Security Pattern in UML

Security is a major issue in software largely due to the fact that it is taken as an add-on and not a primary concern. Although UML provides flexible modeling of a system but it does not take into account the security aspect so far. Secure UML and UMLSec have been proposed to highlight Security in UML but they have limitations, as we cannot generalize. Due the specific nature of implementation of UMLsec it is often difficult to reuse. It is also observed that developers do not focus on security requirements while developing application rather they focus on user requirements. Usually in most organizations security is never focused on from the start of development, instead it is left for later stage. We have introduced the concept of Security Pattern in UML. We have categorized Patterns for UML at Design, Architecture and Implementation levels. These patterns will be made on the basis of best security practices in industry at various levels. They will address security issues, vulnerabilities and risk associated to it. User will be able to select a pattern based on his needs and apply it. These patterns will be helpful in eliminating the vulnerabilities in software by mitigating it. Ultimately this will be helpful towards development of secure application with more focus on quality of product. Key words