Ida Hogganvik

Learn More
The CORAS security risk modelling language is a customised graphical language for communication, documentation and analysis of security threat and risk scenarios. This paper presents a semantics for the CORAS language. The semantics is structured in that it provides stepby-step instructions on how to correctly interpret an arbitrary CORAS diagram. The(More)
We propose a graphical approach to identify, explain and document security threats and risk scenarios. Security risk analysis can be time consuming and expensive, hence, it is of great importance that involved parties quickly understand the risk picture. Risk analysis methods often make use of brainstorming sessions to identify risks, threats and(More)
Methods for security risk analysis are often based on structured brainstorming (e.g. what [21] calls HazOp). A structured brainstorming gathers a group of different system experts and the idea is that they will find more risks as a team than one-by-one. The CORAS modelling language [20] has been designed to support the brainstorming process and to document(More)
Many risk specific concepts like "threat", "consequence" and "risk" belong to the daily language. In a risk analysis one cannot be certain that the participants' interpretation of these terms is in accordance with risk analysis definitions. Risk analyses often use brainstorming techniques to identify risks based on the opinions and judgments of system(More)
i $EVWUDFW This thesis builds on the generally accepted view that risk analysis during development and operation of systems facilitates security, safety, robustness and cost effectiveness.. We often need specialized risk analysis methodologies to fit a particular domain or system. We like to exploit the fact that much of the risk analysis terminology is(More)
Cloud services is one of the most rapidly growing services over internet, which at the same time also faces serious security challenges. Recently, several cloud-storage service providers started to provide encryption protection to client data in the cloud. However, encryption imposes significant limits on data us . In this paper, we report security related(More)
  • 1