UMLSec. IS 2620 Developing Secure Systems Courtesy of Jan Jürjens , who developed UMLsec. Lecture 12. Critical/High assurance Systems Development. High quality development of critical systems (dependable, security-critical, real-time,...) is difficult .
IS 2620 Developing Secure SystemsCourtesy of Jan Jürjens, who developed UMLsec
No coherent and complete methodology to ensure security in the construction of large general-purpose systems exists …
Simulates power outages and 911 emergency telephone overloads in Washington, D.C..
– Needham-Schroeder protocol (1978)
– attacks found 1981 (Denning, Sacco), 1995 (Lowe)
“Those who think that their problem can be solved by simply applying cryptography don`t understand cryptography and don`t understand their problem” (Lampson, Needham).
Exploit information spreads quickly.
Consider critical properties
High Assurance/Secure design by model analysis.
High Assurance/Secure implementation by test generation.
Unified Modeling Language (UML):
For each component or
A special case of
“Pay” may be «provable»
<<secure dependency>>provided ?
Violates<<secure dependency>> : Randomgeneratorand<<call>>dependency do not givesecurity level forrandom()tokey generator.
Formalize by referring to formal behavioral semantics.
<<no down–flow>>provided ?
Assumption: A does not know data being protected
Variant of TLS (INFOCOM`99):
<<data security>>against default adversary provided ?
slot could be “between 1 and 2PM