Title :
Developing high-assurance secure systems with UML: a smartcard-based purchase protocol
Author_Institution :
Software & Syst. Eng., Technol. Univ. of Munchen, Germany
Abstract :
Developing high-assurance security-critical systems is difficult and there are many well-known examples of security weaknesses exploited in practice. Thus a sound methodology supporting secure systems development is urgently needed. Our aim is to aid the task of developing security-critical systems in an approach based on the notation of the Unified Modeling Language (UML). Towards this aim, we use an extension of UML, called UMLsec, that allows expressing security-relevant information within the diagrams in a system-specification. We present tool-support which has been developed for the UMLsec approach. We apply UMLsec to the example of an electronic purse protocol proposed as a global standard. We demonstrate how to detect some vulnerabilities using our approach, suggest improvements, and show that the improved protocol is secure in a precise sense, by using a tool that implements a formal semantics of a simplified fragment of UML.
Keywords :
cryptography; electronic commerce; protocols; safety-critical software; security of data; smart cards; specification languages; UML; UMLsec; Unified Modeling Language; cryptographic protocols; electronic purses; formal methods; formal semantics; high assurance systems; security engineering; security evaluation; security models; security software engineering; security verification; security-critical systems; system specification; Protocols; Systems engineering and theory; Unified modeling language;
Conference_Titel :
High Assurance Systems Engineering, 2004. Proceedings. Eighth IEEE International Symposium on
Print_ISBN :
0-7695-2094-4
DOI :
10.1109/HASE.2004.1281747
