Structured Semantics for the CORAS Security Risk Modelling Language
نویسندگان
چکیده
The CORAS security risk modelling language is a customised graphical language for communication, documentation and analysis of security threat and risk scenarios. This paper presents a semantics for the CORAS language. The semantics is structured in that it provides stepby-step instructions on how to correctly interpret an arbitrary CORAS diagram. The result is a readable paragraph of English. This enables users of the CORAS language to easily extract the intended meaning of a given diagram. The semantics is modular in the sense that the semantics of any diagram can be deduced from the semantics of its elements and relations.
منابع مشابه
Sintef Report
Traditional system documentation focuses on the behaviour or functionality we would like the system or application to provide. However, it is equally important to document the undesirable behaviour; what happens when things goes wrong. Moreover, this documentation must be unambiguous and easy to read and understand for the different stakeholders involved. SINTEF has developed a graphical langua...
متن کاملSpecifying Legal Risk Scenarios Using the CORAS Threat Modelling Language
The paper makes two main contributions: (1) It presents experiences from using the CORAS language for security threat modelling to specify legal risk scenarios. These experiences are summarised in the form of requirements to a more expressive language providing specific support for the legal domain. (2) Its second main contribution is to present ideas towards the fulfilment of these requirement...
متن کاملModel-based security analysis in seven steps a guided tour to the CORAS method
This paper presents the CORAS method for model-based security analysis. The presentation is case-driven. We follow two analysts in their interaction with an organisation by which they have been hired to carry out a security risk analysis. The analysis is divided into seven main steps, and the paper devotes a separate section to each of them. The paper focuses in particular on the use of the COR...
متن کاملUsing Dependent CORAS Diagrams to Analyse Mutual Dependency
The CORAS method for security risk analysis provides a customized language, the CORAS diagrams, for threat and risk modelling. In this paper, we extend this language to capture context dependencies, and use it as a means to analyse mutual dependency. We refer to the extension as dependent CORAS diagrams. We de ne a textual syntax using EBNF and explain how a dependent CORAS diagram may be schem...
متن کاملBuilding an Experience Factory for a Model-based Risk Analysis Framework
This paper describes the integration of an experience factory in a modelbased risk analysis framework called CORAS. CORAS aims at developing a new model-based risk analysis framework for security critical application. The framework’s cornerstone of combining methods for risk analysis of critical systems and semiformal modelling methods in a tool-supported environment targeting openness and inte...
متن کامل