ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Model-based security analysis for mobile communications
Full text PdfPdf (557 KB)
Source
International Conference on Software Engineering archive
Proceedings of the 30th international conference on Software engineering table of contents
Leipzig, Germany
SESSION: Modeling & Architecture table of contents
Pages 683-692  
Year of Publication: 2008
ISBN:978-1-60558-079-1
Authors
Jan Jürjens  The Open University, Milton Keynes, United Kingdom
Joerg Schreck  O2 (Germany), Munich, Germany
Peter Bartmann  University of Augsburg, Augsburg, Germany
Sponsors
ACM: Association for Computing Machinery
SIGSOFT: ACM Special Interest Group on Software Engineering
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 59,   Downloads (12 Months): 427,   Citation Count: 1
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1368088.1368186
What is a DOI?

ABSTRACT

Mobile communication systems are increasingly used in companies. In order to make these applications secure, the security analysis has to be an integral part of the system design and IT management process for such mobile communication systems. This work presents the experiences and results from the security analysis of a mobile system architecture at a large German telecommunications company, by making use of an approach to Model-based Security Engineering that is based on the UML extension UMLsec. The focus lies on the security mechanisms and security policies of the mobile applications which were analyzed using the UMLsec method and tools. Main results of the paper include a field report on the employment of the UMLsec method in an industrial telecommunications context as well as indications of its benefits and limitations.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Axelle Apvrille , Makan Pourzandi, Secure Software Development by Example, IEEE Security and Privacy, v.3 n.4, p.10-17, July 2005  [doi>10.1109/MSP.2005.103]
 
2
Bastian Best , Jan Jurjens , Bashar Nuseibeh, Model-Based Security Engineering of Distributed Information Systems Using UMLsec, Proceedings of the 29th international conference on Software Engineering, p.581-590, May 20-26, 2007  [doi>10.1109/ICSE.2007.55]
 
3
J. Grünbauer, H. Hollmann, J. Jürjens, and G. Wimmel. Modelling and verification of layered security-protocols: A bank application. In SAFECOMP 2003, LNCS. Springer, 2003.
 
4
J. Jürjens. Secure Systems Development with UML. Springer, 2004.
5
Jan Jürjens, Sound methods and effective tools for model-based security engineering with UML, Proceedings of the 27th international conference on Software engineering, May 15-21, 2005, St. Louis, MO, USA  [doi>10.1145/1062455.1062519]
 
6
J. Jürjens. Model-based security engineering for real. In 14th Intern. Symposium on Formal Methods (FM 2006), volume 4085 of LNCS, pages 600--606. Springer, 2006. Industry Day Invited Paper.
 
7
Jan Jurjens, Security Analysis of Crypto-based Java Programs using Automated Theorem Provers, Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering, p.167-176, September 18-22, 2006  [doi>10.1109/ASE.2006.60]
 
8
Jan Jürjens , Pasha Shabalin, Tools for secure systems development with UML, International Journal on Software Tools for Technology Transfer (STTT), v.9 n.5, p.527-544, October 2007  [doi>10.1007/s10009-007-0048-8]
9
Dewayne E. Perry , Adam A. Porter , Lawrence G. Votta, Empirical studies of software engineering: a roadmap, Proceedings of the Conference on The Future of Software Engineering, p.345-355, June 04-11, 2000, Limerick, Ireland  [doi>10.1145/336512.336586]
 
10
J. Schalken. Research methods for the empirical assessment of software processes. In The 12th Doctoral Consortium at CAiSE 05, 2005.
 
11
UMLsec tool, 2001-08. http://computing-research.open.ac.uk/jj/umlsectool.
12
Monika Vetterling , Guido Wimmel , Alexander Wisspeintner, Secure systems development based on the common criteria: the PalME project, Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineering, November 18-22, 2002, Charleston, South Carolina, USA  [doi>10.1145/587051.587071]

CITED BY
Eduardo Fernández-Medina , Jan Jurjens , Juan Trujillo , Sushil Jajodia, Editorial: Model-Driven Development for secure information systems, Information and Software Technology, v.51 n.5, p.809-814, May, 2009

INDEX TERMS

Primary Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.2 Design Tools and Techniques
          Subjects: Object-oriented design methods

Additional Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.2 Design Tools and Techniques
          Subjects: Computer-aided software engineering (CASE)
      D.2.4 Software/Program Verification
          Subjects: Model checking


General Terms:
Security, Verification


Keywords:
mobile telecommunication systems, model-based software engineering, uml, umlsec

Collaborative Colleagues:
Jan Jürjens: colleagues
Joerg Schreck: colleagues
Peter Bartmann: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player