Paper Info
Title
Uml-Based Modeling And Analysis Of Security Threats
Abstract
Poor design has been a major source of software security problems. Rigorous and designer-friendly methodologies for modeling and analyzing secure software are highly desirable. A formal method for software development, however, often suffers from a gap between the rigidity of the method and the informal nature of system requirements. To narrow this gap, this paper presents a UML-based framework for modeling and analyzing security threats (i.e. potential security attacks) rigorously and visually. We model the intended functions of a software application with UML statechart diagrams and the security threats with sequence diagrams, respectively. Statechart diagrams are automatically converted into a graph transformation system, which has a well-established theoretical foundation. Method invocations in a sequence diagram of a security threat are interpreted as a sequence of paired graph transformations. Therefore, the analysis of a security threat is conducted through simulating the state transitions from an initial state to a final state triggered by method invocations. In our approach, designers directly work with UML diagrams to visually model system behaviors and security threats while threats can still be rigorously analyzed based on graph transformation.
Year
DOI
Venue
2010
10.1142/S0218194010004980
INTERNATIONAL JOURNAL OF SOFTWARE ENGINEERING AND KNOWLEDGE ENGINEERING
Keywords
Field
DocType
Graph transformation, visual modeling and analysis, security threats
Data mining,Sequence diagram,UML state machine,Unified Modeling Language,Systems engineering,Computer science,Software security assurance,Applications of UML,Graph rewriting,Software development,Computer security model
Journal
Volume
Issue
ISSN
20
6
0218-1940
Citations 
PageRank 
References 
6
0.49
21
Authors
3
Name
Order
Citations
PageRank
Jun Kong123729.70
Dianxiang Xu279073.83
Xiaoqin Zeng340732.97