PublicaHier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.
Incremental security verification for evolving UMLsec models
Modelling foundations and applications. 7th European Conference, ECMFA 2011 : Birmingham, UK, June 6-9, 2011; proceedings
Berlin: Springer, 2011 (Lecture Notes in Computer Science 6698)
|European Conference on Modelling Foundations and Applications (ECMFA) <7, 2011, Birmingham>|
|Fraunhofer ISST ()|
There exists a substantial amount of work on methods, techniques and tools for developing security-critical systems. However, these approaches focus on ensuring that the security properties are enforced during the initial system development and they usually have a significant cost associated with their use (in time and resources). In order to enforce that the systems remain secure despite their later evolution, it would be infeasible to re-apply the whole secure software development methodology from scratch. This work presents results towards addressing this challenge in the context of the UML security extension UMLsec. We investigate the security analysis of UMLsec models by means of a change-specific notation allowing multiple evolution paths and sound algorithms supporting the incremental verification process of evolving models. The approach is validated by a tool implementation of these verification techniques that extends the existing UMLsec tool support.