Title :
Developing secure networked Web-based systems using model-based risk assessment and UMLsec
Author :
Houmb, Siv Hilde ; Jürjens, Jan
Abstract :
Despite a growing awareness of security issues in networked computing systems, most development processes used today still do not take security aspects into account. To address this problem, we designed a process for developing secure networked systems based on the extension of the Unified Modeling Language (UML) for secure systems development UMLsec and on the concept of model-based risk assessment (MBRA). Enterprise information such as security policies, business goals, policies and processes are supported through activities in the model-based integrated development process. These are then refined to security requirements at a more technical level, which can be expressed using UMLsec, and which can be analysed mechanically using the tool-support for UMLsec.
Keywords :
Internet; risk management; security of data; software tools; specification languages; UMLsec; Unified Modeling Language; model-based integrated development process; model-based risk assessment; secure networked Web-based system development; secure networked computing system; Computer networks; Computer security; Data security; Information science; Information security; Operating systems; Risk management; Systems engineering and theory; Unified modeling language; Usability;
Conference_Titel :
Software Engineering Conference, 2003. Tenth Asia-Pacific
Print_ISBN :
0-7695-2011-1
DOI :
10.1109/APSEC.2003.1254404
