Model-based security analysis in seven steps a guided tour to the CORAS method

نویسندگان

  • F den Braber
  • F Vraalsen
چکیده

This paper presents the CORAS method for model-based security analysis. The presentation is case-driven. We follow two analysts in their interaction with an organisation by which they have been hired to carry out a security risk analysis. The analysis is divided into seven main steps, and the paper devotes a separate section to each of them. The paper focuses in particular on the use of the CORAS security risk modelling language as a means for communication and interaction during the seven steps.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Guided Tour of the CORAS Method

This chapter presents a guided tour of the CORAS method. As illustrated by Fig. 3.1, the CORAS method is divided into eight steps. The first four of these steps are introductory in the sense that we use them to establish a common understanding of the target of the analysis, and to make the target description that will serve as a basis for the subsequent risk identification. The introductory ste...

متن کامل

The CORAS Language – why it is designed the way it is

CORAS1 [6] is an approach to risk analysis based on the ISO 31000 international standard on risk management [4]. The approach is model-driven in the sense that graphical models are actively used throughout the whole risk analysis process to support the various analysis tasks and activities, and to document the results. It is defensive, which means that the risk analysis is concerned with protec...

متن کامل

Model Based Security Risk Analysis for Web Applications

Security evaluation and security assurance are important aspects of trust in e-business. CORAS is a European project which is developing a tool-supported framework for precise, unambiguous, and efficient risk assessment of security critical systems. The framework is obtained through adapting, refining, extending, and combining methods for risk analysis of critical systems and semiformal modelli...

متن کامل

The CORAS Tool for Security Risk Analysis

The CORAS Tool for model-based security risk analysis supports documentation and reuse of risk analysis results through integration of different risk analysis and software development techniques and tools. Built-in consistency checking facilitates the maintenance of the results as the target of analysis and risk analysis results evolve.

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2007