Model-Based Security Engineering of Distributed Information Systems Using UMLsec

Given the explosive growth of digitally stored information in modern enterprises, distributed information systems together with search engines are increasingly used in companies. By enabling the user to search all relevant information sources with one single query, however, crucial risks concerning information security arise. In order to make these applications secure, it is not sufficient to penetrate- and-patch past system development, but security analysis has to be an integral part of the system design process for such distributed information systems. This work presents the experiences and results of the security analysis of a search engine in the intranet of a German car manufacturer, by making use of an approach to model-based security engineering that is based on the UML extension UMLsec. The focus lies on the application´s single-sign-on-mechanism, which was analyzed using the UMLsec method and tools. Main results of the paper include afield report on the employment of the UMLsec method in an industrial context as well as indications on its benefits and limitations.