Learn More
The CORAS security risk modelling language is a customised graphical language for communication, documentation and analysis of security threat and risk scenarios. This paper presents a semantics for the CORAS language. The semantics is structured in that it provides step-by-step instructions on how to correctly interpret an arbitrary CORAS diagram. The(More)
We propose a graphical approach to identify, explain and document security threats and risk scenarios. Security risk analysis can be time consuming and expensive, hence, it is of great importance that involved parties quickly understand the risk picture. Risk analysis methods often make use of brainstorming sessions to identify risks, threats and(More)
Many risk specific concepts like "threat", "consequence" and "risk" belong to the daily language. In a risk analysis one cannot be certain that the participants' interpretation of these terms is in accordance with risk analysis definitions. Risk analyses often use brainstorming techniques to identify risks based on the opinions and judgments of system(More)
i Abstract The goal of this project is to propose a lightweight methodology for architecture recovery with basis in the IEEE 1471 standard. This is done by testing and refining the methodology through several case studies on open source software products. We chose to use the four steps from the project description as our initial hypothesis of how to perform(More)
HOVEDOPPGAVE Kandidatens navn: Ida Hogganvik Fag: SIF80/HO2 (2003 VÅR) Oppgavens tittel (norsk): AMBRA – Et arkitekturrammeverk for modellbasert risikoanalyse Oppgavens tittel (engelsk): AMBRA – Architectural framework for Model-based Risk Analysis Oppgavens tekst: The standard IEEE-1471 provides a conceptual framework for architecture description. The(More)
  • 1