The coras approach for model-based risk management applied to e-commerce domain
نویسندگان
چکیده
The CORAS project develops a practical framework for model-based risk management of security critical systems by exploiting the synthesis of risk analysis methods with semiformal specification methods, supported by an adaptable tool-integration platform. The framework is also accompanied by the CORAS process, which is a systems development process based on the integration of RUP and a standardised security risk management process, and it is supported by an XML-based tool-integration platform. The CORAS framework and process are being validated in extensive user trials in the areas of e-commerce and telemedicine. This paper presents an overview of the CORAS framework, emphasising on the modelling approach followed in the first of the user trials (concerning the authentication mechanism of an ecommerce platform) and it provides some examples of the risk analyses employed in this context.
منابع مشابه
Risk Analysis in E-commerce via Fuzzy Logic
This paper describes the development of a fuzzy decision support system (FDSS) for the assessment of risk in E-commerce (EC) development. A Web-based prototype FDSS is suggested to assist EC project managers in identifying potential EC risk factors and the corresponding project risks. A risk analysis model for EC development using a fuzzy set approach is proposed and incorporated into the FDSS....
متن کاملTowards a UML Profile for Model-Based Risk Assessment
The EU-funded CORAS project (IST-2000-25031) is developing a framework for model-based risk assessment of security-critical systems. This framework is characterised by: (1) A careful integration of aspects from partly complementary risk assessment methods. (2) Guidelines and methodology for the use of UML to support and direct the risk assessment methodology. (3) A risk management process based...
متن کاملCORAS methodology for model-based risk asessment
This report provides the final version of the CORAS methodology for model-based risk assessment (MBRA). The CORAS methodology for MBRA ispresented in terms of concrete recommendations and layered guidelines, aswell as templates and supportive descriptions. D2.4 also provides a refinedsub-specification for the CORAS Platform. Finally, the report includes andrefines the experi...
متن کاملIdentifying and Ranking the Components and Dimensions of E-Commerce Using the Meta-Synthesis Approach
The present study seeks to identify and prioritize the components and dimensions of e-commerce and categorize them as a comprehensive model by using the meta-synthesis method. In this research, total of 58 articles in the field of E-commerce was identified and examined in the first step. Latin articles were in the period of 1996 to 2017 and Persian articles were related to the period of 2001 to...
متن کاملModel Based Security Risk Analysis for Web Applications
Security evaluation and security assurance are important aspects of trust in e-business. CORAS is a European project which is developing a tool-supported framework for precise, unambiguous, and efficient risk assessment of security critical systems. The framework is obtained through adapting, refining, extending, and combining methods for risk analysis of critical systems and semiformal modelli...
متن کامل