research-article

Model-based security analysis for mobile communications

Authors:
Jan Jürjens

The Open University, Milton Keynes, United Kingdom

The Open University, Milton Keynes, United Kingdom
View Profile

,
Joerg Schreck

O2 (Germany), Munich, Germany

O2 (Germany), Munich, Germany
View Profile

,
Peter Bartmann

University of Augsburg, Augsburg, Germany

University of Augsburg, Augsburg, Germany
View Profile

ICSE '08: Proceedings of the 30th international conference on Software engineeringMay 2008Pages 683–692https://doi.org/10.1145/1368088.1368186

Published:10 May 2008Publication History

ICSE '08: Proceedings of the 30th international conference on Software engineering

Pages 683–692

ABSTRACT

Mobile communication systems are increasingly used in companies. In order to make these applications secure, the security analysis has to be an integral part of the system design and IT management process for such mobile communication systems. This work presents the experiences and results from the security analysis of a mobile system architecture at a large German telecommunications company, by making use of an approach to Model-based Security Engineering that is based on the UML extension UMLsec. The focus lies on the security mechanisms and security policies of the mobile applications which were analyzed using the UMLsec method and tools. Main results of the paper include a field report on the employment of the UMLsec method in an industrial telecommunications context as well as indications of its benefits and limitations.

References

A. Apvrille and M. Pourzandi. Secure software development by example. IEEE Security & Privacy, 3(4):10--17, 2005. Google ScholarDigital Library
B. Best, J. Jürjens, and B. Nuseibeh. Model-based security engineering of distributed information systems using UMLsec. In 29th International Conference on Software Engineering (ICSE 2007), pages 581--590. ACM, 2007. Google ScholarDigital Library
J. Grünbauer, H. Hollmann, J. Jürjens, and G. Wimmel. Modelling and verification of layered security-protocols: A bank application. In SAFECOMP 2003, LNCS. Springer, 2003.Google ScholarCross Ref
J. Jürjens. Secure Systems Development with UML. Springer, 2004.Google ScholarDigital Library
J. Jürjens. Sound methods and effective tools for model-based security engineering with UML. In 27th Int. Conf. on Softw. Engineering (ICSE 2005). IEEE, 2005. Google ScholarDigital Library
J. Jürjens. Model-based security engineering for real. In 14th Intern. Symposium on Formal Methods (FM 2006), volume 4085 of LNCS, pages 600--606. Springer, 2006. Industry Day Invited Paper. Google ScholarDigital Library
J. Jürjens. Security analysis of crypto-based Java programs using automated theorem provers. In S. Easterbrook and S. Uchitel, editors, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE 2006). ACM, 2006. Google ScholarDigital Library
J. Jürjens and P. Shabalin. Tools for secure systems development with UML. Intern. Journal on Software Tools for Technology Transfer, 2007. Google ScholarDigital Library
D. Perry, A. Porter, and L. Votta. Empirical studies of software engineering: a roadmap. In ICSE - Future of SE Track, pages 345--355, 2000. Google ScholarDigital Library
J. Schalken. Research methods for the empirical assessment of software processes. In The 12th Doctoral Consortium at CAiSE 05, 2005.Google Scholar
UMLsec tool, 2001-08. http://computing-research.open.ac.uk/jj/umlsectool.Google Scholar
M. Vetterling, G. Wimmel, and A. Wisspeintner. Secure systems development based on the Common Criteria. In 10th International Symposium on the Foundations of Software Engineering (FSE-10), pages 129--138. ACM, 2002. Google ScholarDigital Library

Index Terms

Model-based security analysis for mobile communications
1. Software and its engineering
2. Theory of computation
  1. Logic
    1. Verification by model checking

Recommendations

Automated security hardening for evolving UML models
ICSE '11: Proceedings of the 33rd International Conference on Software Engineering

Developing security-critical software correctly and securely is difficult. To address this problem, there has been a significant amount of work over the last 10 years on providing model-based development approaches based on the Unified Modeling Language ...
Read More
Tools for model-based security engineering: models vs. code
ASE '07: Proceedings of the 22nd IEEE/ACM International Conference on Automated Software Engineering

We present tools to support model-based security engineering at both the model and the code level. In the approach supported by these tools, one firstly specifies the security-critical part of the system (e.g. a crypto protocol) using the UML security ...
Read More
A Meta-Model Based Approach to UML Modelling
UKSIM '08: Proceedings of the Tenth International Conference on Computer Modeling and Simulation

This paper is devoted to a meta-model based approach to UML systems modelling. The approach allows creating a system model by operating with artefacts from the problem domain, followed by generation of a UML model. The discussed approach is illustrated ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ICSE '08: Proceedings of the 30th international conference on Software engineering
May 2008
558 pages
ISBN:9781605580791
DOI:10.1145/1368088
General Chair:
Wilhelm Schäfer
University of Paderborn
,
Program Chairs:
Matthew B. Dwyer
University of Nebraska
,
Volker Gruhn
University of Leipzig
Copyright © 2008 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 10 May 2008
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
mobile telecommunication systems
model-based software engineering
uml
umlsec
Qualifiers
- research-article
Conference

Acceptance Rates
ICSE '08 Paper Acceptance Rate56of370submissions,15%Overall Acceptance Rate276of1,856submissions,15%
More

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 34
  Total Citations
  View Citations
- 1,528
  Total Downloads
- Downloads (Last 12 months)5
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Model-based security analysis for mobile communications

ICSE '08: Proceedings of the 30th international conference on Software engineering

ABSTRACT

References

Cited By

Index Terms

Recommendations

Automated security hardening for evolving UML models

Tools for model-based security engineering: models vs. code

A Meta-Model Based Approach to UML Modelling