UMLintr: a UML profile for specifying intrusions

Specifications of non-functional requirements (NFR) such as security, safety, usability are as important as specification of functional requirements (FR). Non conformance to some NFR may render the whole software useless. There are many difficulties associated with the representation of NFR and the complexity of their subsequent validation. The main objective of this work is towards incorporating an important aspect of NFR, i.e., security from the very beginning of a software development process. In this paper, a framework is presented for specifying intrusion scenarios in the Unified Modeling Language (UML). We describe a UML profile called UMLintr (UML for intrusion specifications) that allows developers to specify intrusions using UML notations extended to suit the context of intrusion scenarios. The framework utilizes the expressiveness of UML and eliminates the need of using attack languages that are proposed only to describe attack scenarios. Since developers do not need to learn a separate language to describe attacks, the task of specifying intrusion scenarios becomes much easier. This approach also helps to avoid conflicting (e.g., security vs. usability), ambiguous, and redundant requirements. Examples are provided to show the usage of the proposed UML profile