Security-critical system development with extended use cases

Due to increasing interconnection, IT systems are confronted with more and more attacks. To address this problem, we have to consider security requirements from the beginning of the system development. In early phases of system development, it is common to use a hybrid system view which is based on...

Full description

Saved in:
Bibliographic Details
Main Authors: Popp, G., Jurjens, J., Wimmel, G., Breu, R.
Format: Conference Proceeding
Language:English
Subjects:
Computer aided software engineering
Context modeling
Contracts
Data security
LAN interconnection
Object oriented modeling
Programming
Software engineering
Unified modeling language
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Due to increasing interconnection, IT systems are confronted with more and more attacks. To address this problem, we have to consider security requirements from the beginning of the system development. In early phases of system development, it is common to use a hybrid system view which is based on an object oriented modeling of the application core and the specification of use cases. We present an extension of this process for security-critical systems. We show a methodical approach for the development of security-critical systems and the modeling of security aspects in the application core with an extension of the Unified Modeling Language for secure systems development, UMLsec. Furthermore, we introduce security use cases for the development of security aspects in conjunction with behavioral modeling.
DOI:10.1109/APSEC.2003.1254403