Developing high-assurance secure systems with UML: a smartcard-based purchase protocol

Author

Jurjens, Jan

Author_Institution

Software & Syst. Eng., Technol. Univ. of Munchen, Germany

fYear

2004

fDate

25-26 March 2004

Firstpage

231

Lastpage

240

Abstract

Developing high-assurance security-critical systems is difficult and there are many well-known examples of security weaknesses exploited in practice. Thus a sound methodology supporting secure systems development is urgently needed. Our aim is to aid the task of developing security-critical systems in an approach based on the notation of the Unified Modeling Language (UML). Towards this aim, we use an extension of UML, called UMLsec, that allows expressing security-relevant information within the diagrams in a system-specification. We present tool-support which has been developed for the UMLsec approach. We apply UMLsec to the example of an electronic purse protocol proposed as a global standard. We demonstrate how to detect some vulnerabilities using our approach, suggest improvements, and show that the improved protocol is secure in a precise sense, by using a tool that implements a formal semantics of a simplified fragment of UML.

Keywords

cryptography; electronic commerce; protocols; safety-critical software; security of data; smart cards; specification languages; UML; UMLsec; Unified Modeling Language; cryptographic protocols; electronic purses; formal methods; formal semantics; high assurance systems; security engineering; security evaluation; security models; security software engineering; security verification; security-critical systems; system specification; Protocols; Systems engineering and theory; Unified modeling language;

fLanguage

English

Publisher

ieee

Conference_Titel

High Assurance Systems Engineering, 2004. Proceedings. Eighth IEEE International Symposium on

ISSN

1530-2059

Print_ISBN

0-7695-2094-4

Type

conf

DOI

10.1109/HASE.2004.1281747

Filename

1281747