Turvalise tarkvara arendamine UMLsec abil
Liina Kamm, Tartu Ülikool 2004
Secure Software Development using UMLsec
In this term paper the modelling language UML, used in software engineering, and its extension UMLsec, are briefly described. UMLsec has been developed to integrate software security requirements into the early phases of analysis. Security is often not thought of until the implementation of a system, which is a problem, as the integration of security aspects in the late phases of development can cause vulnerabilities that can be used in attacks against the system.
UMLsec is an extension of UML that includes mechanisms for specifying security requirements and visualising them on diagrams. The UMLsec profile consists of constraints, tagged values and stereotypes. The profile can be used to portray the security requirements of system components and their relationships. UMLsec also gives a formal methodology with which the correspondence with security requirements can be proven. The same rules can be applied to guarantee that the requirements have been properly represented on the diagrams.
Usage of UMLsec in the early phases of development i.e. in the data and use case models, have been discussed more closely. The application of the described methodology to a sample problem has been given.
The position on the practicality of the usage of UMLsec has been stated on the bases of the solution of the sample problem.