Book: Secure Systems Development with UML

Excerpts

Introduction
1. Overview
2. Outline
3. How to Use this Book
Walk-through: Using UML for Security
1. Security Requirements Capture with Use Case Diagrams
2. Secure Business Processes with Activity Diagram
3. Physical Security Using Deployment Diagrams
4. Security-Critical Interaction with Sequence Diagrams
5. Secure States Using Statechart Diagrams
Background
1. Security Engineering
2. Unified Modeling Language
3. Analyzing UML Models

Model-based Security Engineering with UML
1. UMLsec Profile
2. Design Principles for Secure Systems
3. Applying Security Patterns
4. Notes
5. Discussion
Applications
1. Secure Channels
2. A Varian of the Internet Protocol TLS
3. Comon Electronic Purse Specifications
4. Developing Secure Java Programs
5. Further Applications
6. Notes
7. Discussion

Tool support for UMLsec
1. Extending UML CASE Tools with Analsis Tools
2. Automated Tools for UMLsec
3. Linking Models to Rumtime Data: SAP R/3 Permissions
4. Linking Models to Code
5. Notes
6. Diskussion
Formal Foundation
1. UML Machines
2. UML Machines Systems
3. Refinement
4. Rely-Guarantee Specifications
5. Reasoning About Security Properties
6. Notes
7. Discussion
Formal Systems Development with UML
1. Formal Semantics for a Fragment of UML
2. Development with UML
3. Notes
4. Discussion

Further Material
1. More on the UMLsec Approach
2. Other Approaches to Security Engineering
Outlook

Towards UML 2.0
The Semantics of UML Machine Rules
Proofs
1. UML Machines
2. Refinement
3. Rely-Guarantee Specifications
4. Reasoning About Security Properties
5. Formal Systems Development with UML
6. Secure Channels
7. A Variant of the Internet Protocol TLS
8. Common Electronic Purse Specifications