To be able to achieve security assurance for services, which run on large and complex communication infrastructures, support tools are needed. Such tools need a representations of the infrastructure that enables and provides security assurance. In this paper we suggest an assurance modeling profile for UML 2.0. The profile contains stereotypes that define assurance-relevant object types as observed and unobserved assurance-relevant infrastructure items or metrics. In addition, the model defines information relevant for the aggregation of assurance, to allow an assurance value for a service to be derived from its underlying infrastructure. Our modeling approach starts from a service-oriented flow model and stepwise refines the topology and hierarchy view of the infrastructure involved in the service. To validate our approach we model a voice-over-IP service and show how the approach satisfies initially stated requirements
[1]
Jan Jürjens,et al.
Secure systems development with UML
,
2004
.
[2]
Ioannis Lambadaris,et al.
Current Trends and Advances in Information Assurance Metrics
,
2004,
Conference on Privacy, Security and Trust.
[3]
Viktor Mikhaĭlovich Glushkov,et al.
An Introduction to Cybernetics
,
1957,
The Mathematical Gazette.
[4]
Rayford B. Vaughn,et al.
Information assurance measures and metrics - state of practice and proposed taxonomy
,
2003,
36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.
[5]
Ivar Jacobson,et al.
The Unified Modeling Language User Guide
,
1998,
J. Database Manag..