Bewertung und Vergle... Theses on offer Formale Beschreibung...

Student thesis

Analysis of protection objectives on the basis of component diagrams

(Original Title:Schutzzielanalyse anhand editierbarer Komponentendiagramme)

 

Abstract

Protection- targets written down during the specification phase and addressing the system's integrity and confidentiality properties, represent one main aspect of this work. In respect to the first part of this paper another aspect is formed by coarse granular UML component diagrams, created during the design phase. Aim of this work is to check, if it possible to detect violations of the given protection- targets, which can be addressed to the given system design. Due to the coarse granular system design, there are a lot of worst-case assumptions to be made. The results of the analysis on that level of view are very dominated by these worst-case assumptions. All detected violations are said to be potential ones. On the other hand, the effort necessary to do the analysis is not great at all as the analysis can be reduced to graphical considerations. For instance, the transitive closure of a graph is a main aspect.

To overcome worst-case results, the level of view was then changed to a more precise system design, which is specified using UML class diagrams, UML sequence diagrams and UML activity diagrams. The second part of the paper shows possibilities for a much more precise analysis on that level of inspection. Potential Violations appear only within exception cases, all other detected violations are definite. Furthermore there is the possibility to specify a concrete path leading to the point of violation.
These more precise results of course don't come without a cost: The effort to specify the system is higher than using only UML component diagrams. But as the development of an algorithm is included in that paper, a computerized analysis seems to be possible.

The third part of the paper describes the handling of the UML- components diagram editor, which was implemented using C# as programming language. It also shows that all demands associated with the program are completely fulfilled. Both special aspects of the implementation and requirements to install the program are explained further on. There are also some hints for a correct installation of the program.

Author: Matthias Igel

Tutor: Dipl.-Math. Jens Palluch