论文信息 - Patterning Protection Profiles by UML for Security Specifications

Patterning Protection Profiles by UML for Security Specifications

A protection profile is a security specification template that defines an implementation-independent set of IT security requirements for a category of information systems. The protection profiles have also been certified to satisfy the international standard ISO/IEC 15408 security criteria. However, because the protection profiles are complicated and their classifications are not clear, they are not widely used. This paper proposes an approach to model protection profiles as UML patterns. By using the patterns, designers and developers can easily specify security issues of target systems to satisfy ISO/IEC 15408 criteria. The paper also shows how to verify specifications with the patterns by theorem-proving and model-checking technologies

Jingde Cheng | Shoichi Morimoto

[1] Jan Jürjens,et al. Secure systems development with UML , 2004 .

[2] Duminda Wijesekera,et al. authUML: a three-phased framework to analyze access control specifications in use cases , 2003, FMSE '03.

[3] Gerard J. Holzmann,et al. Implementing statecharts in PROMELA/SPIN , 1998, Proceedings. 2nd IEEE Workshop on Industrial Strength Formal Specification Techniques.

[4] David A. Basin,et al. SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[5] T. C. Ting,et al. MAC and UML for secure software design , 2004, FMSE '04.

[6] Grady Booch,et al. Object-Oriented Analysis and Design with Applications , 1990 .

[7] Sophie Dupuy-Chessa,et al. An Overview of RoZ: A Tool for Integrating UML and Z Specifications , 2000, CAiSE.

[8] Pierre Castéran,et al. Interactive Theorem Proving and Program Development , 2004, Texts in Theoretical Computer Science An EATCS Series.

[9] Fausto Giunchiglia,et al. NUSMV: A New Symbolic Model Verifier , 1999, CAV.

[10] Jingde Cheng,et al. A security specification verification technique based on the international standard ISO/IEC 15408 , 2006, SAC '06.

[11] Craig Metz,et al. A One-Time Password System , 1996, RFC.

[12] Stephan Merz,et al. Model Checking , 2000 .

[13] Ralph Johnson,et al. design patterns elements of reusable object oriented software , 2019 .