Abstract
We give an overview over a soundly based secure software engineering methodology and associated tool-support developed over the last few years under the name of Model-based Security Engineering (MBSE). We focus in particular on applications in industry.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. Proceedings of the Royal Society, Series A 426(1871), 233–271 (1989)
Clarke, E., Wing, J.: Formal methods: State of the art and future directions. ACM Computing Surveys 28(4), 626–643 (1996)
Devanbu, P., Stubblebine, S.: Software engineering for security: a roadmap. In: The Future of Software Engineering (ICSE 2000), pp. 227–239 (2000)
Heitmeyer, C.: Formal methods for developing software specifications: Paths to wider usage. In: Arabnia, H.R. (ed.) PDPTA 1999 (1999)
Hoare, C.A.R.: How did software get so reliable without proof? In: Gaudel, M.-C., Woodcock, J.C.P. (eds.) FME 1996. LNCS, vol. 1051, pp. 1–17. Springer, Heidelberg (1996)
Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, p. 412. Springer, Heidelberg (2002)
Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)
Jürjens, J.: Code security analysis of a biometric authentication system using automated theorem provers. In: ACSAC 2005. IEEE, Los Alamitos (2005)
Jürjens, J.: Sound methods and effective tools for model-based security engineering with UML. In: 27th Int. Conf. on Softw. Engineering. IEEE Computer Society Press, Los Alamitos (2005)
Jürjens, J.: Security analysis of crypto-based Java programs using automated theorem provers. In: 21st IEEE/ACM Int. Conf. Autom. Softw. Eng. (2006)
Jürjens, J.: IT-Security. Springer, Heidelberg (in preparation, 2007)
Kilian-Kehr, R.: Can formal verification become mainstream in software engineering? In: Jürjens, J. (ed.) 2nd Works. of the GI-WG FoMSESS (2004)
Kemmerer, R., Meadows, C., Millen, J.: Three systems for cryptographic protocol analysis. Journal of Cryptology 7(2), 79–130 (1994)
Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. Software Concepts and Tools 17(3), 93–102 (1996)
Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6(1–2), 85–128 (1998)
UMLsec group. Security analysis tool (2004), http://www.umlsec.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jürjens, J. (2006). Model-Based Security Engineering for Real. In: Misra, J., Nipkow, T., Sekerinski, E. (eds) FM 2006: Formal Methods. FM 2006. Lecture Notes in Computer Science, vol 4085. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11813040_42
Download citation
DOI: https://doi.org/10.1007/11813040_42
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-37215-8
Online ISBN: 978-3-540-37216-5
eBook Packages: Computer ScienceComputer Science (R0)