Verifying security requirements using model checking technique for UML-based requirements specification

Yoshitaka Aoki; Saeko Matsuura

doi:10.1109/RET.2014.6908674

Verifying security requirements using model checking technique for UML-based requirements specification

Yoshitaka Aoki, Saeko Matsuura

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

8 Citations (Scopus)

Abstract

Use case analysis is known to be an effective method to clarify functional requirements. Security requirements such as access or information control tend to increase the complexity of functional requirements, and therefore, need to be correctly implemented to minimize risks. However, general developers find it difficult to correctly specify adequate security requirements during the initial phases of the software development process. We propose a method to verify security requirements whose specifications are based on Unified Modeling Language (UML) using the model checking technique and Common Criteria security knowledge. Common Criteria assists in defining adequate security requirements in the form of a table. This helps developers verify whether UML-based requirements analysis models meet those requirements in the early stages of software development. The UML model and the table are transformed into a finite automaton in the UPPAAL model checking tool.

Original language	English
Title of host publication	2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	18-25
Number of pages	8
ISBN (Electronic)	9781479963348
DOIs	https://doi.org/10.1109/RET.2014.6908674
Publication status	Published - 2014 Sep 23
Event	2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014 - Karlskrona, Sweden Duration: 2014 Aug 26 → 2014 Aug 26

Publication series

Name	2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014 - Proceedings

Conference

Conference	2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014
Country/Territory	Sweden
City	Karlskrona
Period	14/8/26 → 14/8/26

Keywords

Access Control
Common Criteria
Model Checking
Security Requirements
UML
Verification

ASJC Scopus subject areas

Information Systems and Management
Software

Access to Document

10.1109/RET.2014.6908674

Cite this

Aoki, Y., & Matsuura, S. (2014). Verifying security requirements using model checking technique for UML-based requirements specification. In 2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014 - Proceedings (pp. 18-25). [6908674] (2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/RET.2014.6908674

Verifying security requirements using model checking technique for UML-based requirements specification. / Aoki, Yoshitaka; Matsuura, Saeko.

2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2014. p. 18-25 6908674 (2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014 - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Aoki, Y & Matsuura, S 2014, Verifying security requirements using model checking technique for UML-based requirements specification. in 2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014 - Proceedings., 6908674, 2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014 - Proceedings, Institute of Electrical and Electronics Engineers Inc., pp. 18-25, 2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014, Karlskrona, Sweden, 14/8/26. https://doi.org/10.1109/RET.2014.6908674

Aoki Y, Matsuura S. Verifying security requirements using model checking technique for UML-based requirements specification. In 2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2014. p. 18-25. 6908674. (2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014 - Proceedings). https://doi.org/10.1109/RET.2014.6908674

Aoki, Yoshitaka ; Matsuura, Saeko. / Verifying security requirements using model checking technique for UML-based requirements specification. 2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 18-25 (2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014 - Proceedings).

@inproceedings{c20fbb67707c4f44902f6292c6caafb4,

title = "Verifying security requirements using model checking technique for UML-based requirements specification",

abstract = "Use case analysis is known to be an effective method to clarify functional requirements. Security requirements such as access or information control tend to increase the complexity of functional requirements, and therefore, need to be correctly implemented to minimize risks. However, general developers find it difficult to correctly specify adequate security requirements during the initial phases of the software development process. We propose a method to verify security requirements whose specifications are based on Unified Modeling Language (UML) using the model checking technique and Common Criteria security knowledge. Common Criteria assists in defining adequate security requirements in the form of a table. This helps developers verify whether UML-based requirements analysis models meet those requirements in the early stages of software development. The UML model and the table are transformed into a finite automaton in the UPPAAL model checking tool.",

keywords = "Access Control, Common Criteria, Model Checking, Security Requirements, UML, Verification",

author = "Yoshitaka Aoki and Saeko Matsuura",

note = "Publisher Copyright: {\textcopyright} 2014 IEEE.; 2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014 ; Conference date: 26-08-2014 Through 26-08-2014",

year = "2014",

month = sep,

day = "23",

doi = "10.1109/RET.2014.6908674",

language = "English",

series = "2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "18--25",

booktitle = "2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014 - Proceedings",

}

TY - GEN

T1 - Verifying security requirements using model checking technique for UML-based requirements specification

AU - Aoki, Yoshitaka

AU - Matsuura, Saeko

PY - 2014/9/23

Y1 - 2014/9/23

N2 - Use case analysis is known to be an effective method to clarify functional requirements. Security requirements such as access or information control tend to increase the complexity of functional requirements, and therefore, need to be correctly implemented to minimize risks. However, general developers find it difficult to correctly specify adequate security requirements during the initial phases of the software development process. We propose a method to verify security requirements whose specifications are based on Unified Modeling Language (UML) using the model checking technique and Common Criteria security knowledge. Common Criteria assists in defining adequate security requirements in the form of a table. This helps developers verify whether UML-based requirements analysis models meet those requirements in the early stages of software development. The UML model and the table are transformed into a finite automaton in the UPPAAL model checking tool.

AB - Use case analysis is known to be an effective method to clarify functional requirements. Security requirements such as access or information control tend to increase the complexity of functional requirements, and therefore, need to be correctly implemented to minimize risks. However, general developers find it difficult to correctly specify adequate security requirements during the initial phases of the software development process. We propose a method to verify security requirements whose specifications are based on Unified Modeling Language (UML) using the model checking technique and Common Criteria security knowledge. Common Criteria assists in defining adequate security requirements in the form of a table. This helps developers verify whether UML-based requirements analysis models meet those requirements in the early stages of software development. The UML model and the table are transformed into a finite automaton in the UPPAAL model checking tool.

KW - Access Control

KW - Common Criteria

KW - Model Checking

KW - Security Requirements

KW - UML

KW - Verification

UR - http://www.scopus.com/inward/record.url?scp=84908637078&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84908637078&partnerID=8YFLogxK

U2 - 10.1109/RET.2014.6908674

DO - 10.1109/RET.2014.6908674

M3 - Conference contribution

AN - SCOPUS:84908637078

T3 - 2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014 - Proceedings

SP - 18

EP - 25

BT - 2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2014 IEEE 1st International Workshop on Requirements Engineering and Testing, RET 2014

Y2 - 26 August 2014 through 26 August 2014

ER -

Verifying security requirements using model checking technique for UML-based requirements specification

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this