Patterning Protection Profiles by UML for Security Specifications

Author

Morimoto, Shoichi ; Cheng, Jingde

Author_Institution

Dept. of Inf. & Comput. Sci., Saitama Univ.

Volume

2

fYear

2005

fDate

28-30 Nov. 2005

Firstpage

946

Lastpage

951

Abstract

A protection profile is a security specification template that defines an implementation-independent set of IT security requirements for a category of information systems. The protection profiles have also been certified to satisfy the international standard ISO/IEC 15408 security criteria. However, because the protection profiles are complicated and their classifications are not clear, they are not widely used. This paper proposes an approach to model protection profiles as UML patterns. By using the patterns, designers and developers can easily specify security issues of target systems to satisfy ISO/IEC 15408 criteria. The paper also shows how to verify specifications with the patterns by theorem-proving and model-checking technologies

Keywords

IEC standards; ISO standards; Unified Modeling Language; certification; formal specification; formal verification; information systems; object-oriented methods; security of data; theorem proving; IEC15408 standard; ISO standard; IT security requirement; UML pattern; Unified Modeling Language; certification; formal verification; information system; model checking technology; protection profile; security specification template; theorem-proving; Business; Computer security; IEC standards; ISO standards; Information security; Information systems; Internet; Protection; Sociotechnical systems; Unified modeling language;

fLanguage

English

Publisher

ieee

Conference_Titel

Computational Intelligence for Modelling, Control and Automation, 2005 and International Conference on Intelligent Agents, Web Technologies and Internet Commerce, International Conference on

Conference_Location

Vienna

Print_ISBN

0-7695-2504-0

Type

conf

DOI

10.1109/CIMCA.2005.1631590

Filename

1631590