Developing Secure Software Using UML Patterns

Abstract

This chapter presents a security engineering process based on UML security problem frames and concretized UML security problem frames. Both kinds of frames constitute patterns for analyzing security problems and associated solution approaches. They are arranged in a pattern system that makes dependencies between them explicit. The authors describe step-by-step how the pattern system can be used to analyze a given security problem and how solution approaches can be found. Then, solution approaches are specified by generic security components and generic security architectures, which constitute architectural patterns. Finally, the generic security components and the generic security architecture that composes them are refined, and the result is a secure software product built from existing and/or tailor-made security components.

Key Terms in this Chapter

Concretized Security Problem Frames: Problem frames describing security problems with a generic solution mechanism.

UML: Unified modeling language, defined by the Object Management Group, defines diagrams to specify structure and behavior of software systems.

Security Components: Parts of a software, their purpose is to solve security problems.

Security Requirements Engineering: Activity of a software engineer in the software engineering analysis phase.

Security Architecture: Architecture of a software considering the security requirements.

Security Problem Frames: Problem frames describing security problems without anticipating a solution.

Problem Frames: Patterns for the software engineering analysis phase.

OCL: Object constraint language, defined by the Object Management Group, used to specify constraints on UML diagrams.