Model-based security analysis for mobile communications

Jan Jürjens, Joerg Schreck, Peter Bartmann
2008 Proceedings of the 13th international conference on Software engineering - ICSE '08  
Mobile communication systems are increasingly used in companies. In order to make these applications secure, the security analysis has to be an integral part of the system design and IT management process for such mobile communication systems. This work presents the experiences and results from the security analysis of a mobile system architecture at a large German telecommunications company, by making use of an approach to Model-based Security Engineering that is based on the UML extension
more » ... ec. The focus lies on the security mechanisms and security policies of the mobile applications which were analyzed using the UMLsec method and tools. Main results of the paper include a field report on the employment of the UMLsec method in an industrial telecommunications context as well as indications of its benefits and limitations.
doi:10.1145/1368088.1368186 dblp:conf/icse/JurjensSB08 fatcat:yoqqj6zxofguxkyikneg7w6ide