Gesellschaft für Informatik e.V.

Lecture Notes in Informatics

Software Engineering 2016 P-252, 91-92 (2016).

Gesellschaft für Informatik, Bonn

Copyright © Gesellschaft für Informatik, Bonn


Umlchange - specifying model changes to support security verification of potential evolution

Sven Wenzel , Daniel Poggenpohl , Jan Jürjens and Martín Ochoa


Security certification of complex systems requires a high amount of effort. As a particular challenge, today's systems are increasingly long-living and subject to continuous change. After each change of some part of the system, the whole system needs to be re-certified from scratch (since security properties are not in general modular), which is usually far too much effort. We present a tool-supported approach for security certification that minimizes the amount of effort necessary in the case of re-certification after change. It is based on an approach for model-based development of secure software which makes use of the security extension UMLsec of the Unified Modeling Language (UML). It allows the user to integrate security requirements such as secure information flow and audit security into a system design model, it supported by a security verification tool chain, and has been applied to a number of industrial applications.

Full Text: PDF

Gesellschaft für Informatik, Bonn
ISBN 978-3-88579-646-6

Last changed 25.02.2016 18:39:18