Using Dependent CORAS Diagrams to Analyse Mutual Dependency

  • Gyrd Brændeland
  • Heidi E. I. Dahl
  • Iselin Engan
  • Ketil Stølen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5141)


The CORAS method for security risk analysis provides a customized language, the CORAS diagrams, for threat and risk modelling. In this paper, we extend this language to capture context dependencies, and use it as a means to analyse mutual dependency. We refer to the extension as dependent CORAS diagrams. We define a textual syntax using EBNF and explain how a dependent CORAS diagram may be schematically translated via the textual syntax into a paragraph in English, characterizing its intended meaning. Then we demonstrate the suitability of the language by means of a core example.


Predicate Logic Fault Tree Analysis Misuse Case Deduction Rule Fault Tree Analysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aagedal, J.Ø., den Braber, F., Dimitrakos, T., Gran, B.A., Raptis, D., Stølen, K.: Model-based risk assessment to improve enterprise security. In: EDOC 2002, pp. 51–64. IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  2. 2.
    Abadi, M., Lamport, L.: Conjoining specifications. ACM Transactions on programming languages and systems 17(3), 507–534 (1995)CrossRefGoogle Scholar
  3. 3.
    Alexander, I.F.: Misuse cases: Use cases with hostile intent. IEEE Software 20(1), 58–66 (2003)CrossRefGoogle Scholar
  4. 4.
    Dahl, H.E.I., Hogganvik, I., Stølen, K.: Structured semantics for the CORAS security risk modelling language. Technical Report A970, SINTEF ICT (2007)Google Scholar
  5. 5.
    Hogganvik, I., Stølen, K.: On the comprehension of security risk scenarios. In: IWPC 2005, pp. 115–124. IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
  6. 6.
    Hogganvik, I., Stølen, K.: Risk analysis terminology for IT systems: Does it match intuition. In: ISESE 2005, pp. 13–23. IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
  7. 7.
    Hogganvik, I., Stølen, K.: A graphical approach to risk identification, motivated by empirical investigations. In: Nierstrasz, O., Whittle, J., Harel, D., Reggio, G. (eds.) MoDELS 2006. LNCS, vol. 4199, pp. 574–588. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    IEC60300. Event Tree Analysis in Dependability management – Part 3: Application guide – Section 9: Risk analysis of technological systems (1995)Google Scholar
  9. 9.
    IEC61025. Fault Tree Analysis (FTA) (1990)Google Scholar
  10. 10.
    ISO/IEC 14977:1996(E). Information Technology — Syntactic Metalanguage — Extended BNF, 1 edn. (1996)Google Scholar
  11. 11.
    Jacobson, I., Christenson, M., Jonsson, P., Övergaard, G.: Object-Oriented Software Engineering. A Use Case Driven Approach. Addison-Wesley, Reading (1992)zbMATHGoogle Scholar
  12. 12.
    Jones, C.B.: Development Methods for Computer Programmes Including a Notion of Interference. PhD thesis, Oxford University, UK (1981)Google Scholar
  13. 13.
    Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)zbMATHGoogle Scholar
  14. 14.
    Lamport, L.: How to write a proof. Technical report, Digital Systems Research Center (1993)Google Scholar
  15. 15.
    Lodderstedt, T., Basin, D.A., Doser, J.: SecureUML: A UML-based modeling language for model-driven security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)Google Scholar
  16. 16.
    Lund, M.S., Hogganvik, I., Seehusen, F., Stφlen, K.: UML profile for security assessment. Technical Report STF40 A03066, SINTEF ICT (2003)Google Scholar
  17. 17.
    Misra, J., Chandy, K.M.: Proofs of networks of processes. IEEE Transactions on Software Engineering 7(4), 417–426 (1981)CrossRefMathSciNetGoogle Scholar
  18. 18.
    OMG. Unified Modeling Language Specification, version 2.0 (2004)Google Scholar
  19. 19.
    OMG. UML Profile for Modeling Quality of Service and Fault Tolerance Characteristics and Mechanisms (2005)Google Scholar
  20. 20.
    Schneier, B.: Attack trees: Modeling security threats. Dr. Dobb’s Journal of Software Tools 24(12), 21–29 (1999)Google Scholar
  21. 21.
    Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. In: TOOLS-PACIFIC 2000, pp. 120–131. IEEE Computer Society, Los Alamitos (2000)Google Scholar
  22. 22.
    Sindre, G., Opdahl, A.L.: Templates for misuse case description. In: REFSQ 2001, pp. 125–136 (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Gyrd Brændeland
    • 1
    • 2
  • Heidi E. I. Dahl
    • 1
  • Iselin Engan
    • 1
  • Ketil Stølen
    • 1
    • 2
  1. 1.SINTEF ICTOsloNorway
  2. 2.Department of InformaticsUiOOsloNorway

Personalised recommendations