Overview about Extension UML4PF-Trust

UML4PF-Trust is an extension of the UML4PF tool. The extension consists of a collection of further eclipse features for security analysis in compliance to Common Criteria. Additionally, UML4PF-CC extends the 
UML4PF (UML) profile for Trust and Reputation specific terminology. 
It is based on Eclipse (Version 3.5, Galileo) development environment and extends the eclipse plugin Papyrus, as well as the acceleo eclipse plugin. 

This extended UML profile serves to support model-based security controls considering trust and reputation concepts engineering method based on Michael Jackson's problem frames. The UML profile allows developers to express the various models generated during security requirements analysis using UML diagrams. Integrity conditions (formally expressed as OCL constraints) are provided to automatically perform semantic validations associated with the method and they are applicable for single models as well as the coherence of various models. Moreover, specific conditions support reasoning about trust and reputation including eliciting trust and reputation relations and consequent security objectives elicitation. Finally, proposing trust and reputation engines to addess the security objective(s) 

Model-based development is a promising approach to develop high-quality and secure software. The basic idea of model-based software development is to construct a sequence of models with ascending level of detail and cover different aspects of software development problems and their solutions. This procedure offers the advantage of multiple validation possibilities. Each model can be validated separately for desired properties. Additionaly, relationships between diagrammatic and formal models can be examined.

Problem frames are a means to describe software development problems. Michael Jackson defines them as follows: "A problem frame is a kind of pattern. It defines an intuitively identifiable problem class in terms of its context and the characteristics of its domains, interfaces and requirement."

UML4PF-Trust aligns the terminology of the problem frames method with the trust and reputation terminology and provides a structured method, which the intrested reader can find in the publications part of the homepage. Moreover, UML4PF-Trust has the feature to transform the information documented in the models to HTML or LATEX documents that comply to the documentation demands of the standard.