Security Models
Describes for use case diagrams, static models, and dynamic models security characteristics of the activities of the user, classes and functionalities in the system which are necessary to describe security relevant elements while considering separation of system and security concerns.
Specurity Aspects
Specification Elements
Name
Description
Specifies a class to contain non-secure functionality.
Specifies a class to contain either security logic or a security algorithm.
Specifies a class to store data or keys and how they are accessed.
Specifies that an activity in a use case requires the system to authenticate a subject.
Specifies that an activity in a use case requires the system to to enforce access control for an object.
Specifies that an activity in a use case requires the the system to encrypt a plain text.
Specifies that an activity in a use case requires the system to decrypt a ciphertext.
Specifies that an activity in a use case requires the system to to generate a value for plain text integrity checks usable by a receiver.
Specifies that an activity in a use case requires the system to perform an integrity check for a received value.
Specifies that an activity in a use case requires the system to generate a signature for non-repudiation of a plain text that can be verified by a receiver.
Specifies that an activity in a use case requires the system to verify a signature for non-repudiation of a plain text that can be verified by a receiver.
Security Aspects
Separation of Concerns
Separates functional and security concerns.- Specification Elements:
- Business Logic
- Database Wrapper
- Security Service
- Access Control
- Authenticate
- Check Integrity
- Check Non-repudiation
- Decrypt
- Encrypt
- Generate Integrity Check Value
- Provide Non-repudiation
- Threats:
- Elevation of Privileges
- Information Disclosure
- Repudiation
- Spoofing
- Tampering with Data
Specification Elements
Business Logic
Specifies a class to contain non-secure functionality.- Applies to:
- Entity
Security Service
Specifies a class to contain either security logic or a security algorithm.- Applies to:
- Entity
Database Wrapper
Specifies a class to store data or keys and how they are accessed.- Applies to:
- Entity
Authenticate
Specifies that an activity in a use case requires the system to authenticate a subject.Access Control
Specifies that an activity in a use case requires the system to to enforce access control for an object.Encrypt
Specifies that an activity in a use case requires the the system to encrypt a plain text.Decrypt
Specifies that an activity in a use case requires the system to decrypt a ciphertext.Generate Integrity Check Value
Specifies that an activity in a use case requires the system to to generate a value for plain text integrity checks usable by a receiver.Check Integrity
Specifies that an activity in a use case requires the system to perform an integrity check for a received value.Provide Non-repudiation
Specifies that an activity in a use case requires the system to generate a signature for non-repudiation of a plain text that can be verified by a receiver.Check Non-repudiation
Specifies that an activity in a use case requires the system to verify a signature for non-repudiation of a plain text that can be verified by a receiver.