Abstract | ||
---|---|---|
Given the explosive growth of digitally stored information in modern enterprises, distributed information systems together with search engines are increasingly used in companies. By enabling the user to search all relevant information sources with one single query, however, crucial risks concerning information security arise. In order to make these applications secure, it is not sufficient to penetrate-and- patch past system development, but security analysis has to be an integral part of the system design process for such distributed information systems. This work presents the experiences and results of the security analysis of a search engine in the intranet of a German car manufacturer, by making use of an approach to Model-based Security Engineering that is based on the UML extension UMLsec. The focus lies on the application's single-sign-on-mechanism, which was analyzed using the UMLsec method and tools. Main results of the paper include a field report on the employment of the UMLsec method in an industrial context as well as indications on its benefits and limitations. |
Year | DOI | Venue |
---|---|---|
2007 | 10.1109/ICSE.2007.55 | ICSE |
Keywords | Field | DocType |
information systems,relevant information source,model-based security engineering,umlsec method,information system,german car manufacturer,security analysis,system design process,past system development,information security,search engine,system analysis and design,information analysis,concolic testing,security engineering,system design,search engines,distributed processing,explosives,unified modeling language | Information system,UMLsec,Software engineering,Unified Modeling Language,Systems engineering,Security engineering,Computer science,Intranet,Information security,Security analysis,Concolic testing | Conference |
ISSN | ISBN | Citations |
0270-5257 | 0-7695-2828-7 | 27 |
PageRank | References | Authors |
1.35 | 7 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Bastian Best | 1 | 27 | 1.69 |
Jan Jurjens | 2 | 169 | 16.07 |
Bashar Nuseibeh | 3 | 4201 | 347.16 |