To main content

Model-based security analysis in seven steps – a guided tour to the CORAS method

Abstract

This paper presents the CORAS method for model-based security analysis. The presentation is case-driven. We follow two analysts in their interaction with an organisation by which they have been hired to carry out a security risk analysis. The analysis is divided into seven main steps, and the paper devotes a separate section to each of them. The paper focuses in particular on the use of the CORAS security risk modelling language as a means for communication and interaction during the seven steps.

Category

Academic article

Language

English

Author(s)

  • Braber Folker den
  • Ida Hogganvik
  • Mass Soldal Lund
  • Ketil Stølen
  • Fredrik Vraalsen

Affiliation

  • SINTEF Digital / Software and Service Innovation

Year

2007

Published in

BT technology journal

ISSN

1358-3948

Publisher

Springer

Volume

25

Issue

1

Page(s)

101 - 117

View this publication at Cristin