Specifying Legal Risk Scenarios Using the CORAS Threat Modelling Language
نویسندگان
چکیده
The paper makes two main contributions: (1) It presents experiences from using the CORAS language for security threat modelling to specify legal risk scenarios. These experiences are summarised in the form of requirements to a more expressive language providing specific support for the legal domain. (2) Its second main contribution is to present ideas towards the fulfilment of these requirements. More specifically, it extends the CORAS conceptual model for security risk analysis with legal concepts and associations. Moreover, based on this extended conceptual model, it introduces a number of promising language constructs addressing some of the identified deficiencies.
منابع مشابه
Structured Semantics for the CORAS Security Risk Modelling Language
The CORAS security risk modelling language is a customised graphical language for communication, documentation and analysis of security threat and risk scenarios. This paper presents a semantics for the CORAS language. The semantics is structured in that it provides stepby-step instructions on how to correctly interpret an arbitrary CORAS diagram. The result is a readable paragraph of English. ...
متن کاملSintef Report
Traditional system documentation focuses on the behaviour or functionality we would like the system or application to provide. However, it is equally important to document the undesirable behaviour; what happens when things goes wrong. Moreover, this documentation must be unambiguous and easy to read and understand for the different stakeholders involved. SINTEF has developed a graphical langua...
متن کاملUsing Dependent CORAS Diagrams to Analyse Mutual Dependency
The CORAS method for security risk analysis provides a customized language, the CORAS diagrams, for threat and risk modelling. In this paper, we extend this language to capture context dependencies, and use it as a means to analyse mutual dependency. We refer to the extension as dependent CORAS diagrams. We de ne a textual syntax using EBNF and explain how a dependent CORAS diagram may be schem...
متن کاملModel-based security analysis in seven steps a guided tour to the CORAS method
This paper presents the CORAS method for model-based security analysis. The presentation is case-driven. We follow two analysts in their interaction with an organisation by which they have been hired to carry out a security risk analysis. The analysis is divided into seven main steps, and the paper devotes a separate section to each of them. The paper focuses in particular on the use of the COR...
متن کاملThe CORAS Framework for a Model-Based Risk Management Process
CORAS is a research and technological development project under the Information Society Technologies (IST) Programme (Commission of the European Communities, Directorate-General Information Society). One of the main objectives of CORAS is to develop a practical framework, exploiting methods for risk analysis, semiformal methods for object-oriented modelling, and computerised tools, for a precis...
متن کامل