Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Security Protocols

Security Protocols 2001: Security Protocols pp 95–101Cite as

Encapsulating Rules of Prudent Security Engineering

(Position Paper)

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2467))

Abstract

In practice, security of computer systems is compromised most often not by breaking dedicated mechanisms (such as security protocols), but by exploiting vulnerabilities in the way they are employed. Towards a solution of this problem we aim to encapsulate rules of prudent security engineering in such a way that a system specification formulated in (a formal core of) the Unified Modeling Language (UML, the industry-standard in object-oriented modelling) can be evaluated wrt. these rules, violations be indicated and suggestions for modifications be derived.

Supported by the Studienstiftung des deutschen Volkes and the Computing Laboratory.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Abadi. Security protocols and their properties. In F. Bauer and R. Steinbrueggen, editors, Foundations of Secure Computation. IOS Press, 2000.

    Google Scholar 

  2. M. Abadi, Michael Burrows, Butler Lampson, and Gordon Plotkin. A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems, 15(4):706–734, 1993.

    Article  Google Scholar 

  3. R. Anderson. Why cryptosystems fail. Communications of the ACM, 37(11):32–40, November 1994.

    Google Scholar 

  4. R. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, 2001.

    Google Scholar 

  5. CEPSCO. Common Electronic Purse Specifications, 2001. Business Requirements vers. 7.0, Functional Requirements vers. 6.3, Technical Specification vers. 2.3, available from http://www.cepsco.com.

  6. Dieter Gollmann. On the verification of cryptographic protocols-a tale of two committees. In Workshop on Security Architectures and Information Flow, volume 32 of Electronical Notes in Theoretical Computer Science, 2000.

    Google Scholar 

  7. Li Gong. Java™ Security Architecture (JDK1.2). http://java.sun.com/products/jdk/1.2/docs/guide/security/spec/security-spec. doc.html, October 2 1998.

  8. Li Gong. Inside Java 2 Platform Security-Architecture, API Design, and Implementation. Addison-Wesley, 1999.

    Google Scholar 

  9. H. Hußmann, editor. Fundamental Approaches to Software Engineering (FASE/ETAPS, International Conference), volume 2029 of LNCS. Springer, 2001.

    Google Scholar 

  10. Jan Jürjens. Developing secure systems with UMLsec — from business processes to implementation. In VIS 2001. Vieweg-Verlag, 2001. To appear.

    Google Scholar 

  11. Jan Jürjens. Modelling audit security for smart-card payment schemes with UMLsec. In P. Paradinas, editor, IFIP/SEC 2001-16th International Conference on Information Security. Kluwer, 2001.

    Google Scholar 

  12. Jan Jürjens. Secure Java development with UMLsec. 2001. Submitted.

    Google Scholar 

  13. Jan Jürjens. Towards development of secure systems using UMLsec. In [9], 2001.

    Chapter  Google Scholar 

  14. Jan Jürjens and Guido Wimmel. Security modelling for electronic commerce: The Common Electronic Purse Specifications. In First IFIP conference on e-commerce, e-business, and e-government (I3E). Kluwer, 2001.

    Google Scholar 

  15. Jan Jürjens and Guido Wimmel. Specification-based testing of firewalls. In Andrei Ershov 4th International Conference “Perspectives of System Informatics” (PSI’01), LNCS. Springer, 2001. To be published.

    Google Scholar 

  16. L. Paulson. Inductive analysis of the Internet protocol TLS (transcript of discussion). In B. Christianson, B. Crispo, W.S. Harbison, and M. Roe, editors, Security Protocols-6th International Workshop, number 1550 in LNCS, page 13 ff., Cambridge, UK, April 1998.

    Chapter  Google Scholar 

  17. R. Pooley and P. King. The unified modeling language and performance engineering. IEE Proceedings-Software, 146(1):2–10, 1999.

    Article  Google Scholar 

  18. J. Rumbaugh, I. Jacobson, and G. Booch. The Unified Modeling Language Reference Manual. Addison-Wesley, 1999.

    Google Scholar 

  19. F. Schneider, editor. Trust in Cyberspace. National Academy Press, 1999.

    Google Scholar 

  20. J. Saltzer and M. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278–1308, September 1975.

    Google Scholar 

  21. M. Walker. On the security of 3GPP networks. In Advances in Cryptology-EUROCRYPT, volume 1807 of LNCS. Springer, 2000.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computing Laboratory, University of Oxford, GB

    Jan Jürjens

Authors
  1. Jan Jürjens
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science Faculty of Engineering and Information Sciences, University of Hertfordshire, College Lane, Hatfield, Herts, AL10 9AB, UK

    Bruce Christianson  & James A. Malcolm  & 

  2. Department of Computer Science, Vrije Universiteit, De Boelelaan 1081A, 1081, HV Amsterdam, The Netherlands

    Bruno Crispo

  3. Microsoft Research Limited, 7 J J Thomson Avenue, CB3 0FB, Cambridge, UK

    Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jürjens, J. (2002). Encapsulating Rules of Prudent Security Engineering. In: Christianson, B., Malcolm, J.A., Crispo, B., Roe, M. (eds) Security Protocols. Security Protocols 2001. Lecture Notes in Computer Science, vol 2467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45807-7_15

Download citation

  • DOI: https://doi.org/10.1007/3-540-45807-7_15

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-44263-9

  • Online ISBN: 978-3-540-45807-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation