Skip to main content
SpringerLink
Log in

Model-based security analysis in seven steps — a guided tour to the CORAS method

  • Published:
BT Technology Journal

Abstract

This paper presents the CORAS method for model-based security analysis. The presentation is case-driven. We follow two analysts in their interaction with an organisation by which they have been hired to carry out a security risk analysis. The analysis is divided into seven main steps, and the paper devotes a separate section to each of them. The paper focuses in particular on the use of the CORAS security risk modelling language as a means for communication and interaction during the seven steps.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. OMG: ’Unified Modeling Language (UML): Superstructure, version 2.0’, Object Management Group (2005).

  2. Lund M S, den Braber F, Stølen K and Vraalsen F: ’A UML profile for the identification and analysis of security risks during structured brainstorming’, SINTEF ICT, Tech report STF40 A03067 (2004).

  3. Stathiakis N, Chronaki C, Skipenes E, Henriksen E, Charalambous E, Sykianakis A, Vrouchos G, Antonakis N, Tsiknakis M and Orphanoudakis S: ’Risk assessment of a cardiology eHealth service in HYGEIAnet’, in Proc Computers in Cardiology (CIC’2003), pp 201–204 (2003).

  4. AS/NZS4360, Australian/New Zealand Standard for Risk Management: Standards Australia/Standards New Zealand (2004).

  5. ISO/IEC13335, Information Technology — Guidelines for management of IT Security (1996–2000).

  6. IEC61025, Fault Tree Analysis (FTA) (1990).

  7. den Braber F, Mildal A B, Nes J, Stølen K and Vraalsen F: ’Experiences from using the CORAS methodology to analyse a Web application’, Journal of Cases on Information Technology, 7, No 3, pp 110–130 (2005).

    Google Scholar 

  8. Hogganvik I and Stølen K: ’On the comprehension of security risk scenarios’, in Proc Int Workshop on Program Comprehension (IWPC’05), pp 115–124 (2005).

  9. Hogganvik I and Stølen K: ’Risk analysis terminology for IT-systems, does it match intuition?’ in Proc Int Symposium on Empirical Software Engineering (ISESE’05), pp 13–23 (2005).

  10. Hogganvik I and Stølen K: ’A graphical approach to risk identification, motivated by empirical investigations’, in Proc MoDELS’06 LNCS 4199, pp 574–588 (2006).

  11. Barber B and Davey J: ’The Use of the CCTA Risk Analysis and Management Methodology CRAMM in Health Information Systems’, in Proc MEDINFO’92, pp 1589–1593 (1992).

  12. Alberts C J and Dorofee A J: ’OCTAVE Criteria Version 2.0’, Tech report CMU/SEI-2001-TR-016, ESC-TR-2001-016 (2001).

  13. Redmill F, Chudleigh M and Catmur J:’HAZOP and Software HAZOP’, Wiley (1999).

  14. Alexander I: ’Misuse cases: Use cases with hostile intent’, IEEE Software, 20, No 1, pp 58–66 (2003).

    Article  Google Scholar 

  15. Sindre G and Opdahl A L: ’Eliciting Security Requirements by Misuse Cases’, in Proc TOOLS-PACIFIC, pp 120–131 (2000).

  16. Sindre G and Opdahl A L: ’Templates for Misuse Case Description’, in Proc Workshop of Requirements Engineering: Foundation of Software Quality (REFSQ’01), pp 125–136 (2001).

  17. Jacobson I, Christerson M, Jonsson P and Övergaard G: ’Object-Oriented Software Engineering: A Use Case Driven Approach’, Addison-Wesley (1992).

  18. Lund M S, Hogganvik I, Seehusen F and Stølen K: ’UML profile for security assessment’, SINTEF Telecom and Informats, Tech report STF40 A03066 (2003).

  19. OMG: ’UML Profile for Modeling Quality of Service and Fault Tolerance Characteristics and Mechanisms’, Object Management Group 2006.

  20. Jürjens J: ’Secure systems development with UML’, Springer (2005).

  21. Lodderstedt T, Basin D and Doser J: ’SecureUML: A UML-Based Modeling Language for Model-Driven Security’, in Proc UML’02, LNCS 2460, pp 426–441 (2002).

  22. Schneier B: ’Attack trees: Modeling security threats’, Dr Dobb’s Journal, 24, No 12, pp 21–29 (1999).

    Google Scholar 

  23. Howard M and LeBlanc D: ’Writing Secure Code’, 2nd edition, Microsoft Press (2003).

  24. IEC60300-3-9, Event Tree Analysis in Dependability management — Part 3: Application guide — Section 9: Risk analysis of technological systems (1995).

  25. Nielsen D S: ’The Cause/Consequence Diagram Method as a Basis for Quantitative Accident Analysis’, Danish Atomic Energy Commission, RISO-M-1374 (1971).

Download references

Authors
  1. F. den Braber
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. I. Hogganvik
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. M. S. Lund
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. K. Stølen
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. F. Vraalsen
    View author publications

    You can also search for this author in PubMed Google Scholar

About this article

Cite this article

den Braber, F., Hogganvik, I., Lund, M.S. et al. Model-based security analysis in seven steps — a guided tour to the CORAS method. BT Technol J 25, 101–117 (2007). https://doi.org/10.1007/s10550-007-0013-9

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10550-007-0013-9

Keywords

Search

Navigation