Secure System Development with UMLSEC : Application to a B2B System
In recent years UML has become a de-facto language for modelling software functional requirements. However, non-functional requirements such as security requirement have less attention from system designer even though the business system is exposed to security risks. Embedding security measures duri...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Language: | eng eng |
Published: |
2004
|
Subjects: | |
Online Access: | https://etd.uum.edu.my/1246/1/KHAIRUL_ANWAR_B._HJ._SEDEK.pdf https://etd.uum.edu.my/1246/2/1.KHAIRUL_ANWAR_B._HJ._SEDEK.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
id |
my-uum-etd.1246 |
---|---|
record_format |
uketd_dc |
institution |
Universiti Utara Malaysia |
collection |
UUM ETD |
language |
eng eng |
topic |
QA76 Computer software |
spellingShingle |
QA76 Computer software Khairul Anwar, Sedek Secure System Development with UMLSEC : Application to a B2B System |
description |
In recent years UML has become a de-facto language for modelling software functional requirements. However, non-functional requirements such as security requirement have less attention from system designer even though the business system is exposed to security risks. Embedding security measures during design phase will help developers to reduce security vulnerabilities. Using Furniture B2B
Market place as a case study, this study attempts to determines system security requirements of B2B system to formally specified them using UMLSec as a specification language. The result shows that (some security requirements of B2B system can be modelled using UMLSec. This study also provides recommendations to suit UMLSec with B2B security requirements. |
format |
Thesis |
qualification_name |
masters |
qualification_level |
Master's degree |
author |
Khairul Anwar, Sedek |
author_facet |
Khairul Anwar, Sedek |
author_sort |
Khairul Anwar, Sedek |
title |
Secure System Development with UMLSEC : Application to a B2B System |
title_short |
Secure System Development with UMLSEC : Application to a B2B System |
title_full |
Secure System Development with UMLSEC : Application to a B2B System |
title_fullStr |
Secure System Development with UMLSEC : Application to a B2B System |
title_full_unstemmed |
Secure System Development with UMLSEC : Application to a B2B System |
title_sort |
secure system development with umlsec : application to a b2b system |
granting_institution |
Universiti Utara Malaysia |
granting_department |
Faculty of Information Technology |
publishDate |
2004 |
url |
https://etd.uum.edu.my/1246/1/KHAIRUL_ANWAR_B._HJ._SEDEK.pdf https://etd.uum.edu.my/1246/2/1.KHAIRUL_ANWAR_B._HJ._SEDEK.pdf |
_version_ |
1747827104685228032 |
spelling |
my-uum-etd.12462013-07-24T12:11:06Z Secure System Development with UMLSEC : Application to a B2B System 2004 Khairul Anwar, Sedek Faculty of Information Technology Faculty of Information Technology QA76 Computer software In recent years UML has become a de-facto language for modelling software functional requirements. However, non-functional requirements such as security requirement have less attention from system designer even though the business system is exposed to security risks. Embedding security measures during design phase will help developers to reduce security vulnerabilities. Using Furniture B2B Market place as a case study, this study attempts to determines system security requirements of B2B system to formally specified them using UMLSec as a specification language. The result shows that (some security requirements of B2B system can be modelled using UMLSec. This study also provides recommendations to suit UMLSec with B2B security requirements. 2004 Thesis https://etd.uum.edu.my/1246/ https://etd.uum.edu.my/1246/1/KHAIRUL_ANWAR_B._HJ._SEDEK.pdf application/pdf eng validuser https://etd.uum.edu.my/1246/2/1.KHAIRUL_ANWAR_B._HJ._SEDEK.pdf application/pdf eng public masters masters Universiti Utara Malaysia Basin. D. Doser, J.,& Lodderstedt, T. (2003, June 1-4). Model Driven Security for Process-Oriented Systems.SACMAT '03. Blackburn & Chandramouli (n.d.). Model-based Approach to Security Test Automation. Retrieved from http://csrc.nist.gov/auto-func-test/publications/Issre_2002.pdf CIECA. (2003). Security for Electronic B2B Transactions. Retrieved,from http://vww.cieca.com/documents/OpenDocuments/2OO3/SecurityforE1ectronicB2Btransactions-2003-05-19.pdf Conallen, J. (2002). Building Web Application with UML. Boston: Pearson Education. CSI/FBI (2003). Computer Crime and Security Survey. Retrieved from http://www.gocsi.com/forms/fbi/pdf.jhtml Gartner.(2001). The Evolution of e-Business Security Requirements. Retrieved from http://www.verisign.com/resources/wp/authentication/eBusinessSecurity.pdf Ge, X., Polack, F., & Laleau, R. (2004). Secure Databases: an Analysis of Clark-Wilson Model in a Database Environment. CAISE 2004 Conference. Geer, D., Soo, K. J., & Jaquith, A. (2003). Information Security: Why the Future Belongs to the Quants. IEEE Security & Privacy, pp. 32-40. Georg, G., Ray, I., & France, R. (2002). Using Aspect to Design a Secure System. Proceeding of the 8th IEEE International Conference on Engineering of Complex Computer Systems. Goodchild, A., Herring, C., & Milosevic, Z. (2000, Jun). Business Contract for B2B. Proceedings of the CAISEOO Workshop on Infrastructure for Dynamic Business-to-Business Service. Hoo. K.S., Jaquith, A., & Geer. D. (2003). The Security of Application,Reloaded. Retrieved from http://www.atstake.com/research/reports/acrobat/atstake_pp)reloaded.pdf Jaquith, A. (2002). The Security of Applications: Not All Are Created Equal. Research Report. Jones: S., Wiliken, M., Morris, P., & Masera, M. (2000, December). Trust Requirements in E-Business. Communication of The ACM,43(12), 81-87. Juerjens, J. (2001, Nov). Secure java Development with UML. I-NetsecOl-First International IFIP TC-11 WG11.4 Working Conference on Network Security. Juerjens, J. (2002a). UMLsec: Presenting the Profile. Sixth Annual Workshop On Distributed Objects and Components Security (DOCsec2002). Juerjens, J. (2002b). Using UMLsec and Goal Trees for Secure Systems Development. Proceedings of the 2002 ACM symposium on Applied computing, pp. 1026-1030. Juerjens, J. (2002c). Secure Systems Development with UML: Application to Telemedicine. International Conference on Telemedicine (ICT2002),Regensburg. Knorr, K., & Rohrig, S. (2001, Oct 3-5). Security Requirements of E-Business Processes. Proceedings of the First IFIP Conference on E-Commerce, E-Business,and E-Government (13E), pp.73-86. Lodderstedt, T., Basin, D., & Doser, J. (2003). SecureUML: A UML-Based Modeling Language for Model-Driven Security. 8th ACM Symposium on Access Control Models and Technologies. Lucking-Reily, D., & Spulber, D. F. (2001, Winter). Business-to-Business Electronic Commerce. Journal of Economic Perspectives, 15(1), 55-68. NIST (2001). Engineering Principles for Information Technology Security (A Baseline for Achieving Security). Retrieved from http://csrc.nist.gov/publications/nistpubs/800-27/sp800-27.pdf NIST. (1996). General Accepted Principles and Practices for Securing Information Technology Systems. Retrieved from http://csrc.nist.gov/publications/nistpubs/8OO-14/800-14.pdf NIST. (2003). Security Considerations in the Information System Development Life Cycle. Retrieved from http://csrc.nist.govlpublications/nistpubs/8OO-64/nist-sp800-64.pdf OWASP (2002). A Guide to Building Secure Web Applications: The Open Web Application Security Project. OWASP (2003). The Top Ten Critical Web Application Security Vulnerabilities. OWASP (2004). The Top Ten Critical Web Application Security Vulnerabilities: 2004 Updates. Probert, R. L., & Sawma, V. (2003, March). E-Commerce Security: Raising Awareness of Issues bu Adapting the NIST IT Security Services Model to E-Business System. The 16th Annual Conference of The Federal Information Systems Security Educators ' Association. Rob, P. & Coronel, C. (2004). Database System: Design, Implementation, & Management, 6th Edition, Course Technology. Boston. Rohrig, S., & Knorr, K. (2000). Towards a Secure Web-based Health Care Application. Proceeding of The 8th European Conference on Information System (ECIS). Thuiraisingham, B. (2000). Wed Data Management and Electronic Commerce (2nd ed.). Florida: CRC Press. Tian, Z., & Chung, J. Y. (1999, May). Business-to-Business e-Commerce with Open Buying on the Internet. IBM Institute for Advanced Commerce Technical Report. |