Umlchange - specifying model changes to support security verification of potential evolution

Abstract

Security certification of complex systems requires a high amount of effort. As a particular challenge, today's systems are increasingly long-living and subject to continuous change. After each change of some part of the system, the whole system needs to be re-certified from scratch (since security properties are not in general modular), which is usually far too much effort. We present a tool-supported approach for security certification that minimizes the amount of effort necessary in the case of re-certification after change. It is based on an approach for model-based development of secure software which makes use of the security extension UMLsec of the Unified Modeling Language (UML). It allows the user to integrate security requirements such as secure information flow and audit security into a system design model, it supported by a security verification tool chain, and has been applied to a number of industrial applications.