Information Technology Reference
In-Depth Information
connectors
,and
required
and
provided interfaces
(see Sects. 3.2 and 3.3 for de-
tails). For this reason, we specify our architectural security patterns based on
different kinds of UML2.3 diagram types, i.e., class diagrams, composite struc-
ture diagrams, and sequence diagrams. Moreover, we use
UMLsec
[8] to pick up
results from security requirements analysis, and to annotate the different UML
diagrams representing the structural and behavioral views of architectural secu-
rity patterns accordingly. Since UMLsec is a profile for UML1.5
2
, we developed
a UML2.3-compatible profile called
UMLsec4UML2
that adopts the UML1.5-
compatible profile UMLsec. The UMLsec4UML2-profile, all examples shown in
this paper, as well as additional material are published in a technical report [15].
We constructed the UMLsec4UML2-profile using the
Papyrus UML
3
editing
tool. as a UML2.3 profile diagram. It defines several
stereotypes
and
tags
.Stereo-
types give a specific meaning to the elements of a UML diagram they are attached
to, and they are represented by labels surrounded by double angle brackets. A
tag or tagged value is a name-value pair in curly brackets associating data with
elements in a UML diagram.
The original version of UMLsec for UML1.5 is complemented by a tool suite
4
that supports static checks for stereotypes that restrict structural design models,
a permission analyzer for access control mechanisms, and checks integrated with
external verification tools to verify stereotypes that restrict behavioral design
models. Basically, models created based on the UMLsec4UML2-profile can be
verified using this tool suite. However, the UMLsec4UML2-profile introduces
a novel way to verify models directly within the UML editing tool. For this
purpose, the UMLsec4UML2-profile is enriched with constraints denoted in the
Object Constraint Language
(OCL)
5
, which is part of UML2.3. OCL is a formal
notation to describe
constraints
on object-oriented modeling artifacts. The static
checks available in the tool suite of the original version of UMLsec are covered
by the OCL constraints that are integrated into the UMLsec4UML2-profile.
We use the UMLsec4UML2-profile in the subsequent sections to specify struc-
tural as well as behavioral views of architectural security patterns. There, we also
explain details about the profile where necessary.
3.2
Generic Security Components
The
generic security components
(GSC)discussedinthissectionconstitutepat-
terns for software components that realize concretized security requirements. We
call them “generic”, because they are a kind of conceptual pattern for concrete
software components. They are
platform-independent
6
.AnexampleforaGSC
is an encryption component defined neither referring to a specific encryption al-
gorithm nor cryptographic keys with a certain structure and length. In addition
2
http://www.omg.org/cgi-bin/doc?formal/03-03-01
3
http://www.papyrusuml.org/
4
http://www.umlsec.de/
5
http://www.omg.org/docs/formal/06-05-01.pdf
6
The term
platform-independent
is defined according to the Model-Driven Architec-
ture (MDA) approach (
http://www.omg.org/mda/
).