DOI:10.2298/CSIS101231014M

An Approach to Assess and Compare Quality of Security Models

Raimundas Matulevičius1, Henri Lakk1 and Marion Lepmets2

  1. Institute of Computer Science, University of Tartu
    J. Liivi 2, 50409 Tartu, Estonia
    rma@ut.ee, henri.lakk@gmail.com
  2. Centre for Public Research Henri Tudor – SSI
    29 Av. John F. Kennedy, L-1855 Luxembourg
    Marion.Lepmets@tudor.lu

Abstract

System security is an important artefact. However security is typically considered only at implementation stage nowadays in industry. This makes it difficult to communicate security solutions to the stakeholders earlier and raises the system development cost, especially if security implementation errors are detected. On the one hand practitioners might not be aware of the approaches that help represent security concerns at the early system development stages. On the other hand a part of the problem might be that there exists only limited support to compare different security development languages and especially their resulting security models. In this paper we propose a systematic approach to assess quality of the security models. To illustrate validity of our proposal we investigate three security models, which present a solution to an industrial problem. One model is created using PL/SQL, a procedural extension language for SQL; another two models are prepared with SecureUML and UMLsec, both characterised as approaches for model-driven security. The study results in a higher quality for the later security models. These contain higher semantic completeness and correctness, they are easier to modify, understand, and facilitate a better communication of security solutions to the system stakeholders than the PL/SQL model. We conclude our paper with a discussion on the requirements needed to adapt the model-driven security approaches to the industrial security analysis.

Key words

Model-driven security development, Modelling quality, PL/SQL, SecureUML, UMLsec.

Digital Object Identifier (DOI)

https://doi.org/10.2298/CSIS101231014M

Publication information

Volume 8, Issue 2 (May 2011)
Advances in Formal Languages, Modeling and Applications
Year of Publication: 2011
ISSN: 2406-1018 (Online)
Publisher: ComSIS Consortium

Full text

DownloadAvailable in PDF
Portable Document Format

How to cite

Matulevičius, R., Lakk, H., Lepmets, M.: An Approach to Assess and Compare Quality of Security Models. Computer Science and Information Systems, Vol. 8, No. 2, 447-476. (2011), https://doi.org/10.2298/CSIS101231014M