Tools for model-based security engineering: models vs. code

13 years 9 months ago
Tools for model-based security engineering: models vs. code
We present tools to support model-based security engineering on both the model and the code level. In the approach supported by these tools, one firstly specifies the securitycritical part of the system (e.g. a crypto protocol) using the UML security extension UMLsec. The models are automatically verified for security properties using automated theorem provers. These are implemented within a framework that supports implementing verification routines, based on XMI output of the diagrams from UML CASE tools. Advanced users can use this open-source framework to implement verification routines for the constraints of self-defined security requirements. In a second step, one verifies that security-critical parts of the model are correctly implemented in the code (which might be a legacy implementation), and applies security hardening transformations where is that not the case. This is supported by tools that (1) establish traceability through refactoring scripts and (2) modularize se...
Jan Jürjens, Yijun Yu
Added 04 Jun 2010
Updated 04 Jun 2010
Type Conference
Year 2007
Where KBSE
Authors Jan Jürjens, Yijun Yu
Comments (0)