In tandem with the growing important roles of software in modern society is the increasing number of threats to software. Building software systems that are resistant to these threats is one of the greatest challenges in information technology. Threat identification methods for secure software development can be found in the literature. However, none of these methods has involved automatic threat identification based on analyzing UML models. Such an automated approach should offer benefits in terms of speed and accuracy when compared to manual methods, and at the same time be widely applicable due to the ubiquity of UML. This paper addresses this shortcoming by proposing an automated threat identification method based on parsing UML diagrams.

Additional Metadata
Keywords Expert systems, Secure software development, Software threat identification, Software threat modeling, UML
Conference International Conference on Security and Cryptography, SECRYPT 2010
Citation
Yee, G. (George), Xie, X. (Xingli), & Majumdar, S. (2010). Automated threat identification for UML. Presented at the International Conference on Security and Cryptography, SECRYPT 2010.