be tackled in the MBSE model, and powerful MBSE tools such as simulation, change impact analysis, automated document generation, validation, and verification could be successfully reused in the multidisciplinary field. This article analyzes various security-related techniques and then clarifies how these techniques can be represented in the Systems Modeling Language (SysML) model and then further exploited with MBSE tools. The paper introduces the MBSEsec method, which gives guidelines for the security analysis process, the SysML/UML-based security profile, and recommendations on what security technique is needed at each security process phase. The MBSEsec method was verified by creating an application case study that reflects real-world problems and running an experiment where systems and security engineers evaluated the feasibility of our approach.

Security Over the Information Systems Development Cycle

2011 ◽  
pp. 113-154
Author(s):  
C. Blanco ◽  
D. Rosado ◽  
C. Gutiérrez ◽  
A. Rodríguez ◽  
D. Mellado ◽  
...  
Keyword(s):  
Information Systems ◽  
Software Engineering ◽  
Systems Development ◽  
Information Systems Development ◽  
Security Engineering ◽  
Secure Systems ◽  
Development Stages ◽  
Access Control Policies ◽  
Main Components ◽  
Definition Of

Information security is currently considered to be a crucial aspect of systems development. However it has traditionally been considered during the final stages of development, once the main components of the system have been developed and therefore provides solutions which are inappropriate for security integration. Software engineering has traditionally been separated from security engineering, and security issues have not usually been included in software engineering processes, activities, techniques, models, and so on. Furthermore, security engineering has not been aligned with information systems, and has focused rather on the definition of protocols, cryptographic algorithms, access control policies, etc. However, the scientific community is beginning to realize the importance of aligning software engineering and security engineering in order to develop more secure systems. Security in software engineering is a branch of research in which many contributions dealing with security integration from the early development stages have recently appeared. This chapter discusses some of the most interesting contributions in this area, and also provides a summary of our contributions through the development of various research lines dealing with different strategies to integrate security into information systems development as early in the development stages as is possible.

Application of Verification Techniques to Security

2014 ◽  
pp. 61-70
Author(s):  
Florian Kammüller ◽  
Christian W. Probst ◽  
Franco Raimondi
Keyword(s):  
Model Checking ◽  
System Modeling ◽  
Security Analysis ◽  
Social Engineering ◽  
Current Case ◽  
Secure Systems ◽  
Insider Attack ◽  
Mechanized Verification ◽  
Verification Techniques

In this chapter, the authors give a short overview of the state of the art of formal verification techniques to the engineering of safe and secure systems. The main focus is on the support of security of real-world systems with mechanized verification techniques, in particular model checking. Based on prior experience with safety analysis—in particular the TWIN elevator (ThyssenKrupp) case study—the current case study ventures into the rising field of social engineering attacks on security. This main focus and original contribution of this chapter considers the security analysis of an insider attack illustrating the benefits of model checking with belief logics and actor system modeling.

Security Patterns

2011 ◽  
pp. 75-111 ◽  
Author(s):  
Armstrong Nhlabatsi ◽  
Arosha Bandara ◽  
Shinpei Hayashi ◽  
Charles Haley ◽  
Jan Jurjens ◽  
...  
Keyword(s):  
Security Analysis ◽  
Research Area ◽  
Security Requirements ◽  
Software Systems ◽  
Security Patterns ◽  
Secure Systems ◽  
Modeling Approaches ◽  
Security Pattern ◽  
Security Modeling ◽  
Active Research

Addressing the challenges of developing secure software systems remains an active research area in software engineering. Current research efforts have resulted in the documentation of recurring security problems as security patterns. Security patterns provide encapsulated solutions to specific security problems and can be used to build secure systems by designers with little knowledge of security. Despite this benefit, there is lack of work that focus on evaluating the capabilities of security analysis approaches for their support in incorporating security analysis patterns. This chapter presents evaluation results of a study we conducted to examine the extent to which constructs provided by security requirements engineering approaches can support the use of security patterns as part of the analysis of security problems. To achieve this general objective, the authors used a specific security pattern and examined the challenges of representing this pattern in some security modeling approaches. The authors classify the security modeling approaches into two categories: problem and solution and illustrate their capabilities with a well-known security patterns and some practical security examples. Based on the specific security pattern they have used our evaluation results suggest that current approaches to security engineering are, to a large extent, capable of incorporating security analysis patterns.

Sign in / Sign up

Export Citation Format

Share Document