Overview about Extension UML4PF-CC

UML4PF-CC is an extension of the UML4PF tool. The extension consists of a collection of further eclipse features for security analysis in compliance to Common Criteria. Additionally, UML4PF-CC extends the 
UML4PF (UML) profile with Common Criteria specific terminology. 
It is based on Eclipse (Version 3.5, Galileo) development environment and extends the eclipse plugin Papyrus, as well as the acceleo eclipse plugin. 

This extended UML profile serves to support model-based security requirements engineering method based on Michael Jackson's problem frames and compliant to Common Criteria. The UML profile allows developers to express the various models generated during security requirements analysis using UML diagrams. Integrity conditions (formally expressed as OCL constraints) are provided to automatically perform semantic validations associated with the method and they are applicable for single models as well as the coherence of various models. Moreover, specific conditions support the security reasoning process including threat analysis and security objectives elicitation. 

Model-based development is a promising approach to develop high-quality and secure software. The basic idea of model-based software development is to construct a sequence of models with ascending level of detail and cover different aspects of software development problems and their solutions. This procedure offers the advantage of multiple validation possibilities. Each model can be validated separately for desired properties. Additionaly, relationships between diagrammatic and formal models can be examined.

Problem frames are a means to describe software development problems. Michael Jackson defines them as follows: "A problem frame is a kind of pattern. It defines an intuitively identifiable problem class in terms of its context and the characteristics of its domains, interfaces and requirement."

UML4PF-CC aligns the terminology of the problem frames method with the Common Criteria and provides a structured method, which the intrested reader can find in the publications part of the homepage. Moreover, UML4PF-CC has the feature to transform the information documented in the models to HTML or LATEX documents that comply to the documentation demands of the standard.  

Acknowledgement

We appreciate  Chris Pels’ work in the design and implementation of the document generation module for the UML4PF-CC tool. His excellent work made this feature possible.

We appreciate  Nikolay Manolov's work in implementation of OCL validation functionality for UML4PF-CC tool. His excellent work made this feature possible.