An Approach to Verifying Security and Timing Properties in UML Models

In this paper, we present an approach to verify whether a UML design model satisfies its domain-specific security and time-related requirements in an integrated tool environment. This approach is based on a UML metamodel extension mechanism given as profiles. As a model verification tool, we chose the USE (UML-based Specification Environment) since additional functional and non-functional constraints in a UML model should be formally specified using the OCL (Object Constraint Language). In order to address both security and timing properties together in a model, we combine two profiles, UMLsec for security and MARTE (UML profile for Modeling and Analysis of Real-Time and Embedded systems) for time, into the UML metamodel. Then, this combined metamodel is converted to a form of USE specification so that it can be used for verifying models using USE. In this approach, however, this combined metamodel is considered as a large class model in USE because USE does not support profiles. Therefore, models to be verified are created as object models that are instances of the given class model, i.e. the extended metamodel in our case. Our approach is illustrated with a distributed, interoperable wireless communications-based railroad control system called the Positive Train Control (PTC) System.