Page Areas:

Current Submenu:

Position Indication:


Conceptual Modeling of Generic Security Aspects

Student: Christine Artelsmair
Supervisor: A.Univ.-Prof. Dr. Josef Küng
Second Reviewer: Univ.-Prof. DDr. Gerald Quirchmayr
End: 31.12.2004

It is very difficult to make IT-systems secure as there are many different components and mechanisms involved such as operating systems, computer networks, and software engineering. Without a systematic methodology, security requirements are often retrofitted late in the design process or pursued separately from functional design. To fill this gap, this thesis presents guidelines for conceptual modeling of generic security aspects resulting into a so-called security engineering process which extends the software development process presented in [1]. The security engineering process will provide a rich set of expressive guidelines and functions, enforcing the integration of security aspects in early stages of the software development process. The basic building blocks of the process are high-level security requirements and mechanisms, which can be summarized in a so-called requirements/mechanisms matrix. The approach will be based on UML (Unified Modeling Language) which is a general-purpose, nonproprietary modeling language. UML includes all the concepts that are necessary to support a modern iterative software development process. [1] M. Hitz, G. Kappel, "UML@Work – Von der Analyse zur Realisierung", dpunkt.verlag, Heidelberg, 1999, ISBN 3-932588-38-X