A comparison of approaches for modeling software security requirements using unified modeling language extensions
The unified modeling language (UML) supports extension mechanisms called stereo-types, tagged values, and constraints to extend its modeling capabilities. These extension mechanisms are utilized to create new and customized profiles. Their applications in modeling emerging security requirements are...
Saved in:
| Published in | International Journal of Power Electronics and Drive Systems/International Journal of Electrical and Computer Engineering Vol. 15; no. 3; p. 2911 |
|---|---|
| Main Authors | , , , , , |
| Format | Journal Article |
| Language | English |
| Published |
01.06.2025
|
| Online Access | Get full text |
| ISSN | 2088-8708 2722-256X 2722-2578 2722-2578 |
| DOI | 10.11591/ijece.v15i3.pp2911-2927 |
Cover
| Abstract | The unified modeling language (UML) supports extension mechanisms called stereo-types, tagged values, and constraints to extend its modeling capabilities. These extension mechanisms are utilized to create new and customized profiles. Their applications in modeling emerging security requirements are discussed. To model authentication, availability, integrity, access control, confidentiality, data integrity, non-repudiation, authorization, encryption, hashing, and session mechanisms, a set of novel stereotypes is proposed in this paper. The proposed stereotypes inherit from baseline security requirements. Further, security concepts within the UML diagram are represented using these stereotypes. In addition, the proposed stereotypes were evaluated with the help of human subject evaluation using real-world scenarios to illustrate the usefulness of these stereotypes in modelling security requirements. The contribution of this paper is a stereotyped model security requirements and library of existing security notations with high quality symbols which can be incorporated in existing and new stereotypes and diagrams to facilitate the process of security requirement modelling. Results indicate that the proposed stereotyped model improves the modeling process of security requirements. It also provides a better representation of emerging security mechanisms in software design. Finally, during the software development process, stakeholders enjoy improved communication and understanding of security requirements. |
|---|---|
| AbstractList | The unified modeling language (UML) supports extension mechanisms called stereo-types, tagged values, and constraints to extend its modeling capabilities. These extension mechanisms are utilized to create new and customized profiles. Their applications in modeling emerging security requirements are discussed. To model authentication, availability, integrity, access control, confidentiality, data integrity, non-repudiation, authorization, encryption, hashing, and session mechanisms, a set of novel stereotypes is proposed in this paper. The proposed stereotypes inherit from baseline security requirements. Further, security concepts within the UML diagram are represented using these stereotypes. In addition, the proposed stereotypes were evaluated with the help of human subject evaluation using real-world scenarios to illustrate the usefulness of these stereotypes in modelling security requirements. The contribution of this paper is a stereotyped model security requirements and library of existing security notations with high quality symbols which can be incorporated in existing and new stereotypes and diagrams to facilitate the process of security requirement modelling. Results indicate that the proposed stereotyped model improves the modeling process of security requirements. It also provides a better representation of emerging security mechanisms in software design. Finally, during the software development process, stakeholders enjoy improved communication and understanding of security requirements. |
| Author | Hassan, Syed Muhammad Junaid Shahab, Aamir Tabba, Fatima Ali Alrammal, Muath Abu-Amara, Fadi Nadeem, Muhammad |
| Author_xml | – sequence: 1 givenname: Syed Muhammad Junaid orcidid: 0000-0001-8634-7547 surname: Hassan fullname: Hassan, Syed Muhammad Junaid – sequence: 2 givenname: Aamir orcidid: 0000-0002-6664-1359 surname: Shahab fullname: Shahab, Aamir – sequence: 3 givenname: Fatima Ali orcidid: 0009-0000-4530-5797 surname: Tabba fullname: Tabba, Fatima Ali – sequence: 4 givenname: Muath orcidid: 0000-0002-3240-6262 surname: Alrammal fullname: Alrammal, Muath – sequence: 5 givenname: Fadi orcidid: 0000-0002-1652-5990 surname: Abu-Amara fullname: Abu-Amara, Fadi – sequence: 6 givenname: Muhammad orcidid: 0000-0002-1769-7962 surname: Nadeem fullname: Nadeem, Muhammad |
| BookMark | eNqNkMlOwzAURS1UJErpP_gHUmwn8bCsKiapEpvuI8d5LkaJndoJJX9PByS2rN590j13ce7RzAcPCGFKVpSWij66TzCw-qKly1d9zxSlGVNM3KA5E4xlrBRydspEykwKIu_QMiVXk6IQBRG8nKPDGpvQ9Tq6FDwOFuu-j0GbD0jYhoi70EDr_B6nYIejjoATmDG6YcIRDqOL0IEfEh7TuTR6Zx00f1Sr_X7Ue8DwPYBPLvj0gG6tbhMsf-8C7Z6fdpvXbPv-8rZZbzOjlMiUlHlhrBBcMA6gVFnWNTV1oTgnUNSc0AZ43ZDTlxMjCy05YyJvdKmV1TRfIHWdHX2vp6Nu26qPrtNxqiipLvaqi73qYq-62qvO9k6svLImhpQi2P-jP8nufdg |
| ContentType | Journal Article |
| DBID | AAYXX CITATION ADTOC UNPAY |
| DOI | 10.11591/ijece.v15i3.pp2911-2927 |
| DatabaseName | CrossRef Unpaywall for CDI: Periodical Content Unpaywall |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | CrossRef |
| Database_xml | – sequence: 1 dbid: UNPAY name: Unpaywall url: https://proxy.k.utb.cz/login?url=https://unpaywall.org/ sourceTypes: Open Access Repository |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISSN | 2722-2578 |
| ExternalDocumentID | 10.11591/ijece.v15i3.pp2911-2927 10_11591_ijece_v15i3_pp2911_2927 |
| GroupedDBID | .4S .DC 8FE 8FG AAKDD AAYXX ABJCF ABUWG AFKRA ALMA_UNASSIGNED_HOLDINGS ARAPS ARCSS BENPR BGLVJ BPHCQ BVBZV CCPQU CITATION EOJEC HCIFZ I-F K6V K7- KWQ L6V M7S OBODZ OK1 P62 PHGZM PHGZT PQGLB PQQKQ PROAC PTHSS PUEGO TUS ADTOC M~E UNPAY |
| ID | FETCH-LOGICAL-c997-98834cf776726ee9955bb1cb49660e4b601de6bd060e30c84a862273da5a9fa13 |
| IEDL.DBID | UNPAY |
| ISSN | 2088-8708 2722-256X 2722-2578 |
| IngestDate | Sun Sep 07 10:51:58 EDT 2025 Wed Oct 01 06:01:11 EDT 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | false |
| IsScholarly | true |
| Issue | 3 |
| Language | English |
| License | http://creativecommons.org/licenses/by-sa/4.0 |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c997-98834cf776726ee9955bb1cb49660e4b601de6bd060e30c84a862273da5a9fa13 |
| ORCID | 0000-0002-6664-1359 0000-0001-8634-7547 0000-0002-1769-7962 0000-0002-1652-5990 0009-0000-4530-5797 0000-0002-3240-6262 |
| OpenAccessLink | https://proxy.k.utb.cz/login?url=https://doi.org/10.11591/ijece.v15i3.pp2911-2927 |
| ParticipantIDs | unpaywall_primary_10_11591_ijece_v15i3_pp2911_2927 crossref_primary_10_11591_ijece_v15i3_pp2911_2927 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 2025-06-01 |
| PublicationDateYYYYMMDD | 2025-06-01 |
| PublicationDate_xml | – month: 06 year: 2025 text: 2025-06-01 day: 01 |
| PublicationDecade | 2020 |
| PublicationTitle | International Journal of Power Electronics and Drive Systems/International Journal of Electrical and Computer Engineering |
| PublicationYear | 2025 |
| SSID | ssib044740765 ssj0000866295 |
| Score | 2.3139477 |
| Snippet | The unified modeling language (UML) supports extension mechanisms called stereo-types, tagged values, and constraints to extend its modeling capabilities.... |
| SourceID | unpaywall crossref |
| SourceType | Open Access Repository Index Database |
| StartPage | 2911 |
| Title | A comparison of approaches for modeling software security requirements using unified modeling language extensions |
| URI | https://doi.org/10.11591/ijece.v15i3.pp2911-2927 |
| UnpaywallVersion | publishedVersion |
| Volume | 15 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVHPJ databaseName: ROAD: Directory of Open Access Scholarly Resources customDbUrl: eissn: 2722-2578 dateEnd: 99991231 omitProxy: true ssIdentifier: ssib044740765 issn: 2722-2578 databaseCode: M~E dateStart: 20110101 isFulltext: true titleUrlDefault: https://road.issn.org providerName: ISSN International Centre – providerCode: PRVPQU databaseName: East & South Asia Database customDbUrl: eissn: 2722-2578 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0000866295 issn: 2088-8708 databaseCode: BVBZV dateStart: 20110901 isFulltext: true titleUrlDefault: https://search.proquest.com/eastsouthasia providerName: ProQuest – providerCode: PRVPQU databaseName: ProQuest Central customDbUrl: http://www.proquest.com/pqcentral?accountid=15518 eissn: 2722-2578 dateEnd: 99991231 omitProxy: true ssIdentifier: ssj0000866295 issn: 2088-8708 databaseCode: BENPR dateStart: 20110901 isFulltext: true titleUrlDefault: https://www.proquest.com/central providerName: ProQuest – providerCode: PRVPQU databaseName: ProQuest Technology Collection customDbUrl: eissn: 2722-2578 dateEnd: 99991231 omitProxy: true ssIdentifier: ssj0000866295 issn: 2088-8708 databaseCode: 8FG dateStart: 20110901 isFulltext: true titleUrlDefault: https://search.proquest.com/technologycollection1 providerName: ProQuest |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3PT8IwFG4AD578ETVilPTgdbh267YeiYEQE4kmkOBpabvOoGQgYxI9-Lf7uh-AHox627K8bX3t9r739vZ9CF0qhwjAwcJyXEEhQYl8S1DlWzLmgU2FAoyfs30OvP7IvRmzcQ3Z1b8w29_vIdKSq8mTVrr9StgEkr45hWfTopz6dbTjMUDfDbQzGtx1HoyGnA95FUTw8WbbD6rmnR9O9SUi7WbJXLytxHS6FWZ6--i-usGiu-S5nS1lW71_4278ywgO0F6JOXGnWCSHqKaTI_TSwWqtQYhnMa7YxXWKAcjiXCIH4hpO4UW9EguN01LqDi-0aR_O64opNo3zjzhLJjGA2Y1VVQfFeZXdlOTSYzTsdYfXfavUX7CU4WjlQeC4KjZ0P9TTmnPGpCRKuobQU7sSUrlIezKyYc-xVeAKyI4ADUWCCR4L4pygRjJL9CnCHpVG2Jq4ESeuJnAcriA5cyhnQhHeRKSagnBesGyEeXYC_gtz_4W5_8LCf6HxXxPR9Vz92ujsP0bnqLFcZPoC0MdStlD99qPbKpfdJz152O0 |
| linkProvider | Unpaywall |
| linkToUnpaywall | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3PT4MwFG7mdvDkj6hxRk0PXpm0tECPi3FZPCyabMk8kbYUM13YHMNF_3pf-bFND0a9QcgD-lp433s8vg-hK-0RCThYOh6TFBKUOHAk1YGjEhG6VGrA-AXb58Dvj9jdmI8byK3_hdn-fg-RllxPno02nTfCJ5D0zSk8mw4VNNhBLZ8D-m6i1mhw3320GnIB5FUQwceb7SCsm3d-ONWXiLSbp3P5vpLT6VaY6e2jh_oGy-6Sl06-VB398Y278S8jOEB7FebE3XKRHKKGSY_QaxfrtQYhniW4Zhc3GQYgiwuJHIhrOIMX9UouDM4qqTu8MLZ9uKgrZtg2zj_hPJ0kAGY3VnUdFBdVdluSy47RsHc7vOk7lf6Coy1HqwhDj-nE0v1Q3xghOFeKaMUsoadhClK52PgqdmHPc3XIJGRHgIZiyaVIJPFOUDOdpeYUYZ8qK2xNWCwIMwSOwxWU4B4VXGoi2ojUUxDNS5aNqMhOwH9R4b-o8F9U-i-y_msjup6rXxud_cfoHDWXi9xcAPpYqstqwX0CLHbXvA |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+comparison+of+approaches+for+modeling+software+security+requirements+using+unified+modeling+language+extensions&rft.jtitle=International+journal+of+electrical+and+computer+engineering+%28Malacca%2C+Malacca%29&rft.au=Hassan%2C+Syed+Muhammad+Junaid&rft.au=Shahab%2C+Aamir&rft.au=Tabba%2C+Fatima+Ali&rft.au=Alrammal%2C+Muath&rft.date=2025-06-01&rft.issn=2088-8708&rft.eissn=2722-2578&rft.volume=15&rft.issue=3&rft.spage=2911&rft_id=info:doi/10.11591%2Fijece.v15i3.pp2911-2927&rft.externalDBID=n%2Fa&rft.externalDocID=10_11591_ijece_v15i3_pp2911_2927 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2088-8708&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2088-8708&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2088-8708&client=summon |