29th International Conference on Software Engineering (ICSE'07) Model-Based Security Engineering of Distributed Information Systems Using UMLsec Minneapolis, Minnesota May 20-May 26 ISBN: 0-7695-2828-7
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICSE.2007.55
Given the explosive growth of digitally stored information in modern enterprises, distributed information systems together with search engines are increasingly used in companies. By enabling the user to search all relevant information sources with one single query, however, crucial risks concerning information security arise. In order to make these applications secure, it is not sufficient to penetrate-and- patch past system development, but security analysis has to be an integral part of the system design process for such distributed information systems. This work presents the experiences and results of the security analysis of a search engine in the intranet of a German car manufacturer, by making use of an approach to Model-based Security Engineering that is based on the UML extension UMLsec. The focus lies on the application?s single-sign-on-mechanism, which was analyzed using the UMLsec method and tools. Main results of the paper include a field report on the employment of the UMLsec method in an industrial context as well as indications on its benefits and limitations.
Citation:
Bastian Best, Jan Jurjens, Bashar Nuseibeh, "Model-Based Security Engineering of Distributed Information Systems Using UMLsec," icse, pp.581-590, 29th International Conference on Software Engineering (ICSE'07), 2007 Usage of this product signifies your acceptance of the Terms of Use. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb