Reputation: 9171
Security diagrams and UML
I want to draw up a diagram that will show the security of the application.
What UML diagram is most typically used for this task?
Is there a non UML diagram that is typically used for this task instead?
Upvotes: 1
Views: 1469
Answers (3)
Reputation: 4543
I think you should use the diagram that describes the system from the desired prespective (deployment diagram, class diagram, collaboration diagram etc.) and used stereotypes to assign security properties to appropriate objects.
Upvotes: 0
Reputation: 524
SDL Threat Modeling Tool 3.1.8 is an add-on to Visio http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=2955
Upvotes: 5
Reputation: 17258
To be a bit facetious, don't model the security of your application. Model the *in*security of your application instead. You can start with good models of your application's functionality (use cases), logical component structure and physical deployment, but use security methodologies instead of UML, which is focused on documenting what is there, rather than on what may be missing. Attack tree analysis, at least in the hands of a security thinker (one who thinks like an attacker rather than a defender), tends to identify quite a lot of vulnerabilities and suggest possible remedies.
Be aware that the creator of a system seldom is the best person to do a security analysis: we tend to be over-protective of our babies. You should be at hand to answer questions, but not be out to prove yourself right.
Upvotes: 1
Related Questions
- UML Class Diagram - questions on class diagram for user authentication
- UML: is this use case true for a user authentication?
- Simple Use Case Diagram - UML
- How to create the authentification step in a UML use case diagram?
- UML use case diagram check user rights
- UML - use case diagrams
- UML use case diagram (extends)
- UML: Use Case Diagram
- drawing UML Use case diagram
- UML diagrams- use case diagrams