ABSTRACT
Mobile communication systems are increasingly used in companies. In order to make these applications secure, the security analysis has to be an integral part of the system design and IT management process for such mobile communication systems. This work presents the experiences and results from the security analysis of a mobile system architecture at a large German telecommunications company, by making use of an approach to Model-based Security Engineering that is based on the UML extension UMLsec. The focus lies on the security mechanisms and security policies of the mobile applications which were analyzed using the UMLsec method and tools. Main results of the paper include a field report on the employment of the UMLsec method in an industrial telecommunications context as well as indications of its benefits and limitations.
- A. Apvrille and M. Pourzandi. Secure software development by example. IEEE Security & Privacy, 3(4):10--17, 2005. Google ScholarDigital Library
- B. Best, J. Jürjens, and B. Nuseibeh. Model-based security engineering of distributed information systems using UMLsec. In 29th International Conference on Software Engineering (ICSE 2007), pages 581--590. ACM, 2007. Google ScholarDigital Library
- J. Grünbauer, H. Hollmann, J. Jürjens, and G. Wimmel. Modelling and verification of layered security-protocols: A bank application. In SAFECOMP 2003, LNCS. Springer, 2003.Google ScholarCross Ref
- J. Jürjens. Secure Systems Development with UML. Springer, 2004.Google ScholarDigital Library
- J. Jürjens. Sound methods and effective tools for model-based security engineering with UML. In 27th Int. Conf. on Softw. Engineering (ICSE 2005). IEEE, 2005. Google ScholarDigital Library
- J. Jürjens. Model-based security engineering for real. In 14th Intern. Symposium on Formal Methods (FM 2006), volume 4085 of LNCS, pages 600--606. Springer, 2006. Industry Day Invited Paper. Google ScholarDigital Library
- J. Jürjens. Security analysis of crypto-based Java programs using automated theorem provers. In S. Easterbrook and S. Uchitel, editors, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE 2006). ACM, 2006. Google ScholarDigital Library
- J. Jürjens and P. Shabalin. Tools for secure systems development with UML. Intern. Journal on Software Tools for Technology Transfer, 2007. Google ScholarDigital Library
- D. Perry, A. Porter, and L. Votta. Empirical studies of software engineering: a roadmap. In ICSE - Future of SE Track, pages 345--355, 2000. Google ScholarDigital Library
- J. Schalken. Research methods for the empirical assessment of software processes. In The 12th Doctoral Consortium at CAiSE 05, 2005.Google Scholar
- UMLsec tool, 2001-08. http://computing-research.open.ac.uk/jj/umlsectool.Google Scholar
- M. Vetterling, G. Wimmel, and A. Wisspeintner. Secure systems development based on the Common Criteria. In 10th International Symposium on the Foundations of Software Engineering (FSE-10), pages 129--138. ACM, 2002. Google ScholarDigital Library
Index Terms
- Model-based security analysis for mobile communications
Recommendations
Automated security hardening for evolving UML models
ICSE '11: Proceedings of the 33rd International Conference on Software EngineeringDeveloping security-critical software correctly and securely is difficult. To address this problem, there has been a significant amount of work over the last 10 years on providing model-based development approaches based on the Unified Modeling Language ...
Tools for model-based security engineering: models vs. code
ASE '07: Proceedings of the 22nd IEEE/ACM International Conference on Automated Software EngineeringWe present tools to support model-based security engineering at both the model and the code level. In the approach supported by these tools, one firstly specifies the security-critical part of the system (e.g. a crypto protocol) using the UML security ...
A Meta-Model Based Approach to UML Modelling
UKSIM '08: Proceedings of the Tenth International Conference on Computer Modeling and SimulationThis paper is devoted to a meta-model based approach to UML systems modelling. The approach allows creating a system model by operating with artefacts from the problem domain, followed by generation of a UML model. The discussed approach is illustrated ...
Comments