15 Years of Model-Based Security Engineering with UML
Supporting Secure Evolution
Jan Jürjens
University of Koblenz-Landau / Fraunhofer ISST, Germany
juerjens <at> uni <dash> koblenz <dot> de
Abstract: Security certification of complex systems requires a high amount of effort. As a particular challenge, today's
systems are increasingly long-living and subject to continuous change. After each change of some part of the
system, the whole system needs to be re-certified from scratch (since security properties are not in general
modular), which is usually far too much effort. There has been recent work to address this challenge in the
context of a line of work which develops approaches and tools for Model-based Security Engineering, making
use of established modeling notations such as the Unified Modeling Language (UML). From that work, this
talk presents a tool-supported approach for security certification that minimizes the amount of effort necessary
in the case of re-certification after change. It is based on results that determine under which conditions change
preserves security properties (for example in the context of structuring techniques such as refinement or
architectural principles such as modularization). The approach supports an automated difference-based
security analysis, at the level of design models as well as the implementation code (using static security
analysis or run-time verification). It has been applied e.g. to cryptographic protocols, distributed security
infrastructures, and identity management systems, and there are empirical results comparing it to classical
techniques for security certification. In the outlook, we briefly present current research directions, such as
applying the approach to the security certification of the Industrial Data Space (currently in development by
Fraunhofer and a consortium of more than 20 companies, see http://www.industrialdataspace.org/en).
BRIEF BIOGRAPHY
Jan Jürjens is Professor of Software Engineering at
the University of Koblenz-Landau (Germany) and
Director Research Projects at Fraunhofer Institute for
Software and Systems Engineering ISST (Germany).
He has been PI of various projects, often in
cooperation with industry (e.g. Microsoft Research
(Cambridge)). Previous positions include Professor at
TU Dortmund, a Royal Society Industrial Fellowship
at Microsoft Research Cambridge, a non-stipendiary
Research Fellowship at Robinson College (Univ.
Cambridge), where in 2009 he was appointed as
Senior Member, and a Postdoc position at TU
Munich. Jan holds a Doctor of Philosophy in
Computing from University of Oxford and is author
of "Secure Systems Development with UML"
(Springer, 2005; Chinese translation 2009) and other
publications mostly on software engineering and IT
security. More information: http://jan.jurjens.de.
5
JÃijrjens J.
15 Years of Model-Based Security Engineering with UML - Supporting Secure Evolution.
DOI: 10.5220/0006221500050006
In Proceedings of the Sixth International Symposium on Business Modeling and Software Design (BMSD 2016), pages 5-6
ISBN: 978-989-758-190-8
Copyright
c
2016 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved
Sixth International Symposium on Business Modeling and Software Design
6
