Learn More
This paper presents the CORAS method for model-based security analysis. The presentation is case-driven. We follow two analysts in their interaction with an organisation by which they have been hired to carry out a security risk analysis. The analysis is divided into seven main steps, and the paper devotes a separate section to each of them. The paper(More)
We propose a graphical approach to identify, explain and document security threats and risk scenarios. Security risk analysis can be time consuming and expensive, hence, it is of great importance that involved parties quickly understand the risk picture. Risk analysis methods often make use of brainstorming sessions to identify risks, threats and(More)
The CORAS security risk modelling language is a graphical language customized for communication , documentation and analysis of security threat and risk scenarios. We present a textual syntax and a structured semantics for each of the ve dierent types of CORAS diagrams , together with step-by-step instructions on how to translate a graphical diagram via the(More)
Many risk specific concepts like " threat " , " consequence " and " risk " belong to the daily language. In a risk analysis one cannot be certain that the participants' interpretation of these terms is in accordance with risk analysis definitions. Risk analyses often use brainstorming techniques to identify risks based on the opinions and judgments of(More)
The CORAS security risk modelling language is a customised graphical language for communication, documentation and analysis of security threat and risk scenarios. This paper presents a semantics for the CORAS language. The semantics is structured in that it provides step-by-step instructions on how to correctly interpret an arbitrary CORAS diagram. The(More)
i Abstract The goal of this project is to propose a lightweight methodology for architecture recovery with basis in the IEEE 1471 standard. This is done by testing and refining the methodology through several case studies on open source software products. We chose to use the four steps from the project description as our initial hypothesis of how to perform(More)
  • 1