Paper Authors

Abstract

NOTE: The first page of text has been automatically extracted and included below in lieu of an abstract

Using UML and security patterns to teach secure systems design Eduardo B. Fernandez, and María M. Larrondo Petrie

Department of Computer Science and Engineering, Florida Atlantic University, USA

Abstract. Our introductory course on data and network security presents an overview of the main topics of security and has a conceptual and design emphasis. There is a graduate and an undergraduate version of this course. A security course should encompass all the system architectural levels and provide a unifying conceptual approach or it becomes a collection of techniques and mechanisms to solve disjoint problems. For several reasons, formal methods are not appropriate for this purpose. The Unified Modeling Language (UML) is the accepted standard for software development and it is a visual language very appropriate for the description of system architecture. Software patterns are well established for software analysis and design as a way to improve reusability and reliability. We have adopted an approach that combines UML and patterns to present models and mechanisms for security. The students’ reaction to this approach has been very positive because they see the course as a way to learn not only security but also to reinforce their knowledge of object-oriented software design. We are also using this approach in a forthcoming security textbook.

1. Introduction

Software systems must be built using sound principles and methodologies to achieve good quality and avoid security problems. Students need to learn how to design systems in a systematic and conceptual way. This requires a unified understanding of how different mechanisms and subsystems work together to provide security. Most practical systems are quite complex, often containing or interacting with off-the-shelf components. Therefore, it is also necessary to be able to analyze existing systems in order to extend them or to combine them with new systems.

We teach a graduate1 and an undergraduate version2 of an introductory security course that presents an overview of the main topics of data and network security. We have intended from the beginning to present a conceptual, design-oriented course, explaining the reasons behind the many existing security mechanisms. Security encompasses all the system architectural levels and requires a unifying conceptual approach or it becomes a collection of techniques and mechanisms to solve disjoint problems. Without a conceptual approach every new system is a surprise, instead of being another manifestation or embodiment of known principles and approaches.

Formal methods are not appropriate for this purpose because the students may not have the appropriate mathematical background, and formal models may not exist for all the components of the system. Formal methods are not convenient to describe the structural properties of systems, a necessity in security analysis. The Unified Modeling Language3 (UML) is the accepted standard for software development and it is a visual language very appropriate for the

Proceedings of the 2005 Society for Engineering Education Annual Conference & Exposition Copyright © 2005, American Society for Engineering Education

• Citation

• Format
  • APA
  • APA - LaTeX bibitem
  • MLA
  • MLA - LaTeX bibitem
  • Bibtex
  • EndNote - RIS

Fernandez, E. B., & Larrondo Petrie, M. M. (2005, June), Using Uml And Security Patterns To Teach Secure Systems Design Paper presented at 2005 Annual Conference, Portland, Oregon. 10.18260/1-2--15106