Checks

CARiSMA has a plugin architecture. Each compliance, risk, or security check is implemented as a separate plugin. To avoid confusion with the plugin term in the Eclipse world, these plugins are called checks. Actually, several CARiSMA checks can be delivered in one Eclipse plugin.

This page lists the currently available checks.

Note that some checks actually do not perform a compliance, risk, or security check. They may rather perform some other analysis or convert models into other formats. The name check might be misleading, however, the term check fits best in most cases.

Available Checks for UML2 Models

Bundle Check Description
Activity Path Activity Path Reports all available paths in activity diagrams
Activity2PetriNet Activity2PetriNet Converts an activity diagram into a petri net to enable performance checks with ProM.
Smartcard Authorized Status Checks the «authorized status» stereotype which denotes the requirement of certain privileges to fire a transition
Locked Status Checks the «locked status» stereotype which marks states that are not allowed to have outgoing transitions
Smartcard Evolution Evolution-Aware Authorized Status Checks the «authorized status» stereotype w.r.t. evolution expressed in UMLchange
Evolution-Aware Locked Status Checks the «locked status» stereotype w.r.t. evolution expressed in UMLchange
State Machine Path State Machine Path Reports all available paths in state machines
Static Check Fair Exchange This check implements the analysis of the UMLsec «fair exchange»
Secure Dependency This check implements the analysis of the UMLsec «secure dependency»
Secure Links This check implements the analysis of the UMLsec «secure links»
Static Check Evolution Evolution-Aware Secure Dependency This check implements the analysis of the UMLsec stereotype «secure dependency» w.r.t. evolution expressed in UMLchange
Evolution-Aware Secure Links This check implements the analysis of the UMLsec stereotype «secure links» w.r.t. evolution expressed in UMLchange
OCL Check SingleOclChecker Enables the evaluation of a single OCL constraint on a model
MultiOclChecker Enables the evaluation of multiple OCL constraints on a model

Available Checks for BPMN Models

Bundle Check Description
BPMN2 OCL Check BPMN2 OCL Check This Check is able to extend a BPMN2 model with additional information like human performers and roles to enable the analysis of authorization constraints (Separation of Duty, Binding of Duty, …)
OCL Check SingleOclChecker Enables the evaluation of a single OCL constraint on a model
MultiOclChecker Enables the evaluation of multiple OCL constraints on a model
MaRisk(VA) Check MaRisk(VA) Check The MaRisk(VA) Check consists of different checks, which are designed to check if the BPMN processes are compliant with the regulations specified in the MaRisk(VA)

Tools/Commands of the old UMLsec tool

CARiSMA has just been developed and the majority of UMLsec tools/commands has not been ported into CARiSMA checks yet. However, if you are interested in a particular check, let us know! Probably, we could then increase the priority for porting this check.