The CORAS methodology: model-based risk assessment using UML and UP

Authors:
Folker den Braber;Theo Dimitrakos;Bjørn Axel Gran;Mass Soldal Lund;Ketil Stølen;Jan Øyvind Aagedal
Affiliations:
SINTEF Telecom and Informatics, Norway;CLRC Rutherford Appleton Laboratory, UK;Institute for Energy Technology, Norway;SINTEF Telecom and Informatics, Norway;SINTEF Telecom and Informatics, Norway;SINTEF Telecom and Informatics, Norway
Venue:
UML and the unified process
Year:
2003

Citing 3
Cited 13

Applying use cases: a practical guide

Applying use cases: a practical guide
The Rational Unified Process: an introduction

The Rational Unified Process: an introduction
Extended description techniques for security engineering

Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge

Using model-based security analysis in component-oriented system development

Proceedings of the 2nd ACM workshop on Quality of protection
Computer-aided Support for Secure Tropos

Automated Software Engineering
Quantitative software security risk assessment model

Proceedings of the 2007 ACM workshop on Quality of protection
Assessing the risk of intercepting VoIP calls

Computer Networks: The International Journal of Computer and Telecommunications Networking
Risk assessment in practice: A real case study

Computer Communications
Perceived risk assessment

Proceedings of the 4th ACM workshop on Quality of protection
Towards more secure systems: how to combine expert evaluations

Proceedings of the 4th international conference on Security and privacy in communication netowrks
An evaluation of business solutions in manufacturing enterprises

International Journal of Business Intelligence and Data Mining
A Goal-Based Modeling Approach to Develop Requirements of an Adaptive System with Environmental Uncertainty

MODELS '09 Proceedings of the 12th International Conference on Model Driven Engineering Languages and Systems
A Modeling Ontology for Integrating Vulnerabilities into Security Requirements Conceptual Foundations

ER '09 Proceedings of the 28th International Conference on Conceptual Modeling
A semantic paradigm for component-based specification integrating a notion of security risk

FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Modeling social and individual trust in requirements engineering methodologies

iTrust'05 Proceedings of the Third international conference on Trust Management
A Unified Use-Misuse Case Model for Capturing and Analysing Safety and Security Requirements

International Journal of Information Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

This chapter introduces the CORAS methodology in which Unified Modeling Language (UML) and Unified Process (UP) are combined to support a model-based risk assessment on security-critical systems. The hypothesis is that modeling techniques like UML contribute to increased understanding for the different stakeholders involved during a risk assessment. In the CORAS methodology, a traditional risk management, process is integrated with UP, which is a well-accepted system development process. CORAS tries to show how UML can contribute to better understanding, documentation, and communicating during the different phases of the risk management process. CORAS addresses both systems under development and systems already in use.