[Impressum]
[E-Mail]
Modeling Mondex (2)
The next step is to describe the data types and messages with an UML
class diagram and the communication structure and attacker capabilities
with a UML deployment diagram.
- The attacker capabilities are described in the deployment diagram by the
stereotype <<Threat>> Since the attacker can read
all messages, send arbitrary messages, and suppress messages
from the terminal or the card, we have a Dolev-Yao attacker model.
The User models a human that interacts with a terminal, and we are not
really interested in ``attacks'' against a real person.
- For completeness we include the predefined security data types that can be used in the
class diagram.
- ... and the user messages. Since the user represents a real human being these 'messages'
represent input of the user to the terminal, not electronic (or digital) messages.
