This paper describes the integration of an experience factory in a modelbased risk analysis framework called CORAS. CORAS aims at developing a new model-based risk analysis framework for security critical application. The framework’s cornerstone of combining methods for risk analysis of critical systems and semiformal modelling methods in a tool-supported environment targeting openness and inte...

The EU IST-project CORAS has developed an integrated risk management and system development process for security-critical systems based on AS/NZS 4360, RUP, and RM–ODP. The approach presented in this paper is based on the concepts of risk-driven development and extends the CORAS framework by using aspects to specify security risk treatment options. This enhances the evaluation of the treatment ...

EXECUTIVE SUMMARY During a field trial performed at the Norwegian telecom company NetCom from May 2003 to July 2003, a methodology for model-based risk analysis was assessed. The chosen methodology was the CORAS methodology (CORAS, 2000), which has been developed in a European research project carried out by 11 European companies and research institutes partly funded by the European Union. The ...

The CORAS Tool for model-based security risk analysis supports documentation and reuse of risk analysis results through integration of different risk analysis and software development techniques and tools. Built-in consistency checking facilitates the maintenance of the results as the target of analysis and risk analysis results evolve.

Security assessments are costly and time consuming and cannot be carried out from scratch each time a system is updated or modified. This motivates the need for specific methodology addressing the maintenance of assessment results, in particular, and a componentoriented approach to security assessment in general. This paper presents such a methodology in the setting of model-based security asse...

CORAS1 [6] is an approach to risk analysis based on the ISO 31000 international standard on risk management [4]. The approach is model-driven in the sense that graphical models are actively used throughout the whole risk analysis process to support the various analysis tasks and activities, and to document the results. It is defensive, which means that the risk analysis is concerned with protec...

We present an evaluation of the Graphical Modeling Framework (GMF) based on our experiences in developing an editor for the risk modeling language CORAS using GMF. Our main hypothesis is that GMF shortens development time and results in more reliable and maintainable systems than alternative approaches which are not based on code generation. We conclude that the hypothesis is true, but that the...

Photo 1. Mellisodes sp. attacking Danaus plexippus. credit: Robert Root-Bernstein. 2. Xylocopa virginica a Bombus 3. Colletes (upside down) and altercating over flower. 4. Agapostemon Polites coras. 5. Agpostemon wrestling with These photographs illustrate the article “Flower visitor insects display an interspecific dominance hierarchy on flowers” by Thomas Renaud Meredith Root-Bernstein publis...