Object-Oriented Security Analysis and Modeling
Universität Dortmund, FB Informatik, LS IV, D-44221 Dortmund
The security analysis and protection of modern distributed information systems has to deal with the
complexity, heterogeneity and broad interconnectivity of the systems. With respect to that our approach
employs object-oriented modeling techniques in order to facilitate the analysis and to assure its quality
even in case of extensive systems. The analysis efforts can concentrate on the creation of a model of the
existing system, while threat and weakness identification, risk assessment, and countermeasure planning
are substantially supported by automated tool-assistance. The tool moreover adopts conceptions of
object-oriented design tools like the utilization of predefined class libraries and the use of graphical
UML-based class and instance diagrams. Therefore the tool already supports the comfortable model creation. The
following tasks correspond to model analysis, refinement and augmentation. They are supported by automated
tool functions which apply enhanced object-oriented techniques like multiple class hierarchies, object
patterns, and graph rewrite system based transformation rules. We report on the principles of the approach
and clarify its application by means of an example.
Security Analysis, Risk Analysis, Risk Assessment
9th International Conference on Telecommunication Systems - Modeling and
Analysis, pages 21-32, Dallas, TX, USA, ATSMA, IFIP, 2001.
Obtaining the paper
Due to the copyright agreement between the publisher and the authors we are
not allowed to make the paper available online. If you have problems to
please call us.
Peter Herrmann, March 28, 2001
-- digital media copyright