 |
||||||
|
||||||
|
T1 - Developing Secure Web-based Applications with UML: Concepts and Tools Jan Jürjens and Johannes Grünbauer TU Munich Germany Abstract:
The high quality development
of security-critical web-based applications is difficult. Many
applications are developed and deployed that do not satisfy their security
requirements, sometimes with spectacular attacks.
Part of the difficulty of secure application development is that
correctness is often in conflict with cost. Where thorough methods of
system design pose high cost through personnel training and use, they are
all too often avoided. UML offers an unprecedented
opportunity for high-quality development of security-critical web-based
applications that is feasible in an industrial context. As the de-facto
standard in industrial modelling, a large number of developers is trained
in UML and may already use it. However, there are some
challenges one has to overcome to exploit this opportunity, such as
adaptation of UML to the application domain of security-critical web-based
applications and providing tool-support for development of these
applications with UML. The tutorial aims to give background knowledge on
using UML for developingsecurity-critical web-based applications and to
contribute to overcoming these challenges. As a major application, the
tutorial reports on how the UML-like computer-aided systems engineering
(CASE) tool AutoFocus has been applied to a web-based banking application
which is currently under development by a major German bank and is about
to be put to commercial use. The proposed tutorial is part of a series of 15 tutorials presented at international conferences, including IFIP SEC 2002, OMG DOCsec 2002, Applied Informatics 2003, OMG UML 2003, (see http://www4.in.tum.de/~juerjens/csdumltut History (user Participant, password Iwasthere)). |
|||||
