论文信息 - Weaving security aspects into UML 2.0 design models

Weaving security aspects into UML 2.0 design models

Security plays a predominant role in software engineering. Nowadays, security solutions are generally added to existing software either as an afterthought, or manually injected into software applications. However, given the complexity and pervasiveness of today's software systems, the current practices might not be completely satisfactory. In most cases, security features remain scattered and tangled throughout the entire software, resulting in complex applications that are hard to understand and maintain. In this paper, we propose an aspect-oriented modeling approach to systematically integrate security solutions into software during the early phases of the software development life cycle. First, we present the security design weaving approach, as well as the UML profile needed for specifying security aspects. Then, we illustrate the approach through an example for injecting the design-level security aspects into base models.

[1] Jan Jürjens,et al. Secure systems development with UML , 2004 .

[2] Lidia Fuentes,et al. Designing and Weaving Aspect-Oriented Executable UML Models , 2007, J. Object Technol..

[3] Alan O. Freier,et al. The SSL Protocol Version 3.0 , 1996 .

[4] Valentin Goranko,et al. Logic in Computer Science: Modelling and Reasoning About Systems , 2007, J. Log. Lang. Inf..

[5] Iris Groher,et al. XWeave: models and aspects in concert , 2007, AOM@AOSD.

[6] Indrakshi Ray,et al. An aspect-based approach to modeling access control concerns , 2004, Inf. Softw. Technol..

[7] Jaime A. Pavlich-Mariscal,et al. Enhancing UML to Model Custom Security Aspects [ Position Paper ] , 2007 .

[8] Jeffrey G. Gray,et al. Aspect Composition in the Motorola Aspect-Oriented Modeling Weaver , 2007, J. Object Technol..

[9] Alan O. Freier,et al. SSL Protocol Version 3.0 Internet Draft , 1996 .