{"title":"UMLintr:用于指定入侵的UML概要文件","authors":"Mohammed Hussein, Mohammad Zulkernine","doi":"10.1109/ECBS.2006.70","DOIUrl":null,"url":null,"abstract":"Specifications of non-functional requirements (NFR) such as security, safety, usability are as important as specification of functional requirements (FR). Non conformance to some NFR may render the whole software useless. There are many difficulties associated with the representation of NFR and the complexity of their subsequent validation. The main objective of this work is towards incorporating an important aspect of NFR, i.e., security from the very beginning of a software development process. In this paper, a framework is presented for specifying intrusion scenarios in the Unified Modeling Language (UML). We describe a UML profile called UMLintr (UML for intrusion specifications) that allows developers to specify intrusions using UML notations extended to suit the context of intrusion scenarios. The framework utilizes the expressiveness of UML and eliminates the need of using attack languages that are proposed only to describe attack scenarios. Since developers do not need to learn a separate language to describe attacks, the task of specifying intrusion scenarios becomes much easier. This approach also helps to avoid conflicting (e.g., security vs. usability), ambiguous, and redundant requirements. Examples are provided to show the usage of the proposed UML profile","PeriodicalId":430872,"journal":{"name":"13th Annual IEEE International Symposium and Workshop on Engineering of Computer-Based Systems (ECBS'06)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"56","resultStr":"{\"title\":\"UMLintr: a UML profile for specifying intrusions\",\"authors\":\"Mohammed Hussein, Mohammad Zulkernine\",\"doi\":\"10.1109/ECBS.2006.70\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Specifications of non-functional requirements (NFR) such as security, safety, usability are as important as specification of functional requirements (FR). Non conformance to some NFR may render the whole software useless. There are many difficulties associated with the representation of NFR and the complexity of their subsequent validation. The main objective of this work is towards incorporating an important aspect of NFR, i.e., security from the very beginning of a software development process. In this paper, a framework is presented for specifying intrusion scenarios in the Unified Modeling Language (UML). We describe a UML profile called UMLintr (UML for intrusion specifications) that allows developers to specify intrusions using UML notations extended to suit the context of intrusion scenarios. The framework utilizes the expressiveness of UML and eliminates the need of using attack languages that are proposed only to describe attack scenarios. Since developers do not need to learn a separate language to describe attacks, the task of specifying intrusion scenarios becomes much easier. This approach also helps to avoid conflicting (e.g., security vs. usability), ambiguous, and redundant requirements. Examples are provided to show the usage of the proposed UML profile\",\"PeriodicalId\":430872,\"journal\":{\"name\":\"13th Annual IEEE International Symposium and Workshop on Engineering of Computer-Based Systems (ECBS'06)\",\"volume\":\"13 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-03-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"56\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"13th Annual IEEE International Symposium and Workshop on Engineering of Computer-Based Systems (ECBS'06)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ECBS.2006.70\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"13th Annual IEEE International Symposium and Workshop on Engineering of Computer-Based Systems (ECBS'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ECBS.2006.70","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Specifications of non-functional requirements (NFR) such as security, safety, usability are as important as specification of functional requirements (FR). Non conformance to some NFR may render the whole software useless. There are many difficulties associated with the representation of NFR and the complexity of their subsequent validation. The main objective of this work is towards incorporating an important aspect of NFR, i.e., security from the very beginning of a software development process. In this paper, a framework is presented for specifying intrusion scenarios in the Unified Modeling Language (UML). We describe a UML profile called UMLintr (UML for intrusion specifications) that allows developers to specify intrusions using UML notations extended to suit the context of intrusion scenarios. The framework utilizes the expressiveness of UML and eliminates the need of using attack languages that are proposed only to describe attack scenarios. Since developers do not need to learn a separate language to describe attacks, the task of specifying intrusion scenarios becomes much easier. This approach also helps to avoid conflicting (e.g., security vs. usability), ambiguous, and redundant requirements. Examples are provided to show the usage of the proposed UML profile
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
