CORAS

The EU-funded CORAS project (IST-2000-25031) developed a tool-supported methodology for model-based risk analysis of security-critical systems. The project was initiated in January 2001 and successfully completed in September 2003. The CORAS consortium consisted of eleven institutions from four European countries. SINTEF was responsible for the technical coordination while Telenor AS R&D was the administrative coordinator and responsible partner towards the European Commission.

The CORAS tool-supported methodology provides:

  • A methodology for model-based risk assessment integrating aspects from partly complementary risk assessment methods and state-of-the-art modelling methodology
  • A UML based specification language targeting security risk assessment.
  • A library of reusable experience packages.
  • A computerised tool that supports the methodology and provides two repositories; an assessment repository and a repository for the reusable experience packages.
  • An XML mark-up for exchange of risk assessment data.
  • A vulnerability assessment report format.

The CORAS tool and methodology is freely available to be downloaded from the official CORAS homepage.


Share

Published March 22, 2012

Project homepage

The official CORAS homepage

Contact in SINTEF ICT

Ketil Stølen

 

     Copyright © SINTEF      |    Email to SINTEF    |   About www.sintef.com