Developing High-Assurance Secure Systems with UML: A Smartcard-Based Purchase Protocol

H
HASE
2004
Eighth IEEE International Symposium on High Assurance Systems Engineering (HASE'04)
Abstract - Developing High-Assurance Secure Systems with UML: A Smartcard-Based Purchase Protocol

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Jan Jürjens

Eighth IEEE International Symposium on High Assurance Systems Engineering (HASE'04)

Tampa, Florida

March 25-March 26

ISBN: 0-7695-2094-4

	ASCII Text	x
	Jan Jürjens, "Developing High-Assurance Secure Systems with UML: A Smartcard-Based Purchase Protocol," High-Assurance Systems Engineering, IEEE International Symposium on, pp. 231-240, Eighth IEEE International Symposium on High Assurance Systems Engineering (HASE'04), 2004.

	BibTex	x
	@article{ 10.1109/HASE.2004.1281747, author = {Jan Jürjens}, title = {Developing High-Assurance Secure Systems with UML: A Smartcard-Based Purchase Protocol}, journal ={High-Assurance Systems Engineering, IEEE International Symposium on}, volume = {0}, year = {2004}, issn = {1530-2059}, pages = {231-240}, doi = {http://doi.ieeecomputersociety.org/10.1109/HASE.2004.1281747}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - High-Assurance Systems Engineering, IEEE International Symposium on TI - Developing High-Assurance Secure Systems with UML: A Smartcard-Based Purchase Protocol SN - 1530-2059 SP231 EP240 A1 - Jan Jürjens, PY - 2004 KW - high assurance systems KW - security software engineering KW - security engineering KW - security verification KW - formal methods in security KW - security evaluation KW - security models KW - cryptographic protocols KW - electronic purses VL - 0 JA - High-Assurance Systems Engineering, IEEE International Symposium on ER -

Jan Jürjens, Technical University at München

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/HASE.2004.1281747

Developing high-assurance security-critical systems is difficult and there are many well-known examples of security weaknesses exploited in practice. Thus a sound methodology supporting secure systems development is urgently needed.

Our aim is to aid the task of developing security-critical systems in an approach based on the notation of the Unified Modeling Language (UML).

Towards this aim, we use an extension of UML, called UMLsec, that allows expressing security-relevant information within the diagrams in a system-specification. We present tool-support which has been developed for the UMLsec approach. We apply UMLsec to the example of an electronic purse protocol proposed as a global standard. We demonstrate how to detect some vulnerabilities using our approach, suggest improvements, and show that the improved protocol is secure in a precise sense, by using a tool that implements a formal semantics of a simplified fragment of UML.

Index Terms:

high assurance systems, security software engineering, security engineering, security verification, formal methods in security, security evaluation, security models, cryptographic protocols, electronic purses

Citation:

Jan Jürjens, "Developing High-Assurance Secure Systems with UML: A Smartcard-Based Purchase Protocol," hase, pp.231-240, Eighth IEEE International Symposium on High Assurance Systems Engineering (HASE'04), 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.