Internet and Wireless Security

M R C Sims
This chapter introduces the Security Modelling Language (SecML) an idea from BTexact Technologies. The SecML is a language, inspired by the Unified Modeling Language (UML), for specifying, visualising and documenting the security-related artefacts of a system. The language can be used to model systems at various levels of abstraction making it useful for tasks as diverse as designing key management protocols or analysing the threats against existing real-life systems. The SecML is mainly graphical and, although it could be written by hand or using general-purpose graphics tools, is intended to be written and drawn using software explicitly designed for the task. In this way any changes to elements in a model can automatically be reflected in the diagrams containing it. Context-sensitive menus can be used to edit and view additional information about elements not shown in the diagrams, such as software source code and design documentation.
This chapter does not present the full picture. Many of the ideas presented here are still in their infancy and some even conflict. Also, no formal definition of the language has yet been produced, but awaits a wider acceptance of the ideas. It is intended that this exposition will bring the ideas of the SecML to a wider audience, thus promoting discussion about its development and ideas about security modelling in general.
Creating a good model for an information system is essential for its successful design, development, maintenance and management. This...