Request It Save to My Lists Export Return to Browse
     
Limit search to available items
Previous Record Next Record
  Permalink    
Book Cover
Book
Author Jürjens, Jan.

Title Secure systems development with UML / Jan Jürjens
Published Berlin ; London : Springer, 2005

Copies

Location Call no. Vol. Availability
 W'PONDS  005.117 Uml Jur/Ssd  AVAILABLE
Description xix, 309 pages : illustrations ; 25 cm
Contents Machine derived contents note: Part I Prologue -- 1 Introduction 3 -- 1.1 Overview 9 -- 1.2 Outline 12 -- 1.3 How to Use this Book 13 -- 2 Walk-through: Using UML for Security 15 -- 2.1 Security Requirements Capture with Use Case Diagrams 16 -- 2.2 Secure Business Processes with Activity Diagrams 16 -- 2.3 Physical Security Using Deployment Diagrams 17 -- 2.4 Security-Critical Interaction with Sequence Diagrams 18 -- 2.5 Secure States Using Statechart Diagrms 20 -- 3 Background 21 -- 3.1 Security Engineering 21 -- 3.2 Unified Modeling Language 24 -- 3.2.1 Use Case Diagrams 25 -- 3.2.2 Class Diagrams 26 -- 3.2.3 Statechart Diagrams 26 -- 3.2.4 Sequence Diagrams 28 -- 3.2.5 Activity Diagrams 30 -- 3.2.6 Deployment Diagrams 30 -- 3.2.7 Subsystems 31 -- 3.2.8 UML Extension Mechanisms 32 -- 3.3 Analyzing UML Models. 34 -- 3.3.1 Notation 34 -- 3.3.2 Outline of Formal Semantics 35 -- 3.3.3 Modeling Cryptography 36 -- 3.3.4 Security Analysis of UML Diagrams 38 -- 3.3.5 Important Security Properties 41 -- -- -- -- Part II Developing Secure Systems -- 4 Model-based Security Engineering with UML 49 -- 4.1 UMLsec Profile 49 -- 4.1.1 Requirements on a UML Extension for Development -- of Security-Critical Systems 49 -- 4.1.2 The Extension 50 -- 4.1.3 Addressing the Requirements 66 -- 4.2 Design Principles for Secure Systems 68 -- 4.3 Applying Security Patterns 70 -- 4.4 Notes 72 -- 4.5 Discussion 73 -- 5 Applications 75 -- 5.1 Secure Channels 75 -- 5.2 A Variant of the Internet Protocol TLS 80 -- 5.3 Common Electronic Purse Specifications 88 -- 5.3.1 Purchase Transaction 90 -- 5.3.2 Load Transaction 99 -- 5.4 Developing Secure Java Programs 118 -- 5.4.1 Access Control in Java 118 -- 5.4.2 Design Process 120 -- 5.4.3 Example: Financial Application 122 -- 5.5 Further Applications 125 -- 5.5.1 Modeling and Verification of a Bank Application 125 -- 5.5.2 Biometric Authentication System 127 -- 5.5.3 Automotive Emergency Application 127 -- 5.5.4 German Electronic Health Card 128 -- 5.5.5 Electronic Purse for the Oktoberfest 128 -- 5.5.6 Electronic Signature Architecture in Insurance -- Companies 128 -- 5.6 Notes 129 -- 5.7 Discussion 129 -- Part III Tool Support -- 6 Tool support for UMLsec 133 -- 6.1 Extending UML CASE Tools with Analysis Tools 133 -- 6.1.1 Meta-Object Facility (MOF) 134 -- 6.1.2 XML-Based Data-Binding with MDR 136 -- 6.2 Automated Tools for UMLsec 137 -- 6.2.1 Tool Functionality 137 -- 6.2.2 Implementation Details 139 -- -- -- -- 6.2.3 Model-Checking UMLsec Specifications 141 -- 6.2.4 Automated Theorem Proving 142 -- 6.2.5 Prolog-Based Attack Generation 142 -- 6.3 Linking Models to Runtime Data: SAP R/3 Permissions 142 -- 6.3.1 Automated Analysis of Security Rules 144 -- 6.3.2 Instance Data 147 -- 6.3.3 Evaluating Rules 151 -- 6.4 Linking Models to Code 155 -- 6.4.1 Test-Sequence Generation 155 -- 6.4.2 Code Generation and Code Analysis 158 -- 6.5 Notes 158 -- 6.6 Discussion 5 159 -- 7 A Formal Foundation 161 -- 7.1 UML Machines 161 -- 7.2 UML Machine Systems 169 -- 7.3 Refinem ent 172 -- 7.4 Rely-Guarantee Specifications 176 -- 7.5 Reasoning About Security Properties 177 -- 7.5.1 Refinement 180 -- 7.5.2 Secrecy 182 -- 7.5.3 Integrity 184 -- 7.5.4 Authenticity 185 -- 7.5.5 Freshness 185 -- 7.5.6 Secure Information Flow 187 -- 7.6 Notes 188 -- 7.7 Discussion 189 -- 8 Formal Systems Development with UML 191 -- 8.1 Formal Semantics for a Fragment of UML 191 -- 8.1.1 General Concepts 194 -- 8.1.2 Class Diagrams 201 -- 8.1.3 Statechart Diagrams 202 -- 8.1.4 Sequence Diagrams 212 -- 8.1.5 Activity Diagrams 217 -- 8.1.6 Deployment Diagrams 219 -- 8.1.7 Subsystems 220 -- 8.2 Development with UML 226 -- 8.2.1 Refinement 226 -- 8.2.2 Rely-Guarantee Specifications 230 -- 8.2.3 Reasoning About Security Properties in UML 230 -- 8.3 Notes 231 -- 8.4 Discussion 233 -- -- -- -- Part IV Epilogue -- 9 Further Material 237 -- 9.1 More on the UMLsec Approach 237 -- 9.2 Other Approaches to Security Engineering 238 -- 9.2.1 Software Engineering and Security 238 -- 9.2.2 Other Approaches Using UML 238 -- 9.2.3 Formal Methods Applied to Security 240 -- 9.2.4 Other Non-functional Requirements 242 -- 10 O utlook 243 -- Part V Appendices -- A Towards UML 2.0 247 -- B The Semantics of UML Machine Rules 249 -- C Proofs 253 -- C.1 UML Machines 253 -- C.2 Refinem ent 254 -- C.3 Rely-Guarantee Specifications 256 -- C.4 Reasoning About Security Properties 257 -- C.5 Formal Systems Development with UML 262 -- C.6 Secure Channels 264 -- C.7 A Variant of the Internet Protocol TLS 265 -- C.8 Common Electronic Purse Specifications 270 -- C.8.1 Purchase Transaction 270 -- C.8.2 Load Transaction 274 -- References 277 -- Index 305
Summary The extension UMLsec of the Unified Modeling Language for secure systems development is presented in this text. The first part is accessible to anyone with a basic background on object-oriented systems. The second part covers the mathematical tools needed to use the UMLsec approach to verify UML specifications against security requirements
Notes Formerly CIP. Uk
Bibliography Includes bibliographical references and index
Notes Print version record
In Springer e-books
Subject UML (Computer science)
Computer security.
LC no. 2004112217
ISBN 3540007016 hardback
  Permalink