Tools for model-based security engineering
Citation:Jan Jurjens, Jorge Fox, Tools for model-based security engineering, 28th International Conference on Software Engineering (ICSE), Informal Tool Demo, Shanghai, China, May 20-28, 2006, edited by Leon J. Osterweil, H. Dieter Rombach, Mary Lou Soffa , ACM, 2006, pp819 - 822
p819-juerjensfox.pdf (Informal tool demo) 127.6Kb
We present tool-support for checking UML models and C code against security requirements. A framework supports implementing verification routines, based on XMI output of the diagrams from UML CASE tools, and on control flow generated from the C code. The tool also supports weaving security aspects into the code generated from the models. Advanced users can use this open-source framework to implement verification routines for the constraints of self-defined security requirements. We focus on a verification routine that automatically verifies crypto-based software for security requirements by using automated theorem provers.
German Federal Ministry of Education, Science, Research and Technology (BMBF)
Type of material:Conference Paper
Availability:Full text available