Hi All
Hoping every thing is fine
i`m asking abut UML and its limitations(s) and
strength(s) for capturing or elicitating Security requirements .
please give me valuable points or any resources for that.
All the best
Saad
Modeling: all you need to know
I mention most of the security proposals for MDE (including those based on UML) in this paper :
Jordi Cabot,Nicola Zannone: Towards an Integrated Framework for Model-driven Security Engineering. Modeling Security Workshop (MoDELS’08). CEUR Workshop Proceedings: http://ceur-ws.org/Vol-413
I’d recommend taking a look at Bringing Security Home: A process for developing secure and usable systems.
http://www.softeng.ox.ac.uk/personal/Ivan.Flechais/downloads/nspw2003.pdf
I have used aspects of this process extensively with great success.
Regards,
– Doug
Thank you all.
actually i have read all you recommended papers or web.
I have got that UML digram has to types
1- behavior diagram as use case….
2- structure diagram as class diagram….
i would say that security diagram goes with behavior a little bite as it does considers as component of any system. it is just to take into account within development lifecycle.
so that i wondring how i use or express UML to capture any requirement either was security or other nonfunctional RE..