Abstract
As military and civil software-intensive infor-
mation systems grow and become more and more complex,
structured approaches, called architecture frameworks (AF),
were developed to support their engineering. The concepts
of these approaches were standardised under ISO/IEC
42010 – Systems and Software Engineering – Architecture
Description. An Architecture Description is composed of
Views, where each View addresses one or more engineering
concerns. As mentioned in the standard, a multi-viewpoint
approach requires the capacity to capture the different views,
and maintain their mutual consistency. This paper addresses
primarily the problem of integrating a model-based security
risk assessment view to the mainstream system engineering
view(s) and, to a lesser extent, the problem of maintaining
the overall consistency of the views. Both business stakes
and technical means are studied. We present two specific
approaches, namely CORAS and Rinforzando. Both come
with techniques and tool support to facilitate security risk
assessment of complex and evolving critical infrastructures,
such as ATM systems. The former approach offers static
import/export relationships between artefacts, whereas the
latter offers dynamic relationships. The pros and cons of
each technical approach are discussed.
mation systems grow and become more and more complex,
structured approaches, called architecture frameworks (AF),
were developed to support their engineering. The concepts
of these approaches were standardised under ISO/IEC
42010 – Systems and Software Engineering – Architecture
Description. An Architecture Description is composed of
Views, where each View addresses one or more engineering
concerns. As mentioned in the standard, a multi-viewpoint
approach requires the capacity to capture the different views,
and maintain their mutual consistency. This paper addresses
primarily the problem of integrating a model-based security
risk assessment view to the mainstream system engineering
view(s) and, to a lesser extent, the problem of maintaining
the overall consistency of the views. Both business stakes
and technical means are studied. We present two specific
approaches, namely CORAS and Rinforzando. Both come
with techniques and tool support to facilitate security risk
assessment of complex and evolving critical infrastructures,
such as ATM systems. The former approach offers static
import/export relationships between artefacts, whereas the
latter offers dynamic relationships. The pros and cons of
each technical approach are discussed.