Information Technology Reference
In-Depth Information
for the composite structure diagram that is also contained in this package.
Connections between components contained in the composite structure dia-
gram are expressed using either simple connectors or lollipop notation.
2. As described in Sect. 3.2, GSCs refer to assets, and they are already equipped
with the
stereotype and corresponding tagged values. GSCs
connected in the structural view's composite structure diagram with other
GSCs or / and GNCs might allow the transmission of assets to these com-
ponents. According to the
critical
secure dependency
stereotype, these GSCs
or / and GNCs should be stereotyped
,too.Moreover,the
tagged values of these components should be equal to the tagged values of
GSCs that are connected to them.
critical
3.
use
in
the structural view's composite structure diagram should be stereotyped ac-
cording to the tagged values of the
dependencies between components stereotyped
critical
critical
stereotype. That is, if the
tag
{
secrecy
}
is assigned a value, then the corresponding
use
depen-
dency between the components should be stereotyped
secrecy
,andif
the tag
{
integrity
}
is assigned a value, then the corresponding
use
dependency between the components should be stereotyped
integrity
.
The dependencies stereotyped
use
between components and interfaces
of components labeled
critical
in the structural view's class diagram
should be stereotyped analogously.
Moreover, the behavioral views of GSAs are equipped with the
data se-
curity
contain-
ing a structure and a behavior diagram, the requirements defined in the structure
diagram using the
stereotype. Given a package stereotyped
data security
stereotype should be fulfilled with respect to
the behavior diagram and environment description (especially the malicious envi-
ronment and the value of the tag
critical
{
adversary
}
). We apply the stereotype
data
security
to the specification of the behavioral views of GSAs according to
the following procedure:
1. The behavioral view should be organized in a package stereotyped
data
.
2. The structural view previously discussed should be reused by importing the
corresponding package into the one of the behavioral view.
3. A specification in terms of a set of sequence diagrams should be included
in the behavioral view to describe the collaboration between the different
GSCs and GNCs contained in the GSA at hand.
4. The attacker model, i.e., especially the
security
{
adversary
}
tag, is not assigned
a value on the level of patterns. Instead, the attacker model is fixed when
instantiating GSAs (see Sect. 3.4 for details).
According to the described procedures, we have developed a catalog of GSAs
(see [14, pp. 160 ff.] for details) for each available CSPF.
GSA for CSPF Confidential Data Transmission Using Cryptographic
Key-Based Symmetric Encryption.
In the following, we present as an
