|
Secure Systems Development with UML |
|
|
 Description
Attacks against computer systems can cause
considerable economic or physical damage. High-quality development of
security-critical systems is difficult, mainly because of the conflict
between development costs and verifiable correctness.
Jürjens
presents the UML extension UMLsec for secure systems development.
It
uses the standard UML extension mechanisms, and can be employed to
evaluate UML specifications for vulnerabilities using a formal
semantics of a simplified fragment of UML. Established rules of
security engineering can be encapsulated and hence made available even
to developers who are not specialists in security. As one example,
Jürjens uncovers a flaw in the Common Electronic Purse Specification,
and proposes and verifies a correction.
With a clear separation
between the general description of his approach and its mathematical
foundations, the book is ideally suited both for researchers and
graduate students in UML or formal methods and security, and for
advanced professionals writing critical applications.
 |
Subscribe to this comment's feed