Jan Jürjens
University of Koblenz and Landau
Network
Latest external collaboration on country level. Dive into details by clicking on the dots.
Publication
Featured researches published by Jan Jürjens.
Lecture Notes in Computer Science | 2002
Jan Jürjens
Developing secure-critical systems is difficult and there are many well-known examples of security weaknesses exploitedin practice. Thus a sound methodology supporting secure systems development is urgently needed.Our aim is to aid the difficult task of developing security-critical systems in an approach basedon the notation of the Unified Modeling Language. We present the extension UMLsec of UML that allows to express securityrelevant information within the diagrams in a system specification. UMLsec is defined in form of a UML profile using the standard UML extension mechanisms. In particular, the associatedc onstraints give criteria to evaluate the security aspects of a system design, by referring to a formal semantics of a simplifiedfragm ent of UML. We demonstrate the concepts with examples.
international symposium on theoretical aspects of computer software | 2001
Martín Abadi; Jan Jürjens
We compare two views of symmetric cryptographic primitives in the context of the systems that use them. We express those systems in a simple programming language; each of the views yields a semantics for the language. One of the semantics treats cryptographic operations formally (that is, symbolically). The other semantics is more detailed and computational; it treats cryptographic operations as functions on bitstrings. Each semantics leads to a definition of equivalence of systems with respect to eavesdroppers. We establish the soundness of the formal definition with respect to the computational one. This result provides a precise computational justification for formal reasoning about security against eavesdroppers.
fundamental approaches to software engineering | 2001
Jan Jürjens
We show how UML (the industry standard in object-oriented modelling) can be used to express security requirements during system development. Using the extension mechanisms provided by UML, we incorporate standard concepts from formal methods regarding multi-level secure systems and security protocols. These definitions evaluate diagrams of various kinds and indicate possible vulnerabilities.On the theoretical side, this work exemplifies use of the extension mechanisms of UML and of a (simplified) formal semantics for it. A more practical aim is to enable developers (that may not be security specialists) to make use of established knowledge on security engineering through the means of a widely used notation.
international conference on software engineering | 2005
Jan Jürjens
Developing security-critical systems is difficult and there are many well-known examples of security weaknesses exploited in practice. Thus a sound methodology supporting secure systems development is urgently needed.We present an extensible verification framework for verifying UML models for security requirements. In particular, it includes various plugins performing different security analyses on models of the security extension UMLsec of UML. Here, we concentrate on an automated theorem prover binding to verify security properties of UMLsec models which make use of cryptography (such as cryptographic protocols). The work aims to contribute towards usage of UML for secure systems development in practice by offering automated analysis routines connected to popular CASE tools. We present an example of such an application where our approach found and corrected several serious design flaws in an industrial biometric authentication system.
Requirements Engineering | 2010
Siv Hilde Houmb; Shareeful Islam; Eric Knauss; Jan Jürjens; Kurt Schneider
Building secure systems is difficult for many reasons. This paper deals with two of the main challenges: (i) the lack of security expertise in development teams and (ii) the inadequacy of existing methodologies to support developers who are not security experts. The security standard ISO 14508 Common Criteria (CC) together with secure design techniques such as UMLsec can provide the security expertise, knowledge, and guidelines that are needed. However, security expertise and guidelines are not stated explicitly in the CC. They are rather phrased in security domain terminology and difficult to understand for developers. This means that some general security and secure design expertise are required to fully take advantage of the CC and UMLsec. In addition, there is the problem of tracing security requirements and objectives into solution design, which is needed for proof of requirements fulfilment. This paper describes a security requirements engineering methodology called SecReq. SecReq combines three techniques: the CC, the heuristic requirements editor HeRA, and UMLsec. SecReq makes systematic use of the security engineering knowledge contained in the CC and UMLsec, as well as security-related heuristics in the HeRA tool. The integrated SecReq method supports early detection of security-related issues (HeRA), their systematic refinement guided by the CC, and the ability to trace security requirements into UML design models. A feedback loop helps reusing experience within SecReq and turns the approach into an iterative process for the secure system life-cycle, also in the presence of system evolution.
Lecture Notes in Computer Science | 2005
Stefan Wagner; Jan Jürjens; Claudia Koller; Peter Trischberger
Bug finding tools can find defects in software source code using an automated static analysis. This automation may be able to reduce the time spent for other testing and review activities. For this we need to have a clear understanding of how the defects found by bug finding tools relate to the defects found by other techniques. This paper describes a case study using several projects mainly from an industrial environment that were used to analyse the interrelationships. The main finding is that the bug finding tools predominantly find different defects than testing but a subset of defects found by reviews. However, the types that can be detected are analysed more thoroughly. Therefore, a combination is most advisable if the high number of false positives of the tools can be tolerated.
international conference on software engineering | 2007
Bastian Best; Jan Jürjens; Bashar Nuseibeh
Given the explosive growth of digitally stored information in modern enterprises, distributed information systems together with search engines are increasingly used in companies. By enabling the user to search all relevant information sources with one single query, however, crucial risks concerning information security arise. In order to make these applications secure, it is not sufficient to penetrate- and-patch past system development, but security analysis has to be an integral part of the system design process for such distributed information systems. This work presents the experiences and results of the security analysis of a search engine in the intranet of a German car manufacturer, by making use of an approach to model-based security engineering that is based on the UML extension UMLsec. The focus lies on the applications single-sign-on-mechanism, which was analyzed using the UMLsec method and tools. Main results of the paper include afield report on the employment of the UMLsec method in an industrial context as well as indications on its benefits and limitations.
acm symposium on applied computing | 2002
Jan Jürjens
Today many software systems need to take into account security considerations. While Software Engineering has been quite successful in ensuring that systems satisfy non-functional requirements such as dependability, less work has been done wrt. security requirements.In this work we present a software engineering method aiming to facilitate secure systems development, which is based on an extension of UML called UMLsec.
international conference on formal engineering methods | 2002
Guido Wimmel; Jan Jürjens
In specification-based testing, test sequences are generated from an abstract system specification to provide confidence in the correctness of an implementation. For security-critical systems, finding tests likely to detect possible vulnerabilities is particularly difficult, as they usually involve subtle and complex execution scenarios and consideration of domain-specific concepts such as cryptography and random numbers. We present research aiming to generate test sequences for transaction systems from a formal security model supported by the CASE tool AUTOFOCUS. The test sequences are determined with respect to the systems required security properties, using mutations of the system specification and attack scenarios. To be able to apply them to an existing implementation, the abstract test sequences are concretized.
formal aspects in security and trust | 2011
Mihhail Aizatulin; François Dupressoir; Andrew D. Gordon; Jan Jürjens
The security of much critical infrastructure depends in part on cryptographic software coded in C, and yet vulnerabilities continue to be discovered in such software. We describe recent progress on checking the security of C code implementing cryptographic software. In particular, we describe projects that combine verification-condition generation and symbolic execution techniques for C, with methods for stating and verifying security properties of abstract models of cryptographic protocols. We illustrate these techniques on C code for a simple two-message protocol.