Ebook: Secure Systems Development with UML
Author: Jan Jürjens (auth.)
- Tags: Software Engineering, Management of Computing and Information Systems
- Year: 2005
- Publisher: Springer-Verlag Berlin Heidelberg
- Edition: 1
- Language: English
- pdf
Attacks against computer systems can cause considerable economic or physical damage. High-quality development of security-critical systems is difficult, mainly because of the conflict between development costs and verifiable correctness.
Jürjens presents the UML extension UMLsec for secure systems development. It uses the standard UML extension mechanisms, and can be employed to evaluate UML specifications for vulnerabilities using a formal semantics of a simplified fragment of UML. Established rules of security engineering can be encapsulated and hence made available even to developers who are not specialists in security. As one example, Jürjens uncovers a flaw in the Common Electronic Purse Specification, and proposes and verifies a correction.
With a clear separation between the general description of his approach and its mathematical foundations, the book is ideally suited both for researchers and graduate students in UML or formal methods and security, and for advanced professionals writing critical applications.
Attacks against computer systems can cause considerable economic or physical damage. High-quality development of security-critical systems is difficult, mainly because of the conflict between development costs and verifiable correctness.
J?rjens presents the UML extension UMLsec for secure systems development. It uses the standard UML extension mechanisms, and can be employed to evaluate UML specifications for vulnerabilities using a formal semantics of a simplified fragment of UML. Established rules of security engineering can be encapsulated and hence made available even to developers who are not specialists in security. As one example, J?rjens uncovers a flaw in the Common Electronic Purse Specification, and proposes and verifies a correction.
With a clear separation between the general description of his approach and its mathematical foundations, the book is ideally suited both for researchers and graduate students in UML or formal methods and security, and for advanced professionals writing critical applications.
Attacks against computer systems can cause considerable economic or physical damage. High-quality development of security-critical systems is difficult, mainly because of the conflict between development costs and verifiable correctness.
J?rjens presents the UML extension UMLsec for secure systems development. It uses the standard UML extension mechanisms, and can be employed to evaluate UML specifications for vulnerabilities using a formal semantics of a simplified fragment of UML. Established rules of security engineering can be encapsulated and hence made available even to developers who are not specialists in security. As one example, J?rjens uncovers a flaw in the Common Electronic Purse Specification, and proposes and verifies a correction.
With a clear separation between the general description of his approach and its mathematical foundations, the book is ideally suited both for researchers and graduate students in UML or formal methods and security, and for advanced professionals writing critical applications.
Content:
Front Matter....Pages I-XIX
Introduction....Pages 3-14
Walk-through: Using UML for Security....Pages 15-20
Background....Pages 21-46
Model-based Security Engineering with UML....Pages 49-74
Applications....Pages 75-130
Tool support for UMLsec....Pages 133-160
A Formal Foundation....Pages 161-189
Formal Systems Development with UML....Pages 191-233
Further Material....Pages 237-242
Outlook....Pages 243-244
Back Matter....Pages 245-309
Attacks against computer systems can cause considerable economic or physical damage. High-quality development of security-critical systems is difficult, mainly because of the conflict between development costs and verifiable correctness.
J?rjens presents the UML extension UMLsec for secure systems development. It uses the standard UML extension mechanisms, and can be employed to evaluate UML specifications for vulnerabilities using a formal semantics of a simplified fragment of UML. Established rules of security engineering can be encapsulated and hence made available even to developers who are not specialists in security. As one example, J?rjens uncovers a flaw in the Common Electronic Purse Specification, and proposes and verifies a correction.
With a clear separation between the general description of his approach and its mathematical foundations, the book is ideally suited both for researchers and graduate students in UML or formal methods and security, and for advanced professionals writing critical applications.
Content:
Front Matter....Pages I-XIX
Introduction....Pages 3-14
Walk-through: Using UML for Security....Pages 15-20
Background....Pages 21-46
Model-based Security Engineering with UML....Pages 49-74
Applications....Pages 75-130
Tool support for UMLsec....Pages 133-160
A Formal Foundation....Pages 161-189
Formal Systems Development with UML....Pages 191-233
Further Material....Pages 237-242
Outlook....Pages 243-244
Back Matter....Pages 245-309
....