Abstract
This short paper describes ongoing efforts to combine concepts of security risk analysis with security testing into a single process. Using risk analysis artefact composition and Monte Carlo simulation to calculate likelihood values, the method described here is intended to become applicable for complex large scale systems with dynamically changing probability values.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
International Organization for Standardization: ISO 31000 Risk Management – Principles and Guidelines (2009)
International Organization for Standardization: ISO Guide 73 Risk Management – Vocabulary (2009)
Bouti, A., Kadi, D.A.: A state-of-the-art review of FMEA/FMECA. Int. J. Reliab. Qual. Saf. Eng. 1, 515–543 (1994)
International Electrotechnical Commission: IEC 61025 Fault Tree Analysis (FTA) (1990)
International Electrotechnical Commission: IEC 60300-3-9 Dependability Management – Part 3: Application guide – Section 9: Risk Analysis of Technological Systems – Event Tree Analysis (ETA) (1995)
Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis – The CORAS Approach. Springer, Heidelberg (2011)
Lund, M.S., Solhaug, B., Stølen, K.: Evolution in relation to risk and trust management. Computer 43(5), 49–55 (2010). IEEE
Kaiser, B., Liggesmeyer, P., Mäckel, O.: A new component concept for fault trees. In: 8th Australian Workshop on Safety Critical Systems and Software (SCS’03), pp. 37–46. Australian Computer Society (2003)
Papadoupoulos, Y., McDermid, J., Sasse, R., Heiner, G.: Analysis and synthesis of the behaviour of complex programmable electronic systems in conditions of failure. Reliab. Eng. Syst. Saf. 71(3), 229–247 (2001). Elsevier
Viehmann, J.: Reusing risk analysis results - an extension for the CORAS risk analysis method. In: 4th International Conference on Information Privacy, Security, Risk and Trust (PASSAT’12), pp. 742–751. IEEE (2012). doi:10.1109/SocialCom-PASSAT.2012.91
Erdogan, G., Li, Y., Runde, R.K., Seehusen, F., Stølen, K.: Conceptual framework for the DIAMONDS project, Oslo, May 2012
Erdogan, G., Seehusen, F., Stølen, K., Aagedal, J.: Assessing the usefulness of testing for validating the correctness of security risk models based on an industrial case study. In: Proceedings of the International Workshop on Quantitative Aspects in Security Assurance (QASA’12), Pisa (2012)
Benet, A.F.: A risk driven approach to testing medical device software. In: Dale, A., Anderson, T. (eds.) Advances in Systems Safety, pp. 157–168. Springer, London (2011)
Kloos, J., Hussain, T., Eschbach, R.: Risk-based testing of safety-critical embedded systems driven by fault tree analysis. In: Software Testing, Verification and Validation Workshops (ICSTW 2011), pp. 26–33. IEEE (2011)
Gleißner, W., Berger, T.: Auf nach Monte Carlo: Simulationsverfahren zur Risiko-Aggregation. RISKNEWS 1, 30–37 (2004). doi:10.1002/risk.200490005. Wiley
Greenland, S.: Sensitivity analysis, Monte Carlo risk analysis, and Bayesian uncertainty assessment. Risk Anal. 21, 579–584 (2001). Wiley
Kolmogorov, A.: Grundbegriffe der Wahrscheinlichkeitsrechnung. Springer, Heidelberg (1933)
Caprotti, O., Carlisle, D.: OpenMath and MathML: semantic markup for mathematics. Crossroads 6(2), 11–14 (1999). doi:10.1145/333104.333110. ACM
Viehmann, J.: The theory of creating trust with a set of mistrust-parties and its exemplary application for the s-network. In: Proceedings of Tenth Annual Conference on Privacy, Security and Trust (PST 2012), pp. 185–194. IEEE (2012). doi:10.1109/PST.2012.6297939
Smith, B., Williams, L.: On the effective use of security test patterns. In: Proceedings of the Sixth International Conference on Software Security and Reliability (SERE 2012), pp. 108–117. IEEE (2012). doi:10.1109/SERE.2012.23
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Viehmann, J. (2014). Towards Integration of Compositional Risk Analysis Using Monte Carlo Simulation and Security Testing. In: Bauer, T., Großmann, J., Seehusen, F., Stølen, K., Wendland, MF. (eds) Risk Assessment and Risk-Driven Testing. RISK 2013. Lecture Notes in Computer Science(), vol 8418. Springer, Cham. https://doi.org/10.1007/978-3-319-07076-6_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-07076-6_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07075-9
Online ISBN: 978-3-319-07076-6
eBook Packages: Computer ScienceComputer Science (R0)