Specifying legal risk scenarios using the CORAS threat modelling language

Authors:
Fredrik Vraalsen;Mass Soldal Lund;Tobias Mahler;Xavier Parent;Ketil Stølen
Affiliations:
SINTEF, Norway;SINTEF, Norway;Norwegian Research Center for Computers and Law, University of Oslo, Norway;King's College London, UK;SINTEF, Norway
Venue:
iTrust'05 Proceedings of the Third international conference on Trust Management
Year:
2005

Citing 9
Cited 3

REFEREE: trust management for Web applications

Selected papers from the sixth international conference on World Wide Web
Trust requirements in e-business

Communications of the ACM
"Trust me, I'm an online vendor": towards a model of trust for e-commerce system design

CHI '00 Extended Abstracts on Human Factors in Computing Systems
The Ponder Policy Specification Language

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
The coras approach for model-based risk management applied to e-commerce domain

Proceedings of the IFIP TC6/TC11 Sixth Joint Working Conference on Communications and Multimedia Security: Advanced Communications and Multimedia Security
Integrating Model-based Security Risk Management into eBusiness Systems Development: The CORAS Approach

I3E '02 Proceedings of the IFIP Conference on Towards The Knowledge Society: E-Commerce, E-Business, E-Government
Tropos: An Agent-Oriented Software Development Methodology

Autonomous Agents and Multi-Agent Systems
A survey of trust and reputation systems for online service provision

Decision Support Systems
Why timed sequence diagrams require three-event semantics

SMTT'03 Proceedings of the 2003 international conference on Scenarios: models, Transformations and Tools

UMLtrust: towards developing trust-aware software

Proceedings of the 2008 ACM symposium on Applied computing
Towards legal privacy risk assessment and specification

TrustBus'11 Proceedings of the 8th international conference on Trust, privacy and security in digital business
The CORAS tool for security risk analysis

iTrust'05 Proceedings of the Third international conference on Trust Management

Quantified Score

Hi-index	0.00

Visualization

Abstract

The paper makes two main contributions: (1) It presents experiences from using the CORAS language for security threat modelling to specify legal risk scenarios. These experiences are summarised in the form of requirements to a more expressive language providing specific support for the legal domain. (2) Its second main contribution is to present ideas towards the fulfilment of these requirements. More specifically, it extends the CORAS conceptual model for security risk analysis with legal concepts and associations. Moreover, based on this extended conceptual model, it introduces a number of promising language constructs addressing some of the identified deficiencies.