Writing Secure Code
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Object-Oriented Software Engineering: A Use Case Driven Approach
Object-Oriented Software Engineering: A Use Case Driven Approach
On the Comprehension of Security Risk Scenarios
IWPC '05 Proceedings of the 13th International Workshop on Program Comprehension
Misuse Cases: Use Cases with Hostile Intent
IEEE Software
A graphical approach to risk identification, motivated by empirical investigations
MoDELS'06 Proceedings of the 9th international conference on Model Driven Engineering Languages and Systems
Using assurance models to aid the risk and governance life cycle
BT Technology Journal
A risk-driven security analysis method and modelling language
BT Technology Journal
Journal of Systems and Software
Astrolabe: a collaborative multiperspective goal-oriented risk analysis methodology
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans - Special section: Best papers from the 2007 biometrics: Theory, applications, and systems (BTAS 07) conference
ER '09 Proceedings of the 28th International Conference on Conceptual Modeling
Assurance for federated identity management
Journal of Computer Security - Digital Identity Management (DIM 2007)
Proceedings of the 3rd international conference on Security of information and networks
Proceedings of the 2010 workshop on New security paradigms
Lightweight modeling and analysis of security concepts
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Using real option thinking to improve decision making in security investment
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Engineering secure future internet services
The future internet
Supporting requirements engineers in recognising security issues
REFSQ'11 Proceedings of the 17th international working conference on Requirements engineering: foundation for software quality
Model-based qualitative risk assessment for availability of IT infrastructures
Software and Systems Modeling (SoSyM)
TAM2: automated threat analysis
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Intended actions: risk is conflicting incentives
ISC'12 Proceedings of the 15th international conference on Information Security
Security asset elicitation for collaborative models
Proceedings of the Workshop on Model-Driven Security
Proceedings of the Workshop on Model-Driven Security
Threat and Risk-Driven Security Requirements Engineering
International Journal of Mobile Computing and Multimedia Communications
Towards Tool-Support for Usable Secure Requirements Engineering with CAIRIS
International Journal of Secure Software Engineering
Eliciting Policy Requirements for Critical National Infrastructure Using the IRIS Framework
International Journal of Secure Software Engineering
Comparing Misuse Case and Mal-Activity Diagrams for Modelling Social Engineering Attacks
International Journal of Secure Software Engineering
HCI International'13 Proceedings of the 15th international conference on Human Interface and the Management of Information: information and interaction design - Volume Part I
Engineering Security Agreements Against External Insider Threat
Information Resources Management Journal
Securing business processes using security risk-oriented patterns
Computer Standards & Interfaces
| Hi-index | 0.00 |
This paper presents the CORAS method for model-based security analysis. The presentation is case-driven. We follow two analysts in their interaction with an organisation by which they have been hired to carry out a security risk analysis. The analysis is divided into seven main steps, and the paper devotes a separate section to each of them. The paper focuses in particular on the use of the CORAS security risk modelling language as a means for communication and interaction during the seven steps.