Personal tools
You are here: Home Events Abstract Archives 2001 Secure Systems Design with UML

Secure Systems Design with UML

Jan Jürjens University of Oxford 4pm Tuesday 26 June 2001 Room 2511, JCMB, King's Buildings

Designing security-critical systems correctly is very difficult. Many published designs of system components (such as security protocols) have been found to contain flaws (often years later).

We propose to use a fragment of UML together with a formal semantics to specify security-critical systems precisely and to evaluate the specification wrt security requirements.

Benefits of the approach include: - security requirements or assumptions on system components can be expressed conveniently using the UML extension mechanisms - through its different kinds of diagrams UML offers views on different security-relevant aspects of the system (e.g. physical layer, security management) - UML is more widely used by developers than "traditional" formal specification languages.

In this talk I give an overview of the work along these lines presented at FASE'01, IFIP SEC'01, IWSecP'01 and VIS'01.

Document Actions