Title :
Model-based security analysis for mobile communications
Author :
Jurjens, Jan ; Schreck, Jörg ; Bartmann, Peter
Author_Institution :
Open Univ., Milton Keynes
Abstract :
Mobile communication systems are increasingly used in companies. In order to make these applications secure, the security analysis has to be an integral part of the system design and IT management process for such mobile communication systems. This work presents the experiences and results from the security analysis of a mobile system architecture at a large German telecommunications company, by making use of an approach to model-based security engineering that is based on the UML extension UMLsec. The focus lies on the security mechanisms and security policies of the mobile applications which were analyzed using the UMLsec method and tools. Main results of the paper include a field report on the employment of the UMLsec method in an industrial telecommunications context as well as indications of its benefits and limitations.
Keywords :
mobile communication; telecommunication security; German telecommunications company; IT management process; UML extension; UMLsec; industrial telecommunications context; mobile communications; mobile system architecture; model-based security analysis; model-based security engineering; Application software; Communication industry; Communication system security; Information analysis; Information security; Mobile communication; Permission; Software engineering; System analysis and design; Unified modeling language; mobile telecommunication systems; model-based software engineering; uml; umlsec;
Conference_Titel :
Software Engineering, 2008. ICSE '08. ACM/IEEE 30th International Conference on
Conference_Location :
Leipzig
Print_ISBN :
978-1-4244-4486-1
Electronic_ISBN :
0270-5257
DOI :
10.1145/1368088.1368186
