Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Business Information Systems

CORAS Integration Platform About Coras Platform

advertisement 
CORAS Integration Platform
About Coras Platform
The CORAS platform is computerized tool being developed to support integration of the CORAS framework/process. It is aimed at integrating the various components,
technologies and results (risk analysis methods, semiformal methods, object-oriented modelling methods, and tools), into an overall tool-supported CORAS framework/process.
This will enable risk analysis in a precise, unambiguous and efficient manner, to improve the security analysis and thereby the security of security-critical systems.
Motivations Behind the Platform
Objectives of the Platform
One of the main objectives of CORAS is to develop a
practical framework, exploiting methods for risk
analysis, semiformal methods for object-oriented
modelling, and computerised tools, for a precise,
unambiguous, and efficient risk assessment of security
critical systems. The use of the CORAS framework is a
complex process involving both humans and tools, and
as such, is prone to delays, as well as possible errors.
With this in mind, one of the objectives of the CORAS
project is to produce an computerized tool support for
integration of the CORAS framework/process.
•Ease of Deployment
•Intuitive Design - Easy to Use
•Extensibility, Portability
•Cheap Solution
•Generic Applicability (XML data representation)
•Reusability
•An open infrastructure for computerized
integration of the CORAS framework/process
•To enable risk analysis in a precise,
unambiguous and efficient manner
•To improve the security analysis and thereby
the security of security-critical systems.
Security Critical System Target of Assessment
Flow of data
Process of the analysis and
adding of new cases into
the appropriate repository
IDMEF
Data
XMI
Output
IDMEF
Data
An example of FMECA tools:
•RELEX
•ITEM
•FMEAPlus
•Alcatel Espace
XML
Data
Any of available tools that
support specific method could
be used for analysis.
Direct Access to Stored Information
User-friendly interface for adding new
cases and browsing the existing data
stored in any of the repositories.
$VVHVVPHQW
...
Assets
Org. context
SWOT
Elements stored in
both of the
repositories are
organized in a
hierarchical manner in
accordance with the
CORAS viewpoints
and concerns, allowing
navigation via the
graphical user
interfaces provided.
Viewpoints
(RER)
(OHPHQW
5HSRVLWRU\
contains reusable elements represented in the
XML format. These elements can be derived
from any UML CASE tool, Risk Analysis tools
or Intrusion Detection applications provided
that the output is exported into the universal
XML format. Guided by these reusable
elements, a risk assessment team can easily
instantiate new assessment result in a typical
risk assessment session.
5HXVDEOH
Concerns
Target
(AR)
stores
5HSRVLWRU\
concrete results from already completed
assessments and assessments in progress.
Generic framework based on
XML data description assures
common representation and
storage of data in repositories.
Enterprise
Information
Computational
Viewpoint
Computational
Engineering
Organisational
context Model
Technology
Via &25$6 ([SHULHQFH 3DFNDJH (CEP), elements
in both of the repositories are grouped together and
referenced to. Such a packaging scheme (based on
the widely used EF concept) is vital for the synthesis
of all kinds of experiences drawn from the risk
assessment processes, enabling the CORAS
repository to document, store, qualify and update the
experience base, as well as supplying those
experiences back to projects on demand.
Organisational
context Concern
Summary of the CORAS Platform
Risk Assessment of Security Critical Systems
- Open source solution, no purchase necessary
- Tool-independent platform eliminating the need for expensive and proprietary software solutions
- XML as data exchange model, enabling portability
- Extensible & powerful XML-driven solution to meet every customized need
- Integrates 3 major XML data models:
- XMI (XML Metadata Exchange) standardised by Object Management Group (OMG)
- CORAS-specific XML-compliant data format targeting Risk Assessment tools
- IDMEF (Intrusion Detection Messaging Exchange Format) by IETF
Please contact
contact us
us
Please
KetilStølen
Stølen
Ketil
SINTEF Telecom
Telecom and
and Informatics
Informatics
SINTEF
ketil.stolen@sintef.no
ketil.stolen@sintef.no
TonyPrice
Price
Tony
Telenor Research
Research and
and Development
Development
Telenor
t.price@emailadres.co.uk
t.price@emailadres.co.uk
http://www.nr.no/coras
http://www.nr.no/coras
Related documents
Model-based Risk Analysis of Security Critical Systems
Model-based Risk Analysis of Security Critical Systems
The CORAS Rationale The risk management process
The CORAS Rationale The risk management process
CORAS has 11 partners
CORAS has 11 partners
Testsprioritation
Testsprioritation
Model-based Risk Assessment
Model-based Risk Assessment
([SHULHQFHVIURPXVLQJPRGHOEDVHGULVNDVVHVVPHQWWRHYDOXDWH WKHVHFXULW\RIDWHOHPHGLFLQHDSSOLFDWLRQ
([SHULHQFHVIURPXVLQJPRGHOEDVHGULVNDVVHVVPHQWWRHYDOXDWH WKHVHFXULW\RIDWHOHPHGLFLQHDSSOLFDWLRQ
Experiences from using model-based risk assessment to evaluate
Experiences from using model-based risk assessment to evaluate
How to Analyze Security with Respect to Change Mass Soldal Lund
How to Analyze Security with Respect to Change Mass Soldal Lund
The CORAS Tool for Security Risk Analysis
The CORAS Tool for Security Risk Analysis
The CORAS Method Process, Concepts and Notation Ketil Stølen CORAS
The CORAS Method Process, Concepts and Notation Ketil Stølen CORAS
&25$6$)UDPHZRUNIRU5LVN$QDO\VLVRI6HFXULW\&ULWLFDO6\VWHPV
&25$6$)UDPHZRUNIRU5LVN$QDO\VLVRI6HFXULW\&ULWLFDO6\VWHPV
The CORAS approach for model-based risk management applied to a telemedicine service
The CORAS approach for model-based risk management applied to a telemedicine service
0RGHOEDVHGULVNDVVHVVPHQW±WKH&25$6DSSURDFK
0RGHOEDVHGULVNDVVHVVPHQW±WKH&25$6DSSURDFK
The CORAS Approach for Model-based Risk Management applied to e-Commerce Domain
The CORAS Approach for Model-based Risk Management applied to e-Commerce Domain
Bruk av CORAS i praksis Bjørnar Solhaug SINTEF, 2011-12-07 Eksemplifisert med luftfartskontroll
Bruk av CORAS i praksis Bjørnar Solhaug SINTEF, 2011-12-07 Eksemplifisert med luftfartskontroll
Model-based risk assessment – the CORAS approach
Model-based risk assessment – the CORAS approach
Model-Driven Risk Analysis: the CORAS Approach
Model-Driven Risk Analysis: the CORAS Approach
Model-based risk assessment – the CORAS approach
Model-based risk assessment – the CORAS approach
0DLQWDLQLQJ5HVXOWVIURP6HFXULW\$VVHVVPHQWV Mass Soldal Lund, Folker den Braber, Ketil Stølen $EVWUDFW 6,17()7HOHFRPDQG,QIRUPDWLFV1RUZD\
0DLQWDLQLQJ5HVXOWVIURP6HFXULW\$VVHVVPHQWV Mass Soldal Lund, Folker den Braber, Ketil Stølen $EVWUDFW 6,17()7HOHFRPDQG,QIRUPDWLFV1RUZD\
Evaluating the Compatibility of a Tool to Support E-Businesses’ Security Negotiations
Evaluating the Compatibility of a Tool to Support E-Businesses’ Security Negotiations
Specifying Legal Risk Scenarios Using the CORAS Threat Modelling Language Fredrik Vraalsen
Specifying Legal Risk Scenarios Using the CORAS Threat Modelling Language Fredrik Vraalsen
The CORAS Framework for a Model-Based Risk Management Process
The CORAS Framework for a Model-Based Risk Management Process
Download
advertisement