Article Preview
Top1. Introduction
The development of a software is a generally a long and complicated process. Hence software development life cycle (SDLC) consisting of different phases is followed. The UML diagrams form the backbone of SDLC in analysis and design phases. Software security is of paramount importance in this internet era. Hence the vulnerabilities, attacks and their defence mechanism are vital while developing secure software systems (Bernardi et al., 2020).
Aleem Khalid Alvi suggested the use of security patterns to provide quality security features which can be helpful to less experienced security developers also (Alvi & Zulkernine, 2021).
The Unified Modeling Language (UML) is a third generation modelling language to specify, display and document the development of a software system (Mohsin & Khan, 2019; El-Attar, 2019; Hussein & Zulkernine, 2006; Fauzan et al., 2009; Firesmith, 2003; Mai et al., 2018). UML diagrams serves as a blueprint for software developers to handle the complexity of software systems (Siewe & Al-alshuhai, 2015). These diagrams give deep insights into the functionality of a system and the operational features along with system architecture and implementation details. This leads to pinpoint security loopholes in the software system analysis (Lincke et al., 2012; Booch, 1999).
The secure software meets the criteria of confidentiality, integrity, and availability of its data, code or service. The identification of vulnerabilities and attacks at an early stage will help to build secure software. Hence incorporating security requirements at requirement and design phases become mandatory (Mohsin & Khan, 2019).
Use case diagrams, part of the UML suite of diagrams, is the forefront requirements-oriented diagram of the UML. In fact, use case modeling is arguably the most popular functional requirements modeling technique as evidenced by its widespread use by industry professionals (Faitelson & Tyszberowicz, 2017).
Mohamed El-Attar says, “The use case diagram is the only pure requirements engineering diagram type in UML”. The UML diagrams such as activity diagram, collaboration diagram, sequence diagram and state chart diagrams helps to transform behaviour of use cases to detailed design (El-Attar, 2019). Software designers are generally not much familiar with non-functional security requirements. Non-functional requirements are not often considered in use case diagram. Hence it is proposed to construct use case diagram with inclusion of functional, non-functional and quality attributes by using secure SRS model (Gedam & Meshram, 2019).
Web applications (Wei & Sia, 2005) can be developed using proposed secure 3 use case diagram in analysis phase to mitigate external and internal attacks both. Hence these attacks must be taken into account in analysis phase of web software development (McDermott & Fox, 1999). External attacks are mainly originated from public network domain where as internal attacks are system-based attacks to harm the system. The security notations and stereotypes are useful in providing security measures in use case diagram which servers as a baseline to the design phase.
The paper is organized as follows. Section 2 describes detailed literature survey of use case diagram, abuse cases, misuse cases and analysis of different types of attacks. Section 3 discusses the proposed secure 3 Use Case Diagram with security notations, implementation of Secure SRS model with CIA-AAA and algorithms to secure use case transaction. Section 4 concludes the paper.