Object-Oriented Security Analysis and Modeling

Peter Herrmann, Heiko Krumm

Universität Dortmund, FB Informatik, LS IV, D-44221 Dortmund
E-Mail: {Peter.Herrmann| krumm}@cs.tu-dortmund.de

Abstract

The security analysis and protection of modern distributed information systems has to deal with the complexity, heterogeneity and broad interconnectivity of the systems. With respect to that our approach employs object-oriented modeling techniques in order to facilitate the analysis and to assure its quality even in case of extensive systems. The analysis efforts can concentrate on the creation of a model of the existing system, while threat and weakness identification, risk assessment, and countermeasure planning are substantially supported by automated tool-assistance. The tool moreover adopts conceptions of object-oriented design tools like the utilization of predefined class libraries and the use of graphical UML-based class and instance diagrams. Therefore the tool already supports the comfortable model creation. The following tasks correspond to model analysis, refinement and augmentation. They are supported by automated tool functions which apply enhanced object-oriented techniques like multiple class hierarchies, object patterns, and graph rewrite system based transformation rules. We report on the principles of the approach and clarify its application by means of an example.

Key Words

Security Analysis, Risk Analysis, Risk Assessment

Published in

9th International Conference on Telecommunication Systems - Modeling and Analysis, pages 21-32, Dallas, TX, USA, ATSMA, IFIP, 2001.

Obtaining the paper

Due to the copyright agreement between the publisher and the authors we are not allowed to make the paper available online. If you have problems to obtain it, please call us.