Model-based Security Engineering with UML: The Last Decade and Towards the Future (Keynote)

摘要

The current state of the art in developing security-critical software and systems in practice is far from satisfactory: New security vulnerabilities are discovered on an almost daily basis. To address this problem, there has been a significant amount of work over the last 10 years on providing model-based development approaches based on the Unified Modeling Language which aim to raise the trustworthiness of security-critical systems (see Fig. 1 for a visualization of the main ideas and [6, 7, 2, 10, 8, 5, 1, 3, 4, 9] for some examples and overviews). Recently, model-based security has even managed to gain entry into Gartner's "hype cycle". This keynote talk gives an overview over some developments in this field over the last 10 years, discusses the current state of affairs with respect to foundations, tool-support and industrial applications, and considers what might be particularly promising current and future developments.