CARiSMA
Modeling offers an unprecedented opportunity for high-quality critical systems development that is feasible in an industrial context. CARiSMA enables you to perform:
- compliance analyses,
- risk analyses, and
- security analyses
of software models. CARiSMA is an acronym for CompliAnce, Risk, and Security Model Analyzer.
Since CARiSMA is a reimplemented variant of the former UMLsec tool it natively supports UML models. Due to its EMF-based implementation CARiSMA can also support domain-specific modeling languages such as BPMN.
CARiSMA is fully integrated into Eclipse and can thus become part of the modeling tool of your choice including but not limited to Papyrus MDT, IBM Rational Software Architect, and many others.
A flexible plugin architecture makes CARiSMA extensible for new languages and allows users to implement their own compliance, risk, or security checks.
Installation
See Installation Guide for how to install CARiSMA and its extensions.
General Usage
See Usage Guide for information on how to use CARiSMA.
Specific checks
Static Checks
See Static Checks for the specific checks.
UMLsec4IDS
See UMLsec4IDS for the specific checks.
Activity2PetriNets
See Activity2PetriNet for the specific checks.
Smartcard Checks
See Smartcard for the specific checks.
The OCL Check Plugin
See OCL for the specific checks.
RABAC
See RABAC for the specific checks.
Development
If you want to extend CARiSMA, consult the Development Guide.
Video Documentation
There are multiple different screencasts available on the CARiSMA-Tool:
- Screen cast for the ESEC/FSE 2017 tool demonstration track
- Install CARiSMA in Topcased
- Modeling with UMLsec stereotypes
- Analyzing a model annotated with UMLsec
- Analyzing a potential evolution of a model
- General usage
- Example run with a failing security check
- Example run with a successful security check
- Correcting a model according to a failed report
- Applying the UMLsec profile and Stereotypes
Contact / Team
If you find bugs, please use GitHub's issue tracker.
For other questions contact: Research Group Software Engineering at University of Koblenz
Contact:
- Sven Peldszus
- Julian Flake
Further developers and contributors:
- Sven Wenzel
- Daniel Poggenpohl, né Warzecha
- Benjamin Berghoff
- Jens Bürger
- Lidiya Kaltchev
- Johannes Kowald
- Kubi Mensah
- Marcel Michel
- Alexander Peikert
- Klaus Rudack