Integrating a security requirement language with UML

We present an approach that integrates a language for precise and high-level specification of application security requirements, the Security Requirement Language (SRL), with an existing modeling technique, namely, the Unified Modeling Language (UML). SRL is based on first-order logic extended with a small set of modal operators and a syntactic abstraction mechanism. It offers extensibility in that new application/domain-specific requirements can be defined and reused. The focus of SRL is the security of communication in distributed systems. The integrated framework enables developers to add to system models security requirements, such as confidentiality, non-repudiation, and authentication, at an early stage of development, making security an integral part of the system development process. We illustrate the practical usability of our approach by presenting an example, and discuss the experiences that the users of our approach, i.e., system developers, have reported.