The working package AP 5.1.3 deals with descriptions of security requirements on the modeling
level of UML statecharts as well as with automatic checking of UML statecharts against such
descriptions. We use textual annotations to introduce information-flow constraints in UML stat-
echarts. The constraints concern mainly authentication, declassification, and sanitization errors.
The annotations are automatically loaded by information-flow checkers that check whether the
imposed constraints hold or not. For the purpose of checking, the UML statecharts are trans-
formed into C source code, and errors traces are presented as UML sequence diagrams. Together
with the checkers, we developed an annotation language editor, a UML statechart editor and a
source code generator. All the implementation uses Eclipse Modeling Framework. The ex-
perimental results show that this approach is effective and could potentially be further applied
to other types of UML models and to programming languages other than C in order to detect
different types of vulnerabilities.
Our results use and build upon SIBASE working packages 5.1.2, 5.1.4 and 5.2.1.
«
The working package AP 5.1.3 deals with descriptions of security requirements on the modeling
level of UML statecharts as well as with automatic checking of UML statecharts against such
descriptions. We use textual annotations to introduce information-flow constraints in UML stat-
echarts. The constraints concern mainly authentication, declassification, and sanitization errors.
The annotations are automatically loaded by information-flow checkers that check whether the
imposed constraints h...
»
Login
BibTeX