By Topic

Model-Based Security Engineering of Distributed Information Systems Using UMLsec

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Best, B. ; BMW Group, Munich ; Jurjens, Jan ; Nuseibeh, B.

Given the explosive growth of digitally stored information in modern enterprises, distributed information systems together with search engines are increasingly used in companies. By enabling the user to search all relevant information sources with one single query, however, crucial risks concerning information security arise. In order to make these applications secure, it is not sufficient to penetrate- and-patch past system development, but security analysis has to be an integral part of the system design process for such distributed information systems. This work presents the experiences and results of the security analysis of a search engine in the intranet of a German car manufacturer, by making use of an approach to model-based security engineering that is based on the UML extension UMLsec. The focus lies on the application's single-sign-on-mechanism, which was analyzed using the UMLsec method and tools. Main results of the paper include afield report on the employment of the UMLsec method in an industrial context as well as indications on its benefits and limitations.

Published in:

Software Engineering, 2007. ICSE 2007. 29th International Conference on

Date of Conference:

20-26 May 2007