UMLsec is an extension to the Unified Modelling Language for integrating security related information in UML specifications. This information can be used for model based security engineering. Most security information is added using stereotypes and cover many security properties including secure information flow, confidentiality and access control. Using an attacker model these properties can be checked on a model level.
Contents
Development
It was first proposed by Jürjens et al. in 2002 and later revised and extended by the same author.
Profile definition
UMLsec is defined as lightweight extension for UML.
The profile is defined through a set of prototypes with properties (tag definitions) and constraints. UMLsec defines 21 stereotypes listed below.
Adversary model
To ensure security it is necessary to specify what kind of attacker is assumed. In UMLsec, the attacker model is defined through the threats that it poses. The table below defines the default adversary. Other adversaries may of course be defined.