Modeling security requirements for context aware system using UML

Modeling in general is “an abstract representation of a specification, design or system from a particular point of view”. System modeling is ”a technique to express, visualise, analyse and transform the architecture of a system”. The Unified Modeling Language (UML) is “a language for specifying, visualising, constructing, and documenting the artefacts of a software-intensive system as well as for business modeling and other non-software systems”. UML consists of different types of diagrams such as Use Case diagram, Activity diagram, State diagram and Class diagram. Each type of these diagrams concerns a different aspects of the system development process. Context-Aware Systems (CASs) are primarily associated with Pervasive/Ubiquitous Computing, which has became most prominent since the advent of smart phones and the inclusion of mobility features in computing devices. CASs can sense different aspects of their environment and use the dynamic Context Information (CI) to adapt their behavior accordingly. Hence, various precis of CI, such as User context, Physical context, Computer context and Time context, play a major role in controlling CAS behaviour and functions. Security is considered one of major challenges in CAS specially because such systems often gather sensitive user information; this information may compromise the security of the system if disclosed to unauthorised users. Thus, the design of a CAS must consider system security as a major requirement. Although security is II traditionally considered as a non-functional requirement and is delayed to a later stage of the system development lifecycle, this thesis insists that security must be considered as early as possible because of its high importance. This is also in line with the “secure by design” concept. Therefore, in this thesis the UML diagrams Use Case diagram, Activity diagram and State diagram will be enhanced in order to enable them to model a CAS and then capture its security requirements at the earliest possible stage of the software development process. The contribution to knowledge that this thesis makes is at least threefold, as outlined blow: • Enhancing Use Case diagram notations to express dynamic CAS functional behaviour by showing the influences of CI changes. These extended notations are then used to capture the CAS security requirements. • Enhancing Activity diagram notations in order to demonstrate and clarify the extended Use Case diagram by developing general diagram elements for CASs. This helps to show the data flow during the execution of a CAS function, and then present the security requirements. • Enhancing State diagram notations to depict dynamism and security of a CAS also at this level, and to ultimately support the enhancement on Use Case and Activity diagrams. These extended UML diagrams will be evaluated by applying them to a realworld Case Study to show their practical applicability. The case study is about an infostation-based mobile learning environment. This environment of Mobile Learning (M-learning) is deployed across a university boundary and provides a variety of services such ‘download lecture’ and ‘do exam’ to mobile users. III In conclusion, this research proposes and demonstrates an applicable approach to capture and model security requirements for CASs using innovative extensions of existing types of UML diagrams: Use Case, Activity and State.