Secure Systems Development with UML

Jan Jürjens Secure Systems Development with UML Jan Jürjens Secure Systems Development with UML With 79 Figures 123 ...

Author: Jan Jürjens

49 downloads 1144 Views 2MB Size Report

This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
Report copyright / DMCA form

DOWNLOAD PDF

Jan Jürjens Secure Systems Development with UML

Jan Jürjens

Secure Systems Development with UML With 79 Figures

123

Jan Jürjens Dep. of Informatics Software and Systems Engineering Technische Universität München Boltzmannstr. 3 85748 München/Garching e-mail: [email protected]

Library of Congress Control Number: 2004112217

ACM Computing Classification (1998): D.2.2, D.2.4 ISBN 3-540-00701-6 Springer Berlin Heidelberg New York

This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilm or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable for prosecution under the German Copyright Law. Springer is a part of Springer Science+Business Media springeronline.com © Springer-Verlag Berlin Heidelberg 2005 Printed in Germany The use of general descriptive names, registered names, trademarks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. Cover design: KünkelLopka, Heidelberg Production: LE-TeX Jelonek, Schmidt & Vöckler GbR, Leipzig Typesetting: by the Authors Printed on acid-free paper 45/3142/YL - 5 4 3 2 1 0

! " # $ % &'& "& ' & %

(

)

# $

* ! +,,- !

!

. !

/ . 0 !

( (

Æ ) & .

.

.

.

.

1 .

.

!

2

0

. . )

.

" %

.

! 3 4 "!34% . .

5 . 6'

.

.

* # $ .

.

.

0

' 7--8

) . .

2 9

.

. Æ '

.

Æ

: 1

6 ' "6'% (

Æ ; ) 6' -

8+L

) H MM

& < & 8,

87

9 & & MN

8L

) &

88

G7

G-

8>

9 GL

& ' >+

G>

&

>7

) / ! & N-

>L

8

>>

>L+

,-

>L7

,,

9 & ? ++N >8+

) 87

9 +7-

>8L

4 ; * ) +77

* ) +7> >>+

' / 5 . ) +7>

>>7

5 ) & +7G

>>L

) 4 ) +7G

>>8

A 4 0 >>

4 =. +7N

>>M

4 & ) ! M

+7,

>G

9 +7,

( ) ( M+

M7

+LL

4 6' +

. ' > M8+

& A +>>

M87

+>N

MM

9 +>,

* ' +! +

+M+

G+

6' ' +M+

G7

6' ' & +M,

GL

H

G8

HA & +GM

G>

H ) & +GG

+G7

G>+

H +N-

G>7

& +N7

G>L

! +N8

G>8

) +N>

G>>

* +N>

G>M

& !

* +NG

GM

+NN

GG

9 +N,

, +! ! ! % N+

N++

N7

+,+

* & * 6' +,+ A L

L

8

M G * & 9 6' 7M7 +

87

6' >7

8L

6 >L

7-

88

>8

8>

H >M

8M

8G

8N

4

8,

3 M+

. >G

8+- &

.

>N M-

ML

8++

8+7 * ; MG 8+L &

; G+

8+8 &

;

G7

>+

4 ; GM

>7

4 ;

GN

>L

/ & . N+

>8

H & . N>

>>

M

=& ,+

>G

& N

H ,

+--

>+- +-+ >++ ; +-+ >+7 & +-L >+L ; +-8 >+8 ; +-8 >+> & +-> >+M / +-M >+G & ++L >+N H ++8 >+, H ; ++> >7- H ; ++> >7+ & ++M >77 A +7+ >7L A +7+ >78 A : +77 >7> * ; ) +7L >7M * ; +78 >7G ) +7M M+

'=* .; +L8

M7

'=* .; +L>

ML

6 '9H +LG

M8

6' +L,

M>

+8-

MM

= B +8>

MG

& +8G

MN

& +8N

M,

+8N

M+- + M+7 & 2 +>8 G+

6' ' +ML

G7

5 6' ' +MG

GL

4 6' ' +MN

G8

5 6'& +G7

G>

5 6'& " % +GL

GM

& +GL

N+

4 ; 7-G

N7

& 7-,

NL

4 7+-

N8

4 7+-

N>

4 7++

NM

4 7++

NG

4 ; 7+7

NN

4 7+7

N,

6' ' 7+M

N+- ) 7+N N++ ) 4 7+N N+7 ) 4 7+, 5+

6' ' 7>-

' 5 '

.

) .

2

! B . ) . ! !

".

.%

# ! 9 Æ ' : * D,>E +G .

& D&GNE '

. * +,,G

&) . . 6& 9

9

6&

,++ 1 9E ' # .

B

B $ "H % ! D&,,E N>Q E

D&,,E . D) -+E &

!

( ' !

#

$; ! 1 .

&

# $ D1,> 'A,NE *

; 4

*

(

.

. . &

D) -+E 0

* '

D'-+ -+E

) 7--+

)

' !

7--

D5N+E Æ

D'E

6' '

:

.

. ( . =

:

:

5 6' ' . 2

6' 5 6'

. 6'

D57

6'

* 78

D&GNE !

;

;

;

;

" ;;

" ;;

%

%

" ;;

%

& 4 "$% 47 5 «data security»

Secure channel

C:Client «critical» ; ; ; ;8 9

3

:

'-

3

«critical» S:Server ; ; ;

«send»

3

:

3

«send» init(n:Data,k:Key,cert:Exp) xchd(mstr:Exp)

resp(shrd:Exp,cert:Exp)

S:Server

C:Client

8

8 33 99

8 33 33 9 8 33 9

8 9

!

"%

" %

!

+--- (

"%

.

! * 7>

.

6

"%

"%

.

)

2

Customer account rm(): Data wm(x: Data) rx(): Boolean

«no down−flow» rm()/return(money)

rm()/return(money)

rx()/return(false)

rx()/return(true) «critical» Account {high={wm,rm,money}}

wm(x) [money>=1000] ExtraService

money: Integer rm(): Data wm(x: Data) rx(): Boolean

/money:= money+x wm(x)

/money:= money+x

NoExtraService

[moneyE # ANN ),ME ) D'=/,M A5,,E ) .

D4H1N+E 6 1 .?

. 0 1 )

.

.

.

A Æ

. ! " % . ! ;

(

(

.

'

DA,, +GE )

2

1

.

!" 1

"

!

.

# $

=

$

%$ & )

$ !

.

!

.' 4 " 6

.

& (

'

&

% "

!

& (

%

"

$

.

.

)

!

$

" % )

" %

' ( )

D5GLE !

$

(

(

* ; 1

.

:$ ;

(

:

# :$

#

: (

)( $ DA'N8E

;

DGLE

:

&

. 0 1

& =

; $ & R

*%+&

&

'( )( * 6 ' "6'% DH?5,,E

! A 6' D&,, *-8E 0

6' +> D6'-LE

6' ( . ( ! . . ;

(

;

=

"

%

;

0 B D0A,GE

,

&

:

" .

%

( . (

= $1 >0 ' @ &? 4 1 # A A

. B !

)

(

.

* .

!

. . )

11 3 ! 6 6

)

)

4

)

* L+ ) .

= .

) .

"

) * L+

buys good sells good

Customer

Business

)

. 0 1

11 3 ! ) #

&

)

$ D6'-L A+-E )

#

)

$ D6'-L A8E 1

(

)

!

)

. 9 . !

( . )

6'

R & L7N

6' )

)

% "

"

% ! . ! * * L7

)

1

6

*

!

;

6

11 ! 6' D6'-LE

. B

*

«Interface»

«Interface»

sending

receiving

send(d:Data)

receive():Data «send»

Sender

Receiver receive():Data transmit(d:Data)

send(d:Data)

% 0 D0A,GE )

#

$

D6'-L A+8E & " %

" % ) " , " % 1

%

1 )

*

. * LL )

D E

S S

" %

"

%

" " %%

;S

.

" %

" % " " %%

"%

!

"%

R

A

R

.

+

. 0 1 ) * LL

"

#

% ) "

#

1

#

&

"

%

" ;;

send(d)

entry/i:=i+1

Wait

/request()

" "% S

"

;;

Request

return(K,C)

> 8 9 ; 33 ? 8 33 9

Send

4

11" 7 ! ) , # !

)

" % " %$ D6'-L A+LE 4

1

*

*

1

C " # # 4 ...

. B

-

2 (

;;S " "

5 " * " " " " %%%

* L8

. DE

!

) * L8 !

"

" ;; %

" " %% S !

" ;; % " ;; % .

.

. !

& >7

C:Client

Si :Server

8

8 33 99

8 33 9

> 8 8 99 ; 8 8 8 999 ; ?

8 33 9

> 8 8 99 ; ?

8 9

33; 33; 33; 33; 33; 8 8 99 33; 33; 8 8 8 999 47 A " # # 4 ...

.

. 0 1

11& ' ! ) 6' +

D6'-L L+>ME

$

*

& *

$

11) ! ! ) #

$ D6'-L AME

. ) = 6' 1 (

*

.

. 1 6' '

.

.

.

6' '

&

6' ! *

*

& L+

. (

.

1

"%

&

.

!

6'

.. A "D

& 8+

"%

&

.

R

. *

.-

=

2

. *

. .

&

.

.

; ! .

* .

6'

"%

!

"

&

% ;

* !

"%

)

( $4

*

.

$4

. "% " % . " %

!

;

6' '

Æ

6' ;

)

"% "%

"%

4

&

.

&

;S

;S

(

;

@ 4 .) .* #" " # @ B 4 *(

&

. 0 1

"+% . .

"7%

.

"L% . "8%

" %

.

!

(

(

"%

.

0

6'

" % !

&

(

. .

.

"%

. *

! .

.

.

* 6'

!

! Æ

&

"

6' '

LL7 "8% ;

"+% ) "7% "L% "8%

.

. & 8+

.. A "D )

$"

O

$" $"

O

&'

11& ! =

2

* . &

2 6' & >+ ! 2 . 1 D9TNLE

. 1

:

2

'

.

.

.

& LL8 =

.

8 1 1 .

" ( " / " ( 0 /

&

. 0 1 . & LL8

.

.

.

( 1 1 2 *

6'

2 # $

:

Æ D)--E ) 2 & LLL; . ) H&)

2

# $ DA5,,E

.

.

! 2

. 2 ; .

.

* .

* !" ;; $4

5

'

!

.

.

!

. !

)

.

. .

.

.

. .

.

.

.. A "D

&.

2 ;

(

!

(

8 11 $4 " 0 ( ( ( ( " 0 / ' S $4 0 (

( ( /

! #$ :

:

)

:

*

.

S

$4

. .

.

. (

.

' 2

8 11 ( 0 ( / . "% (

( ( "

0 "

( "

0 , ,

/

%

&&

. 0 1

D'=/,M L>,E DA-LE * ; !

(

.

9(

!

!

+ 1"1 ( 0 ( / ' 3 4 ( ( ( 0 0 ( ( /

.

. !

*

DA-LE )

2 . "

%

1

DA,M A-LE

2 (

+ ; 6 ; )

.

;

#" =

.. A "D

&(

5 ; 6

.

& LL8 *

8 1&1 & 6

( 0 ( / 5 9 L>

6

& LLL ( Æ

6

& & G>>

! +% 1 . :

Æ

* ;

(

& L+ 6' ' A

&

!

!

!

LL8

;

!

! 8 1)1 0 ( 5 : ( ( , 9 $ ( , "% "9%0 S 9 S : ( ( , 9 $ ( , "% "9%0 S 9 S /

&)

. 0 1 !

( %

:

$

"

. ,E * 87 )

9

! # $ # $ ; 6'

#"

#

! " "

1 1 1 1

" " " # " #" " " 1 #" " " #" " #" "

$E #"

$E #" #" #

#"

#

" AC ,4 " "

0 % #"

4"

"

" " #" 1 " " " "

$E $E #

"

$ #

% "

E E # #

1 " # " 7

"

AC

,4 " " " #

$#

$ 7

5

&' B ('

( & $# 4 " 6 ! 4" !"

F

F "

" ' # F # F " # " F # F # 8 9 F # 8 9 F " F " 8# F 9 " 8 9 F F

F " 1 " ' " " " ' " " 8# F 9 " " 8 9 F # '

5 " " # B " " " " " $

" " " " " " #

! 2 1

* 8+ 87

6'

& LL &

!

S

"! %

!

* 8M

.

& LL8 !

2

!

S

!

* * 87 V

2

&' B

(.

! . 6 .

!

2 *

.

+----

!

()

& $# 4 " 6

-

!

$

& 87 .

& ML 0 .

Granting a credit «rbac» {role=(supervisor, credit approver)} {right=(credit approver, authorize credit)} {protected="authorize credit"}

Employee

Supervisor

obtain customer details set up credit

[credit>10.000]

authorize

[otherwise]

credit

transfer money

@$#

' 0 0 � (0 0 6* 0 . " % . . " % 1 . *

"%

&

')

;

$(

"%

&

&' B

.

"%

&

"% "%

&

&

.

.

& LL8 A 6'

"%

&

(*

"%

&

. .

"%

LL8

6' & LL7 . 6' ' & & LL8 1 . 4

* 8M 8G * 8M

.

.

.

! . = ! . .

.

. . 0 . =

.

.

. ")%

"

"=&%

& >L% )

.

. D)3,ME )

.

=&

4" " AC ,4

89

! 1

2 " " # #

# # #" G H #

(+

& $# 4 " 6 4" 89 " AC ,4

! 1 * 8G

.

& >L ) !

. .

.

.

0 0

& L+ LL

= .

" %

" %

6 %

"

:

&' B

(-

*

(

;

( *

=

1 .

.

'

6'

.

;

S

S

S

!"

1 .

* 8N A

* 8M

"% S "%

" %

.

!

" % !

&

!

.

& " %

)

& $# 4 " 6 «secure links»

remote access

{adversary=default}

client machine get_password client apps

«secrecy»

web server access control

browser

«Internet»

6

'

"

server machine

«call»

; *

%

!

%

!

"

"

"

"

"

%

!"

* 8, .

H

3 ' ; 3

3

H !

H

&' B

)'

«secure dependency»

Key generation newkey(): Key

«interface» Random number random(): Real

Random generator

Key generator

«critical»

{high={random()}}

seed: Real

«call»

random(): Real

newkey(): Key

; ?

> ; ?

3

init(n:Data,k:Keys,cert:Exp) xchd(mstr:Exp)

tls:

Si :Server

C:Client

8

8 33 99

8 33 9

> 8 8 99 ; 8 8 8 999 ; ?

8 33 9

> 8 8 99 ; ?

8 9

33; 33; 33; 8 8 99 33; 8 8 8 999

«LAN»

clientsite

33; 33;

33;

serversite

«LAN»

«Internet» serverapp

clientapp C:Client

«send» «send»

!4

S:Server

)&

& $# 4 " 6

.

.

.

. # $ # .$

.

& "%

)

=

. . ) .

.

( $)(0 $)( ; !

$4

.

: .

"

%

'

6'

: " :%

& LL>

!"

* 8++

L%

.

&

(

1 6'

. 9 6' . H D?C -7 ?1-L 0?-L ?15-L 550 -LE 1 : ! D+ .

*

& $# 4 " 6 «data security» {adversary=default}

SecureChannel

S:Sender

send(d:Data)

R:Receiver

receive():Data

s: send(d)

entry/i:=i+1

Request

/request()

Wait

entry/i:=0

entry/j:=0

s

r

request()

r:

8

> 8 8 99; ? 88 8 999

Send

transmit(E)

WaitTrm

receive()

8 33 9 9

WaitReq

entry/j:=j+1

return(C)

33; 8 8 8 999 >

8 8 8 999; ? 8 33 9

Received

«Interface»

«Interface»

sending

receiving

send(d:Data)

receive():Data

S:Sender

3 Æ:

«critical» «send» {secrecy={d}}

3

«call»

send(d:Data)

Sendernode

S:Sender

3 Æ:

«critical»

;

receive():Data transmit(e:Data) request():Exp

Receivernode

«LAN»

Sendercomp

R:Receiver

«Internet»

«call»

3

«LAN»

Receivercomp R:Receiver

«send»

4 " 3

"" - E

D?C -8E = 6'

"% 1 6' 6' 6' 6' H

R

6' =

1 6' 6' 1 6'

.

1 6'

6' 6' 2 . == .

*&

& $# 4 " 6 * 6'

6' A .

&

( )##

! 6' 1 6'

) : . ! & D)&,,E 6' 7 !

! .

)

(' 4 %

1

**

!

.

&1 1 7 S /

( ( 0

2

)

2

! &

.

.

* >7 &

B . .

.

. .

Æ

1 . .

.

Æ

)

6'

& 8+7 ;

*

;

H

.

. )

. (

6

& LLL

9 GLM * GLN

;;S " " & L78

1

*+

( A «data security» {adversary=default}

SecureChannel

S:Sender

send(d:Data)

R:Receiver

receive():Data

s: send(d)

entry/i:=i+1

entry/j:=0

s

r

request()

r:

Request

/request()

Wait

entry/i:=0

8

> 8 8 99; ? 88 8 999

Send

transmit(E)

WaitTrm

receive()

8 33 9 9

WaitReq

entry/j:=j+1

return(C)

33; 8 8 8 999 >

8 8 8 999; ? 8 33 9

Received

«Interface»

«Interface»

sending

receiving

send(d:Data)

receive():Data

R:Receiver

S:Sender

3 Æ:

«critical» «send» {secrecy={d}}

3

receive():Data transmit(e:Data) request():Exp

«call»

send(d:Data)

Sendernode

3 Æ:

«critical»

;

Receivernode

«LAN» «Internet»

Sendercomp S:Sender

«call»

3

«LAN»

Receivercomp R:Receiver

«send»

6 #"3

.

+

1

.

. 4

.

;

Æ

+

. ;

(' 4 %

;

1

*-

" ;; +%

;;

;

9 N+L

&11 7 $"

S ( " ;; ; $4 Æ % S ( " ;; % S Æ $4 /

.

;;

.

H & LL8

.

" ;;

%

S

.

.

& ;;

(

&

;;

;;

;;

.

" "

%%

.

S '

# $ . 1

Æ D) -7E

>> (

. ; !

"%

!

. )

"%

" "% %

" "% %

+

( A

&11 7 S ( " ;; ; $4 Æ % S ( " ;; % S Æ $4 /

) >7 # $

% ! . , $

/*

1 2 . ! &

D)&,,E 1 :

D?C -+E

( : 6'

* >L

.

1

;

;

!

(

'

1

!

.

!

.

.

B . !

.

!4 8! " 4 "9 " 44 84 4 1 "9

( A !4 «data security»

TLS variant

{adversary=default}

C:Client

«critical»

; ; ; ;8 9

+'

S:Server

C:Client

3 : 3 Æ 3

resp(shrd:Exp,cert:Exp) «send»


3 Æ:

entry/i:=0

entry/j:=0

entry/i:=i+1

entry/j:=j+1

«send»

> ; ?

3

> ; ?

tls.C

tls.S


tls:

Si :Server

C:Client

8

8 33 99

8 33 9

8 33 9

8 9 > 8 8 99 ; 8 8 8 999 ; ? 33; 33; 33; 8 8 99 33; 8 8 8 999

> 8 8 99 ; ?

«LAN»

clientsite

33; 33;

33;

serversite

«LAN»


clientapp C:Client

«send»

S:Server

«send»

!4 1

+

( A

" % . " % " % 1 . ) " ;; % 1

.

. )

;

)

)

6'

& 8+7 ;

.

&$

)

.

&

6

.

!

) . * GLN .

. ! 2 * .

1

)

;;S "

& L78

"

!

( A !4

+.

1 "%

"

" " "

D

" ;;

;;S

;;S

" "

D

%%S

"

&

"

;;S

" "

;;S ;;S

%

" ;;

% .

" %%%S E ;;S " " " %%

" "

"

"

+

;;S .

%

" ;;

%%

%%S E

"+%

+

"+% S

" %%% ! .

!

D&GNE

;

;

;

;

" ;;

%

%

" ;;

%

" ;;

* >L

0 D)--E * .

" ;;

" ;;

%

%

.

!

.

.

S

S S

6

. .

= 6'

& 6'

( .

+&

( A

( +% 1 2 & M7+

.

( ! &1"1 0 / 8/9 S ( /

:

.

/

o

o

/

/

/

D)&,,E

( +4 1

;;

;;

;;

.

* >8

0

.

=

;; ;;

)

;

;

;

;

" ;;

" ;;

%

;; %

" ;;

1

>8

%

.

.

. 0

( A !4 «data security»

TLS variant

{adversary=default}

C:Client

«critical»

; ; ; ;8 9

S:Server

C:Client

3 : 3 Æ 3

resp(shrd:Exp,cert:Exp) «send»

3 Æ:

entry/i:=0

entry/j:=0

entry/i:=i+1

entry/j:=j+1

«send»


+(

> ; ?

> ; ?

3

tls.C

tls.S


tls:

Si :Server

C:Client

8

8 33 33 9 8 33 9

> 8 8 99 ; 8 9 8 8 8 999 ;

8 8 8 999 ; ? 33; 33; 33; 8 8 99 33; 8 8 8 999

8 33 99

> 8 8 99 ; ?

«LAN»

clientsite

33; 33;

33;

serversite

«LAN»


clientapp C:Client

«send»

S:Server

«send»

@ !4 1

+)

( A

.

!

.

B

.

8

.

1

'

* >8

1

.

.

.

* >8

+

=

.

( ! &1&1 ( " 0 0

( S / "

" ( " 0 0 S S / 7 " S ( ( ( 5 ( &$

"

"

+

"

(

$4 $4

.

" ;;

0 0

;

+

;;

%

( % ;

" ;; %

" ;;

(

6

S

0 /

S

S

( A !4

+*

. " ;; ;; % .

%

S

" ;;

%

"

S

%

" ;;

%

"

1

. . 1

.

.

S

"

+

S

(

"

& LL8 % !

!

.

" ;;

;; %

.

>8 .; B .

.

.

;; ;;

"

;;

%

.

B

.

+ ) (

.

# $

.

Æ

Æ !

+

N

POS device

«POS device»

PSAM

«smart.card» «send»

PSAMapp

Dispapp

P:PSAM

«send»

D:Display

«wire»

«send»

Card

«smart.card» Cardapp C:CEPS

@ %6 4 B 1 *

& 8+7

&1,1 3 ( 4 ( S /

!

#

&

'

!

.$

&

-+

( A

&)'

( =& . # $ # $

&)' ) .

1 2

( ! &1.1

S

; & Æ " % ; $4

" % ; $4 & Æ

(

" % ;

$4

S

$4 ( " ;; % 0 S S S S / 7 ( 5 5 0 0 0 0 " ;; ;; ;; %

" ;; ;; ;; ;; %0 / 5 ! 0 " ;; % " ;; ;; ;; % 0 0 ( / 5 & 0 , " ;; ;; ;; % " 0 0 0 ( " / &0 , " ;; ;; ;; ;; % " 0 0 " 4/ 7

0 ( /

!

!

!

!

&

!

!

'

!

!

!

&

!

!

!

!

&

!

'

&

!

&

!

!

&

!

&

! !

!

!

&

!

&

!

!

&)'

!

. ! . =& &)' !

.

!

#. $ &)'

'

(. % 6 4 B

.

'

--

. !

*

.

=& ! 2 4

!

!

!

0 !

.

=&

=&

&11 ( +7

* >+- >+8

'

( A Load Device Display/ Cardholder Interface

Secure PIN pad

CEP Card Terminal Application Functions

Chip−Card Reader

LSAM

Load Host

Card Issuer

7 * >+M * * >+>

;;S " 0 "

5 " ) )

; "

% ;;S

) . &)' =

.

*

&)'

&)' 0 +7

$

& 8+7

$

; !

6

$

$

% #& % #! &

Init

!

RespI

! # $ !$$ $ % ! $ $ $ & $ ! $ $ ! ! & % Credit RespC Fail & %& & $ && ! & Success

3 7

«critical»

«send»

& $ ! &

RespC

& $ ! ! &

Fail

Init

&

%

«send»

«send»

%& &&

Credit

«critical»

C:Card

c

!

entry/ nt:=nt+1

l

!

entry/ n:=n+1

entry/n:=0

L:LSAM

Ilog(cep,lda,m,nt,r,ml,r2l)

! !

ILog

«send»

Load(cep,lda,m,nt,s1,ml,h hl,h2l) Comp(cep,lda,m,nt,r2l,s3)

Issuer

«interface»

! # ! $$ $ $ entry/nt:=0 $ $

RespI

Llog(cep,m,nt,rc)

!

LLog

«send»

RespI(cep,nt,sl,hc) RespC(s3,rc) RespL(s2)

!

!

«send»

«critical»

RespL(s2)

IntIssuer

$ % ! ! $ $

Success

Clog(lda,m,nt,s2,rl)

!

CLog

Init(lda,m) Credit(s2,rl)

«send»

LSAM

«interface»

RespI(cep,nt,sl,hc) RespC(s3,rc)

IntCard

Card

«critical»

$ "

«data security»

% #& % #! &

l:

Load

i

I:Issuer

' ( A

Init

i:

& Load

C:CEPS

Fail

Load?

L:LSAM

«smart.card»

l:LLog

loadapp

Loadacq

«Internet»

«send»

«send»

4 B

«LAN»

«send»

«send»

i:ILog

I:Issuer

«issuer node» issuerapp

Issuer

%# ! !

! !

%# & ! &

!

! !$$ $ $ $ %

% ! ! $ $ %& Fail $ $' % ! ! $ $

Init

! & # &

Success

&

$ $ &

$ & $

RespI

$

! $ !

# !

«smart.card»

c:CLog

cardapp

Card

c:

(. % 6 4 B '.

'&

( A 8 9 33; 8 33 33 33 9 33; 8 33 33 33 9 > 8 9; 33 33 33 ; ? 33; 8 33 33 33 9 8 9 8 9 RespI 33; 8 33 33 33 9 8 9 33 33 33 ; ? 8 9 > 33; 8 9; 8 33 33 33 9 8 9 8 9 !

#

!

Success #

# "

33; 8

!

"

#

Load

8 33 33 33 9 9

"

Fail

#

33;

8 33 33 33 9 8 9

"

$

" !

$

!

3

8

9

%$

" "

89 8 9 ?

% "

33; >

8 9 33; 8 33 33 33 9

%$

!

Fail

$ '

8

9

%$

Init

"

#

Init

!

>

!

Load?

8 9 8 9; 33 33 33 8 9; 33 33 33 33 33 33 33 ? 33; 8 33 33 33 9 33; 8 9 33; 8 33 33 33 9 8 9 &

!

!

% !

8

9 9

$

! #

8

%$

!

3

8

!

33 33 9

33

9 33 33 9 33 33 9

8

9

#

8

!

9

8 9

8

"

9

%

!

!

9 33 9 33 33 33 33 33

33

9

"

9

9

9

!

!

!

%$

933;

9

"

!

33 33 33 9 33 33 33 9

8

9 9; 33 33 33 9; 33 33 33 33 33 33 33 ?

%$

8 8 8 &

>

I:Issuer

8 33; 8 9 33; 8 33; 8

47

!

#

8

" #

8 9

% !

$

8

?

"

%$

!

>

;

33; 8 9 33; 8 9 33; 33 33; 8 33 8 33 33 33; 33 33 33; 8 !

8

%$

L:LSAM

> ;

8 33 33 33 9? ;

33 33

#

33 33 33

8 9 33; 33; 8 33; 8 33; 8 8 9 33; 33; 8

9

"

$

!

!

> 8 9; 33 33 33 ; ?

C:Card

(. % 6 4 B '(

')

( A

!

.

$

)

)

;

. &)'

.

&)' !

.

&)' ) .

)

&)'

*

5 &)'

)

2

"

%

# 6 4A # # 4A " 1" 4A # 7$ B # B B 3 8 33 33 33 9 3 8 33 33 33 9 7 1" # 1" # 4A 33 33 33 33 33 33 33 9 8 #" 4A9 8 3 8 33 33 33 9 3 8 33 33 33 9 3 8 33 33 33 9 8 33 33 33 9

%

!

! #

!

B

(. % 6 4 B 1

&)'

$

&)'

B

$

.

#! 2

-

.

&)'

$

&)'

-

1

$

$

7-

* >+G *

* >7+ 1

.

2

«interface»

IntCard

RespI(cep,nt,sl,hc) RespC(s3,rc) «send» «critical» Card " # "

«send»

CLog

RespL(s2,s5) «send»

LSAM

"

«critical» $

# " ! !

RespI(cep,nt,sl,hc) RespC(s3,rc) RespL(s2,s5)

Init(lda,m) Credit(s2,rl)

«interface»

IntIssuer

«send»

«critical»

Issuer

" # "

Load(cep,lda,m,nt,s1,ml,h hl,h2l) Comp(cep,lda,m,nt,r2l,s3) «send» «send»

«send»

LLog

ILog

!

!

! !

Clog(lda,m,nt,s2,rl)

Llog(cep,m,nt,rc,s5)

Ilog(cep,lda,m,nt,r,ml,r2l)

@

(. % 6 4 B

% #& ( % #! &(

!

Init

''(

RespI

! # $ !$$ $ % ! $ ! $ $ $ $ & $ ! ! & % ( Credit Fail RespC &

%& ( ! $ & $ && ! & Success

@ 3 7

8

9

%$

" "

8 9 3; 8 33 33 33 9

%$

>

? 8 9

$ '

!

Fail

% " "

8 > 8 9 8 9; 8 9; 33 33 33 3; 8 33 33 33 9 3; 8 3; 8 33 33 33 9 8 %$

Init

&

!

9 Load? 33 33 33 33 33 33 33 ? 33 33 33 33 9 9

!

!

(

% ! (

8

9 9

$

! #

8

%$

!

@ 3

( A '')

!

8

8

9

8 9

!

#

!

8

9

% ! (

(

8 %$

"

!

9

!

" #

9

" (

8

$

8 %$

!

(

9

> ; 8 9; 33 33 33 33 ? !

L:LSAM

9

"

%

!

9 9; 9;

!

%$

!

9 33;

"

9

33 33 33 33 33 33 33 33 33 33 ?

8

33 33 9 33 33 9 33 33 33 9

33 33 33

%$

&

>

8 8 8

I:Issuer

8 33; 33; 8 9 8 9 33; 33; 8 8 9 33; 33; 8 33; 8 33 33 33 9 33; 8 33; 8 33 33 33 9 33; 8 33 33 33 33 33 33 33 9

8 9 > ;

8 33 33 33 9?

!

#

;

C:Card

"

9

33

33 33 9 33 33 9 33 33 9 33 33 9

33 33 33

!

> 8 9; 33 33 33 ; ?

8

$

8 9 33; 33; 8 33; 8 33; 8

!

9 33; 33; 8

#

8

47

(. % 6 4 B

''*

1 *

6'

& 8+7

&1

1 % 0 0 0 0 0 0 0 0 3 % 0 0

( 4 ( % S /

.

1

2

.

$;

++

$

$

$ " / %

. $ )

;

$$

%" 0

9 ? ?93 +7 & ) DA ,, 3 --E Æ

* )+

.

DA ,N 5/,,E ! ) . 1

6'

) . ?

? ! & >8L

&1"1 '

3 ; ) 2 D&&,8E

-

9 (

"8L

; & ; 2 : * ;

! . & . . 5

. . ?

. .

(& 5 4 I 89

8

8

''

recMaster

99

8 9 > 8 8 99 ; ? 99 3;

8 8

8 9

)

*

waitReq

checkReq

8 9 3; 8 = #

> ; ?

9

!" * >77

#

. .

* >7L ! .

;

(

# . * . . . Æ

89

o

)

8

8

99

/

8

o

o

8 9

8

)

)

99 )

8 9

)

= #

'

( A

. .

#

.

=

#

. .

. .

"%

.

1 & LLL

.

1

* "%

)

.

*

.

. .

& >7 :

;

.

#

.

. * >78 0

.

1

: . 6'

/

o

o

/

)

)

= # " E

&1"1 $4! + ' 1 ) ;

(& 5 4 I

'.

www.bankeasy.com Server

Local

Browser

Store

www.finance.com Server

B 3 A

& . 6' 1 6'

1

* )+

6' ) 6' ( !

; !

. 5 . *

* >7>

.

; "+% ) . + 7 " . % "7% ) " % . & !

.

+ >7 (

D?C -+E H . & >+ D)*A-7E .

7

& D)&,,E .

2

& >L D?1-+ ?C -+ ?C -8E = '

A "='A% ) 2

) A !

'.*

MyApp JMI MOF

r

ate

MDR 3:

[UML 1.4]

ge

2 : ins

1: 01 - 02 - 15 . xm

ne

UML 1.4

ta ntia te

MyUml

l (U

4: M

ML 1.4 Me tam od el)

yU

ml

. xm

i

5@ #" 7 ) @'! '9H ?'! L 6' ! 8 6'

?'!

?

@'! 5

'9H

6' 6'

2 ! ( / , )* 6'

6 ' D?&) -8E

)11 ( +

6' & 8+7 ;

'.+

) !

& ;

& ;

2 "

%

«framework» GuiWrapper

IGuiMode

ITextMode

«tool» MyUmlTool

«framework» WebWrapper

!

IWebMode

) A ! ( 4

*"

. "A6!%

&

'&'

""

A6!

.

0

*

O

"

A6!

)

6' . 6' +>

@'! +7 6'

!

D@'!-7E

6' . !

& M> = ; . 6'

)11 3 8 1 2 . & D0-LE 6' . E 6' ' .

: D5 NM ) ,-E

1 6' ' " % (

$ , " , %

6' ' 1

7

; ) !

%

% "

-

%

8 *1 1

0 0 0 5 3 4 5 $ ; / . 0 0 / - / ) . ) -

-

%

%

-

&

1 )

!

8 *11 & 6' ' S "- 2 % - 0 - 0 2 ( / ;/+-? " %%4 # 1 1 N B 1 "

*' =

O

A 6' '

6' '

"%

"%

S DE

6' '

"&"%% - " "&"%%% S - " % - " "&"%%%

')*

2 " "&"%%% * G7

"! 8#$ 88%999 3 ! % 8 " 9: 3; "! : 8 9 3; 8 9 : 3;

$ /

$

$/

$

$/

0 0

%

;S

"

"

"%

%

;S

%

"%

%

%

)

"%

DE

S

%

"%

!

%

"%

%

%

%

"%

)

%

8 *11 0 " %$ O "% , $ , $ "% " % " "%%/ S S 0 ( ( "% O / !" ) 6' '

')+

* A

- S

% %

S

%

S

%

S

2 * GL

"! 3 3

3;

;

3; 3 3;

8 9

/

/

/

$$/

6 O 2

+ *1"1 , " %0 " % , " % ( 0 + 5 3 0 4/ " % " % 3 4/ 7 " % "" % % 7" " % " % " % -/ -

"

"

"

"

"

"

"

' )

"

"

"

)

'

) "

"

.

.

2 " ""

"

%

2

! B # 4 ..'

%

)

* 4"

"

""

% """

%

%

"

)

' 7 " "

* G8

')-

%

.

"

"

)

( 6' 6' S

.

!

* G> 6' '

* G8 )

6' '

* GM

4 6' ' 6'&

#

$4 #

3 '

)

( D9 MN

1 G+E =

*. @B "! &' 3

'*.

$

89 3 8 / 9 / 89 89 ; :

$ /

3; : 8 9 3; : "! : 3; # : 8 9 3; 8 $ 8 9 3 3; /

%

/

0

0

%

/

$$/

$/

$/

3

$/

$ ; 89 : 89 ; &' 9:

$

0 4 8 " " 9 3 "!

"!

"! :

#

0

3;

0

0

4

*

& N7+ 1

. & G+ + *

: D),LE

8 *1)1 7( , $

[ S [0 ( , $0 [ , $/

'*&

* A

, $ ( ( $ % $ $ $, / 7( , $ $ $ / % % !

!

!

!

!

!

*

Ý

S

"

2

% ; "

%

;

& LL+

.

!

$

8 *1* = 8 ! >1 ( 0 0 $ / . $" %$ , $ ( 0 (

"

"

"

""

""

%Ý

"

"

%Ý

. $ , $ ( "

"

0 ( ,

"

"

"

"

"

""

S $ 3 4 $" %$ /

=

"

%Ý $ % ""

"

S

S

0

"

(

"

%Ý

"%

E 1 & # S % "% " %$ # S " % ; ; 0 " % 3 4 " %$ ( S S 0 0 $ S S

/ "

$

$

0

0

(

(

0

(

(

4

$

$

0 0

1 6'& 6' ' 0

$

6' '

+ *1 /1 ' # # $ $4 # $4 #/ ! 6'& # # 6' ' $4 # 6' ' $4 # 6'& # $"

6'&

#

6' '

6'&

+ *1

1 % / 1

6'&

-

# "&

&

) % 6'&

#

# " &

6' '

&

&

* 6' '

% 6'&

'*)

* A

+ *1 1 ( - # "& & %0 ( & 0 S + 0 ( # # / ' S + 0 $4 # " %$ $4 # ( S S # "$4 # $4 # % # "$4 # $4 # %/

(

4

1 2

( ! *1 1 % ( $ - /

6'&

8 *1 " = 7 >1 7( # # 3$ 4 , # 3 4 # # 3 4 #/ 1

3 *1 &1 !, ( $ / 1 :

8 *1 ) = 8 ! >1 # # - ' "& %0 # 3 4 ' # # 3 4 ' "#%/ .

( ! *1 *1 ! # ' $ 0 (

' "& % S & / #0 # 0 # # ' $ # # ' $ # 0 # ' Æ ' $ #0 ( ' Æ ' "& %

S ' "' "& %%/

3" #7 '

$ " > %

D5&-+E

8 *1 ,1 , $0 ( $ " % " % 0 ( " % / & $ " %0 ( , $ 0 /

1

"

"

1

1

"

"

1

*( @ A# 4 " 1

'**

$

( ! *1 .1 $ " % ( Ý S Ý S 0 S ; Ý S / ' $ $ $ " % $ " %/ ' $ 0 $0 $ " %0 $ " %/

1

1

1

1

1

1

! "% "

%

R

3% !8 1

& LLL

6' 6'& 1

. ( *

.

.

. 1 6' '

.

6' ' &

&

#

* 6'&

;

6' '

!

6'&

6' '

6'&

(

S

S

'*+

* A & 6'&

#

6' '

.;

6'&

6' ' 6'& (

!

#

"%

. .

S

$

"%

;

"%

"%

"% S " % S

S

. 6'&

.

"%

# =

6'&

R

.

& 1 ! # ( $4 " ' "# % /

( ! *1 = >1 ( # (/ # ( $4 " ( " %$ $" #/ 7 ( ( /

)

!

"

*( @ A# 4 "

'+(

*1&1" ' 1 2

8 *11 ( #0 ( / . # "% ( $ " % , ( $ 0 " # 0 ( ( "

0 , , #/

(

%

#

.

#

.

4

1

( ! *1" =' >1 ( (/ # ( $ ( " %$($" #0 ($ ( #/ 7 ( ( / #

)

. 1

& LL>

*1&1& + 1 6'&

8 *1&1 & 6 # ( #

# ( / ' 0 ( /

&

. R

6

S

U + ( .

& LLL

$4

1 .

'+)

* A

8 *1)1 & " $4 "$ $4 $4 / 1 - 6 *

8 *1*1 & " - 6

" $4 $4 ( $4 0 , - 6 ( $4 / * ; )

$4

& LLL

"

;;

%

S

"

;;

S

%

$4

S

+ *1,1 " - 6 "$ 0 " " " / ; *

+ *1.1 " - 6 "$ - 6 0 /

Æ

6'&

#

9 GL>

* GL,

# #

6'&

#

; + *1"/1 ( 6 # ( ( #0 ( (0 / 7

2 # 0 , " 0 " ( " /

%

0 ; .

.

*( @ A# 4 "

'+*

*1&1) ! +% 1 . :

Æ

A

;

5! !

!

!

!

! 8 *1" 1 5!0 ( 5 : ( ( , 9 $ ( , "% "9%0 S 9 S 0 : ( ( , 9 $ ( , "% "9%0 S 9 S / ! : $ " ( %

. E ) Æ

)

. D,,E * 6' 1 6'

1

& DH-7E )

6'

0

=

( 6' *

( 6'

( 6'

+' 4

'-.

0 . ; & N7+ .

6'

2

&

. 2 .

Æ

6' 9 . 6' 6'

( = 6' # $ D

.

?:

8 8 99 ! 8 9 8 9

)

6

$4!

* NG & G+

6' '

* NN

6' '

* G8 *

'

+ 4" 5 send(d)

Send

Wait /transmit(d)

63

,1 1" 7 ! 1 2 & N+ Æ

H

2 1 6' )

6' * D6'-LE

2

D6'-LE ! *

* 6'

!

3 3; 3

3;

( (8 9 ;

3; 3; * 8 9

3 3;

8 8 9 9

$ $

$

/

/

/

$

$

$$/

$

6

+' 4

'.

D*-8E

&

&

" 1

6

2

H

D31-+ +>E

!

D)--E;

3

3

. ;

3

.

3

3

(

1

)

(

)

&

& & >7 ) * L8 & >7

" 0

;;S

'&

+ 4" 5

"

5 "

'# 4 7 ! )

)+" %

S ")+" % " %% ;

" %

" % " % " % " %%

" %

" %

"

%

S "" %

$4

5

$

)+"%

" %

" %

)+" %

" %

" %

)

)+" %

" %

(

)+" %

)+"

(

% S

9(

" %;

!

! 1

!

( *

! #$

+' 4

'(

* 6' '

)

6' ' ( )

& N+L )

.

. 6' '

%

(

"

6' ' & G+

7

%

"

1

.

' 2 "

(

%% & N++

"

(

( (

0

& N+G 1

1

6' '

S D

%

%

"

" %

0

1

" % "

" %

-

%

1

;

E

4

%

)+" %

&

%

"

')

+ 4" 5

;;

;;

& 0 S " % S " % S " % 6' ' 2 " % & N++ * ' 2 " % ' 2 " % ' 2 " % A

" % S " % S B (

)

6' '

%

%

S " %

4

;S

6' '

;

* N,

!

!

!

" %

"! &' 3 ; > ?

3; 88 99 ; 88 99

* "!+8 88 999: 88 99 ;

3; 8 9: 88 99 ;

( (8 88 999 ; ( (8 9 3;

: 88 99 3; * 8 9: ( (8 9 )

8( (8 99 3; 8 9 8( (8 99: 3; 8 9

0

$

/

/

/

7

+' 4

"

"

%%

!

!

.

1

'*

4

. )

" %

!

,1 1& ' ! !

) .

6' + D6'-L 7+GNE

6' ! 6'

.

! 9 ( D6'-L 7+GNE & Æ 1 :

& N+L

)

S " & & %

&

&

" %

, ;

#

'+

+ 4" 5 "! &' 3 8 9

! &' 8 9

-

$

0

3;

A "

' " % '

" %

%

" %

" %

'

" %

& &

"%

&

"%

;

5

$

& N+L

"

"%

$4

& N+L

& N+L

(

'#

6' '

!

* )

0

)+

8 9 ! 89

8 8 99: 8 8 99

& $

-

8 9

&

$

A " 6

" %

+' 4

*

'-

& N+G !

( !

$4

$4

5

6' ' & G+

(

6' '

1

& N+L 6' '

$4

"%

* N+-

* N++

" %

" %

& N+L

& N+L 1

* N+7

8 9 3; * "!+,! 8 8 99

8 8 99 ! 8 9 8 9

)

A " 6

,1 1) ! ! 1 ) ;

%

S "

S " %

)

" %

$" %

" %

S "" % $" % !" %% ;

S "" % " %%

" %

.

" %

2 2 " #" " B

+ 4" 5 " % " % " % " S %

!

1 .

4

S " %

S

S " " %

.

,1 1* # ! !

6'

. 6'

6' *

. !

. 6' Æ

D6'-LE

;

4

! 6' '

)

4

& N+L

"

6' ( D6'-L LG87E )

& N+8

(

(

& N+8 4

)

! "

+' 4

'

H 2

6' ! D6'-L 7+L7GE # $ & 6' + .

1

*

. . 6' + & N+> )

;

;

!

& B

& N+8

(

) (

(

)+" %

)+"

%

5 (

(

(

;

+ 4" 5 (

"

(

% (

. *

&

3

5

&

3

6'

3

5

1

3

&

6' '

)

3

5

!

!

3

5

) 6'

.

; = 2 2 *

2 6' E !

& G>+

8 ,1 = #4 8 ! >1 ( $ 0 0 $ / . 3 4 $" %$ $" $4 3 4 $" %$ $4 / * , 5!

. S $ ; !!" % ,

=

(

,

+ ,11 3 4 $" %$ $" $ $

/ . ($"

.

+ 5

-

6' ! .

8 ,1" = #4 8 ! >1 7 3$ 4 " %$($" 3 4 " %$($" /

1 .

+ ,1&1 ' ($" $" / 6'& G+L

( ! ,1)1 .$" ( / 8 ,1* = #4 7 >1 7( 3 4 ($" , 3 4 ($" $ 3 4 ($" / 1

3 ,1,1 .$" , ( / ! : B

' .

2

8 ,1. = 2 8 ! >1 - ' "& %0 3 4 ' 3 4 ($" ' " %/ ( : ! ) .

(

D&&H5--E

.

+ 4" 5

( ! ,1 /1 ! ' $ 0 ( ' "& %

S &/ 0 0 ' $ $ ' $ 0 ' Æ ' $ 0 ( ' Æ ' "& %

S ' "' "& %%/ ) . $

DA0?/,>E

.

0

. . 1

& 8L ) & >+

,11 2 E D*0,GE

D* ,NE !

1 .

D*-+ &-LE

D?3&,> &5

Secure Systems Development with UML

Systems Engineering with SysML-UML

Model-Driven Development with Executable UML

Developing Secure Distributed Systems with CORBA

Systems Analysis and Design with UML

Architecting Secure Software Systems

VB6 UML Design and Development

Secure Integrated Circuits and Systems

Engineering Secure Software and Systems

Secure Semantic Service-Oriented Systems

Enterprise Development With Visual Studio Dot Net Uml And Msf

The Object Primer: Agile Model-Driven Development with UML 2.0

Enterprise development with Visual Studio .NET, UML, and MSF

Enterprise Development with Visual Studio .NET, UML, and MSF

Building Secure Servers with Linux

Building Secure Servers With Linux

Building Web Applications With UML

Building Secure Servers with Linux

Secure Programming with Static Analysis

Building Secure Servers with Linux

Advanced Systems Design with Java, UML and MDA

UML

Building Web Applications with UML

Building Web Applications with UML

Secure Java: For Web Application Development

Secure PHP Development: Building 50 Practical Applications

Secure PHP Development: Building 50 Practical Applications

Secure PHP Development: Building 50 Practical Applications

Secure PHP Development: Building 50 Practical Applications

Secure Java For Web Application Development

Secure Data Management in Decentralized Systems

Secure Systems Development with UML

Systems Engineering with SysML-UML

Model-Driven Development with Executable UML

Developing Secure Distributed Systems with CORBA

Systems Analysis and Design with UML

Architecting Secure Software Systems

VB6 UML Design and Development

Secure Integrated Circuits and Systems

Engineering Secure Software and Systems

Secure Semantic Service-Oriented Systems

Enterprise Development With Visual Studio Dot Net Uml And Msf

The Object Primer: Agile Model-Driven Development with UML 2.0

Enterprise development with Visual Studio .NET, UML, and MSF

Enterprise Development with Visual Studio .NET, UML, and MSF

Building Secure Servers with Linux

Building Secure Servers With Linux

Building Web Applications With UML

Building Secure Servers with Linux

Secure Programming with Static Analysis

Building Secure Servers with Linux

Advanced Systems Design with Java, UML and MDA

UML

Building Web Applications with UML

Building Web Applications with UML

Secure Java: For Web Application Development

Secure PHP Development: Building 50 Practical Applications

Secure PHP Development: Building 50 Practical Applications

Secure PHP Development: Building 50 Practical Applications

Secure PHP Development: Building 50 Practical Applications

Secure Java For Web Application Development

Secure Data Management in Decentralized Systems

Recommend Documents