Model Based Security with

1. Model Based Security with UMLsec Pankaj Chechani 005240093

2. Agenda • Approach for secure software • Security requirements provided by UMLsec • UML Extension Mechanism • UMLsec Analysis • Conclusion

3. Approach for secure software • Penetrate-and-Patch • insecure, delay, annoying • Formal verification • Very expensive • Security at design time

4. Security requirements provided by UMLsec • Fair Exchange • Secure Information Flow • Secure Communication Link • Role-based Access Control • Authenticity

5. Uml extension mechanism “Light-Weight” Extension Mechanism • Constrains • Properties that have to hold • {xor} • Tagged values • Describe properties of model elements • {username=“abc”, pass =“xyz”} • Stereotypes “Lots of” constraints and tagged values • Class + <<interface>> = Interface

6. Example <<secure link>>[1] • Security requirements • dependency stereotypes • Physical layer • link stereotypes • Communication partners • Node stereotypes

7. <<secure links>>

8. UMLsec Analysis • Two popular approaches: • Formulate requirements with a special logic • Use term-algebra Ref: [2] • UMLsec follows term-algebra approach • Both are quite successful

9. Cont… • Term algebra generated by Variables, Keys and Data • Operations: • _::_(concatenation), • Head(_) and Tail (_), • {_}_ (encryption), • Dec_{_} (decryption), Ref:[1] & [3] • Equations(some): Deck-1 ({E}K) = E (for K E Keys), ExtK (SignK-1(E)) = E(for K E Keys). Ref:[1] & [3]

10. Conclusion • UMLsec provide security at design phase • Automatisms security analysis by tool support • Concentrates on data security, e-commerce scenarios, protocols • UMLsec itself is extensible

11. Reference [1] Jan Jurjens, TU Munich: UMLsec - Presenting the Profile [2] Jan Jurjens, Secure System Development With UML [3]Matthias Wurm, Seminar Advanced System: Development of Secure Systems with UMLsec [4] Joe Combs, 15 Feb 2006: Discussing “Developing Secure Systems with UMLSec”

12. Thank you