Integrating Security Properties with Systems Design Artefacts
This paper makes an attempt to propose a framework that enables systems developers to express and integrate security properties with the system functionality from the beginning of the information systems (IS) development process. We propose a UML based security integration framework that will enable IS developer to specify and incorporate underlying security properties with the corresponding functional properties in the design artefacts. In current practices, a system is analysed and designed around business objects and operations. IS developers only consider objects and functionality during the system analysis and design process, whereas security designers define the security of the system. We use UML to show how the security properties defined by the security experts can be incorporated with the use case, class diagram, and interaction diagrams along with the systems functionality designed by systems analysts and designers.
KeywordsInformation System Security Policy System Functionality Class Diagram Security Property
Unable to display preview. Download preview PDF.
- 1.J. Viega, G. McGraw, Building Secure Software: How to Avoid Security Problems the Right Way. ( Addison-Wesley, Reading, Mass., 2001 ).Google Scholar
- 2.A. Ghosh, C. Howell, J. Whittaker, Building Software Securely from the Ground Up, IEEE Software, Vol. 19, no. I, 14–16 ( IEEE CS press, Los Alamitos, Calif., 2002 ).Google Scholar
- 4.C. Larman, Applying UML and Patterns (Prentice Hall, 1997 ).Google Scholar
- 5.B. Friedman, P. Kahn Jr., and D. Howe, Trust Online, Communications of the ACM, Vol. 43, No. 12, 34–44 ( ACM press, December 2000 ).Google Scholar
- 6.L. Bass, P. Clements, R. Kazman, Software Architecture in Practice (Addison-Wesley, 1998 ).Google Scholar
- 7.J. Juryens, UMLsec: Extending UML for Secure Systems Development, Proc. 5th International Conference on UML, 412–425 (Springer-verlag, 2002 ).Google Scholar
- 8.K. Khan, J. Han, Composing Security-Aware Composition, IEEE Software, Vol. 19–1, January-February 3441 ( IEEE CS press, Los Alamitos, Calif., 2002 ).Google Scholar
- 9.G. Ribeiro-Justo, A. Saleh, Non-functional Integration and Coordination of Distributed Component Services, Proc. 6th European Conference on Software Maintenance and Reengineering, (IEEE CS press, Los Alamitos, Calif. 2002 ).Google Scholar