June 12, 2005
June 12, 2005
June 15, 2005
10.1435.1 - 10.1435.10
Using UML and security patterns to teach secure systems design Eduardo B. Fernandez, and María M. Larrondo Petrie
Department of Computer Science and Engineering, Florida Atlantic University, USA
Abstract. Our introductory course on data and network security presents an overview of the main topics of security and has a conceptual and design emphasis. There is a graduate and an undergraduate version of this course. A security course should encompass all the system architectural levels and provide a unifying conceptual approach or it becomes a collection of techniques and mechanisms to solve disjoint problems. For several reasons, formal methods are not appropriate for this purpose. The Unified Modeling Language (UML) is the accepted standard for software development and it is a visual language very appropriate for the description of system architecture. Software patterns are well established for software analysis and design as a way to improve reusability and reliability. We have adopted an approach that combines UML and patterns to present models and mechanisms for security. The students’ reaction to this approach has been very positive because they see the course as a way to learn not only security but also to reinforce their knowledge of object-oriented software design. We are also using this approach in a forthcoming security textbook.
Software systems must be built using sound principles and methodologies to achieve good quality and avoid security problems. Students need to learn how to design systems in a systematic and conceptual way. This requires a unified understanding of how different mechanisms and subsystems work together to provide security. Most practical systems are quite complex, often containing or interacting with off-the-shelf components. Therefore, it is also necessary to be able to analyze existing systems in order to extend them or to combine them with new systems.
We teach a graduate1 and an undergraduate version2 of an introductory security course that presents an overview of the main topics of data and network security. We have intended from the beginning to present a conceptual, design-oriented course, explaining the reasons behind the many existing security mechanisms. Security encompasses all the system architectural levels and requires a unifying conceptual approach or it becomes a collection of techniques and mechanisms to solve disjoint problems. Without a conceptual approach every new system is a surprise, instead of being another manifestation or embodiment of known principles and approaches.
Formal methods are not appropriate for this purpose because the students may not have the appropriate mathematical background, and formal models may not exist for all the components of the system. Formal methods are not convenient to describe the structural properties of systems, a necessity in security analysis. The Unified Modeling Language3 (UML) is the accepted standard for software development and it is a visual language very appropriate for the
Proceedings of the 2005 Society for Engineering Education Annual Conference & Exposition Copyright © 2005, American Society for Engineering Education
Fernandez, E. B., & Larrondo Petrie, M. M. (2005, June), Using Uml And Security Patterns To Teach Secure Systems Design Paper presented at 2005 Annual Conference, Portland, Oregon. 10.18260/1-2--15106
ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2005 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015