csce548-lect8 - CSCE 548 Secure Software Development...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
CSCE 548 CSCE 548 Secure Software Secure Software Development Development Security Use Cases Security Use Cases
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 548 - Farkas 2 Reading Reading This lecture: Jan Jürjens, Towards Development of Secure Systems using UMLsec, http://citeseer.ist.psu.edu/536233.html Lodderstedt et. al, SecureUML: A UML-Based Modeling Language for Model-Driven Security, http://citeseer.ist.psu.edu/lodderstedt02secureuml.html K. Alghathbar and D. Wijesekera, authUML: a three- phased framework to analyze access control specifications in use cases, http://portal.acm.org/citation.cfm?id=1035438 Next lecture: Misuse Cases, McGraw: Chapter
Background image of page 2
CSCE 548 - Farkas 3 Application of Touchpoints Application of Touchpoints Requirement and Use cases Architecture and Design Test Plans Code Tests and Test Results Feedback from the Field 5. Abuse cases 6. Security Requirements 2. Risk Analysis External Review 4. Risk-Based Security Tests 1. Code Review (Tools) 2. Risk Analysis 3. Penetration Testing 7. Security Operations
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 548 - Farkas 4 Design Flaws Design Flaws 50 % of security problems Need: explicitly identifying risk Quantifying impact: tie technology issues and concerns to business Continuous risk management
Background image of page 4
CSCE 548 - Farkas 5 SecureUML SecureUML Lodderstedt, Basin, and Doser Role-Based Access Control, MAC Use UML to specify access control Security is “horizontal” to software development Ad-hoc and “after-the-development” security integration is error prone, can be costly, and may have negative impact
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 548 - Farkas 6 SecureUML SecureUML Model-driven software development integrated with security Advantages: Security is integrated during software design, using high-level of abstraction Modeling information can be used to detect design errors and verify correctness Limitations: need precise semantics of modeling language for security assurance
Background image of page 6
CSCE 548 - Farkas 7 Unified Modeling Language Unified Modeling Language Standard way to visualize a system's architectural blueprints High abstraction level Extensible syntax Sufficiently precise semantics
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
UML Elements UML Elements Actors Business processes Logical components Activities Programming language statements Database schemas Reusable software components CSCE 548 - Farkas 8
Background image of page 8
UML Diagrams UML Diagrams CSCE 548 - Farkas 9 Source: Wikipedia, http://en.wikipedia.org/wiki/Unified_Modeling_Language
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
UML Specification Language Object Constraint Language (OCL) Invariant for classes Preconditions and post conditions for methods Guards for transitions in state machines First –order logic E.g., context Meeting inv: self.participants ->
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 40

csce548-lect8 - CSCE 548 Secure Software Development...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online