Bridging model-based and language-based security
Paper in proceedings, 2003

We present a way to support the development of software applications that takes into account confidentiality issues, and how the developed code can be automatically verified. We use the Unified Modelling Language (UML) together with annotations to permit confidentiality to be considered during the whole development process from requirements to code. We have provided support for software development using UML diagrams so that the code produced can be be validated by a language-based checker, in our case Jif (Java information flow). We demonstrate that the combination of model-based and language-based security is compelling.


Rogardt Heldal

Chalmers, Department of Computing Science

Computer Security - ESORICS 2003, 8th European Symposium on Research in Computer Security, Gjøvik, Norway, October 13-15. Proceedings. Lecture Notes in Computer Science

Vol. 2808 235-252
3-540-20300-1 (ISBN)

Subject Categories

Computer and Information Science



More information