Poor design has been a major source of software security problems. Rigorous and designer-friendly methodologies for modeling and analyzing secure software are highly desirable. A formal method for software development, however, often suffers from a gap between the rigidity of the method and the informal nature of system requirements. To narrow this gap, this paper presents a UML-based framework for modeling and analyzing security threats (i.e. potential security attacks) rigorously and visually. We model the intended functions of a software application with UML statechart diagrams and the security threats with sequence diagrams, respectively. Statechart diagrams are automatically converted into a graph transformation system, which has a well-established theoretical foundation. Method invocations in a sequence diagram of a security threat are interpreted as a sequence of paired graph transformations. Therefore, the analysis of a security threat is conducted through simulating the state transitions from an initial state to a final state triggered by method invocations. In our approach, designers directly work with UML diagrams to visually model system behaviors and security threats while threats can still be rigorously analyzed based on graph transformation.

• 出版日期2010-9
• 单位河海大学