Attacks against computer systems can cause considerable economic or physical damage. High-quality development of security-critical systems is difficult, mainly because of the conflict between development costs and verifiable correctness.
Jurjens presents the UML extension UMLsec for secure systems development. It uses the standard UML extension mechanisms, and can be employed to evaluate UML specifications for vulnerabilities using a formal semantics of a simplified fragment of UML. Established rules of security engineering can be encapsulated and hence made available even to developers who are not specialists in security. As one example, Jurjens uncovers a flaw in the Common Electronic Purse Specification, and proposes and verifies a correction.
With a clear separation between the general description of his approach and its mathematical foundations, the book is ideally suited both for researchers and graduate students in UML or formal methods and security, and for advanced professionals writing critical applications.
By:
Jan Jürjens Imprint: Springer-Verlag Berlin and Heidelberg GmbH & Co. K Country of Publication: Germany Edition: 2005 ed. Dimensions:
Height: 235mm,
Width: 155mm,
Spine: 19mm
Weight: 664g ISBN:9783540007012 ISBN 10: 3540007016 Pages: 316 Publication Date:18 October 2004 Audience:
College/higher education
,
Professional and scholarly
,
Professional & Vocational
,
A / AS level
,
Further / Higher Education
Format:Hardback Publisher's Status: Active
Prologue.- Walk-through: Using UML for Security.- Background.- Developing Secure Systems.- Model-based Security Engineering with UML.- Applications.- Tool Support.- Tool support for UMLsec.- A Formal Foundation.- Formal Systems Development with UML.- Epilogue.- Further Material.- Outlook.
Reviews for Secure Systems Development with UML
'This book is well designed and integrated, allowing readers to be as selective or comprehensive as their interest permits.' - American Reference Books Annual 2000, Volume 31