UNDERSTANDING AND COMMUNICATING IT SECURITY SPECIFICATIONS WITH UML-Reference-Cited by-同舟云学术

UNDERSTANDING AND COMMUNICATING IT SECURITY SPECIFICATIONS WITH UML

Published:2005-12 Issue:06 Volume:15 Page:923-940
ISSN:0218-1940
Container-title:International Journal of Software Engineering and Knowledge Engineering
language:en
Short-container-title:Int. J. Soft. Eng. Knowl. Eng.

Author:

LEIWO JUSSIPEKKA¹,VIRTANEN TEEMU-PEKKA²

Affiliation:

1. Nanyang Technological University, School of Computer Engineering, Nanyang Avenue Block N4, Singapore 639798, Singapore

2. Helsinki University of Technology, Telecommunications Software and Multimedia Laboratory, P.O. Box 5400, FIN-02015 HUT, Finland

Abstract

Security specifications of IT products and systems are inherently complex and may subject products to semantic threats due to misunderstanding of key aspects of security objectives by developers, customers and end users. A study is conducted on expressing the security specifications by specially interpreted UML use case diagrams to avoid misunderstanding by peer groups, i.e. to prevent semantic threats at the development phase through improved comprehension of security specifications. We base our results on engineering frameworks for comprehensive security and demonstrate the need for improved communication by concrete examples of semantic threats. The threats result from the use of complex textual artifacts as a means of communicating the security requirements. We demonstrate the use of a diagrammatic technique for expressing and communicating security specifications in a less ambiguous manner and illustrate how the technique assists in communication.

Publisher

World Scientific Pub Co Pte Lt

Subject

Artificial Intelligence,Computer Graphics and Computer-Aided Design,Computer Networks and Communications,Software

Link

https://www.worldscientific.com/doi/pdf/10.1142/S0218194005002580

Reference6 articles.

1. Information systems security design methods