DocumentCode
3224933
Title
Modeling Input Validation in UML
Author
Hayati, Pedram ; Jafari, Nastaran ; Rezaei, S. Mohammad ; Sarenche, Saeed ; Potdar, Vidyasagar
Author_Institution
Inst. for Adv. Studies in Basic Sci., Zanjan
fYear
2008
fDate
26-28 March 2008
Firstpage
663
Lastpage
672
Abstract
Security is an integral part of most software systems but it is not considered as an explicit part in the development process yet. Input validation is the most critical part of software security that is not covered in the design phase of software development life-cycle resulting in many security vulnerabilities. Our objective is to extend UML to new integrated framework for model driven security engineering leading to ideal way to design more secure software. Input validation in UML has not been addressed previously, hence we incorporate input validation into UML diagrams such as use case, class, sequence and activity. This approach has some advantages such as preventing from common input tampering attacks, having both security and convenience in software at high level of abstraction and ability of solving the problem of weak security background for developers.
Keywords
Unified Modeling Language; program verification; software engineering; UML; input tampering attacks; input validation; software systems security; Application software; Data security; Information security; Internet; Power engineering and energy; Power system security; Programming; Software design; Software systems; Unified modeling language; Input validation; Object Constraint Language; Software engineering; Software security; Unified Modeling Language;
fLanguage
English
Publisher
ieee
Conference_Titel
Software Engineering, 2008. ASWEC 2008. 19th Australian Conference on
Conference_Location
Perth, WA
ISSN
1530-0803
Print_ISBN
978-0-7695-3100-7
Type
conf
DOI
10.1109/ASWEC.2008.4483260
Filename
4483260
Link To Document