Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Supporting security assurance in the context of evolution: Modular modeling and analysis with UMLsec

: Ruhroth, T.; Jürjens, J.


Winter, V. ; Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society:
IEEE 14th International Symposium on High-Assurance Systems Engineering, HASE 2012. Proceedings : 25-27 October 2012, Omaha, Nebraska
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2012
ISBN: 978-1-4673-4742-6 (Print)
ISBN: 978-0-7695-4912-5
International Symposium on High-Assurance Systems Engineering (HASE) <14, 2012, Omaha/Nebraska>
Fraunhofer ISST ()

Developing security-critical software correctly and securely is difficult. To address this problem, there has been a significant amount of work over the last 10 years on providing model-based development approaches based on the Unified Modeling Language which aim to raise the trustworthiness of security-critical systems. However, the fact that software continues to evolve on an ongoing basis, even after the implementation has been shipped to the customer, increases the challenge since in principle, the software has to be reverified after each modification, requiring significant efforts. In particular, as part of the system evolution, the threat model can change against which the design has to be verified. This requires a modular approach to security assurance, since the threat model has to be substituted independently from the design model. In this paper, we present such an approach based on the extension mechanisms available for the Unified Modeling Language (UML), in particular using so-called profiles. This modular approach allows us to define analysis models which can be exchanged easily whenever the threat model changes due to system evolution. We demonstrate the approach in the face of a specific security requirement, namely secure information flow.