Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

Model-based Risk Analysis of Security Critical Systems

advertisement 
Model-based Risk Analysis of Security Critical Systems
Siv Hilde Houmb1, Trond Stølen Gustavsen1, Ketil Stølen2, Bjørn Axel Gran3
1
Telenor R&D, Norway, {siv-hilde.houmb, trondstolen.gustavsen}@telenor.com
2
Sintef Telecom & Informatics, Norway, kst@sintef.no
3
Institute for Energy Technology, bjornag@hrp.no
CORAS (www.nr.no/coras) is a EU funded R&D project (IST-2000-25031) developing a methodology and a framework for model-based risk assessment based on
AS/NZS 4360 [1]. CORAS focus on security critical systems in general, with particular emphasis on IT security. IT security includes all aspects related to defining,
achieving, and maintaining confidentiality, integrity, availability, non-repudiation, accountability, authenticity, and reliability of IT systems (ISO/IEC TR 13335-1:2001
[2]). The focus is on controlling risks by using well know risk analysis methods from
the safety domain, such as HazOp [3], FMEA [4] and FTA [5], which have been used
within for example the chemical and nuclear industry since World War II [3].
The presentation will focus on how to use UML (Unified Modeling Language) behavioural diagrams [6] as input diagrams to risk analysis. The approach will be exemplified by demonstrating how a UML sequence diagram can be used to support HazOp for risk identification. Our approach includes both guidelines on how to construct
the input diagrams from existing system documentation and how to perform a risk
analysis using a particular input diagram.
The presentation will conclude with summarising some of the preliminary results
from the CORAS project, with emphasis on how we have and will verify the usability
of the methodology developed within the project and in particular the methodology
developed for using input diagrams to support risk analysis.
References
1. AS/NZS 4360:1999 Risk management (1999).
2. ISO/IEC TR 13335-1:2001: Information technology – Guidelines for the management of IT
Security – Part 1: Concepts and models for IT Security.
3. Leveson, Nancy G., "SAFEWARE, System, Safety and Computers", Addison-Wesley,
ISBN: 0-201-11972-2, 1995.
4. Bouti, A., Ait Kadi, D., A state-of-the-art review of FMEA/FMECA. International Journal
of Reliability, Quality and Safety Engineering 1 (1994), 515-543.
5. IEC 1025:1990 Fault tree analysis (FTA) (1990).
6. Booch, Grady, Jacobson, Ivar, and Rumbaugh, James, "The Unified Modeling Language
Reference Manual", Addison-Wesley Longman Inc., ISBN: 0-201-30998-X, 1999.
Related documents
The CORAS Rationale The risk management process
The CORAS Rationale The risk management process
CORAS Integration Platform About Coras Platform
CORAS Integration Platform About Coras Platform
Cause and Effect Diagrams
Cause and Effect Diagrams
INTRODUCTION TO THE INFORMATION PROCESSING CYCLE
INTRODUCTION TO THE INFORMATION PROCESSING CYCLE
Environmental Science: Note Taking Guide for the Weekly Packet
Environmental Science: Note Taking Guide for the Weekly Packet
Life cycle analysis
Life cycle analysis
Structure and Function of Living Systems: Student Data Sheet
Structure and Function of Living Systems: Student Data Sheet
Statics Test Review
Statics Test Review
([SHULHQFHVIURPXVLQJPRGHOEDVHGULVNDVVHVVPHQWWRHYDOXDWH WKHVHFXULW\RIDWHOHPHGLFLQHDSSOLFDWLRQ
([SHULHQFHVIURPXVLQJPRGHOEDVHGULVNDVVHVVPHQWWRHYDOXDWH WKHVHFXULW\RIDWHOHPHGLFLQHDSSOLFDWLRQ
Experiences from using model-based risk assessment to evaluate
Experiences from using model-based risk assessment to evaluate
CORAS has 11 partners
CORAS has 11 partners
Model-based Risk Assessment
Model-based Risk Assessment
Risk Analysis of Privacy Protection in Social Networking Sites
Risk Analysis of Privacy Protection in Social Networking Sites
How to Analyze Security with Respect to Change Mass Soldal Lund
How to Analyze Security with Respect to Change Mass Soldal Lund
The CORAS Tool for Security Risk Analysis
The CORAS Tool for Security Risk Analysis
The CORAS Method Process, Concepts and Notation Ketil Stølen CORAS
The CORAS Method Process, Concepts and Notation Ketil Stølen CORAS
Model-based risk assessment – the CORAS approach
Model-based risk assessment – the CORAS approach
Model-based risk assessment – the CORAS approach
Model-based risk assessment – the CORAS approach
The CORAS Approach for Model-based Risk Management applied to e-Commerce Domain
The CORAS Approach for Model-based Risk Management applied to e-Commerce Domain
Bruk av CORAS i praksis Bjørnar Solhaug SINTEF, 2011-12-07 Eksemplifisert med luftfartskontroll
Bruk av CORAS i praksis Bjørnar Solhaug SINTEF, 2011-12-07 Eksemplifisert med luftfartskontroll
&25$6$)UDPHZRUNIRU5LVN$QDO\VLVRI6HFXULW\&ULWLFDO6\VWHPV
&25$6$)UDPHZRUNIRU5LVN$QDO\VLVRI6HFXULW\&ULWLFDO6\VWHPV
The CORAS approach for model-based risk management applied to a telemedicine service
The CORAS approach for model-based risk management applied to a telemedicine service
Download
advertisement