TY  - THES
T1  - Evaluation of the unified modeling language for security requirements analysis
A1  - Ontua, Marife G.
LA  - English
YR  - 2005
UL  - https://tuklas.up.edu.ph/Record/UP-99796217608175389
AB  - Security is of paramountimportance in any computer system particularly with the amount and sensitivity of information and transactions processed by current applications. However, security specifications are complicated and difficult to understand. It is even harder to integrate these specifications in the production of computer systems. These difficulties motivate the need for models that will support the development of secure systems from the design to the implementation stages. Software engineers have been using models to improve the quality of software development. Focusing on software quality in the early stages of production can lead to timely defect detection and avoidance. Security analysis will ensure that security requirements are not neglected and are incorporated in the system models. This research used the Unified Modeling Language (UML), an industry standard in object-oriented modeling, to express security requirements. In particular, it utilized the sequence diagram of Gentleware's Poseidon for UML tool to represent the Internet Key Exchange Protocol (IKE), a key management protocol used in conjuction with the IP Security Protocol (ISPec). The diagram provided a visual representation of the protocol facilitating the identification of potential flaws in the protocol's design. Aside from the diagram, a Java-based application, the Analyzer, was also developed to help identify defects in the protocol that was modeled. This was achieved by checking the XMI files generated by Poseidon for UML from the diagrams. Finally, to assess UML's capability in modeling security requirements, our results were compared with the findings of two other studies that analyzed IKE using other methodologies. Results of the comparison show that UML diagrams and its corresponding XMI files can be used to model and investigate security specifications.
CN  - LG 995 2005 C65 O58
KW  - UML (Computer science).
KW  - Computer software : Development.
KW  - Object-oriented methods (Computer science).
KW  - Computer security.
ER  -