Tool-Supported Risk Modeling and Analysis of Evolving Critical Infrastructures

  • Fredrik Seehusen
  • Bjørnar Solhaug
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7465)


Risk management is coordinated activities to direct and control an organization with regard to risk, and includes the identification, analysis and mitigation of unacceptable risks. For critical infrastructures consisting of interdependent systems, risk analysis and mitigation is challenging because the overall risk picture can be strongly affected by changes in only a few of the systems. In order to continuously manage risks and maintain an adequate level of protection, there is a need to continuously maintain the validity of risk models while systems change and evolve. This paper presents a risk analysis tool that supports the modeling and analysis of changing and evolving risks. The tool supports the traceability of system changes to risk models, as well as the explicit modeling of the impact on the risk picture. The tool, as well as the underlying risk analysis method, is exemplified and validated in the domain of air traffic management.


Risk analysis interdependencies critical infrastructures ATM 


  1. 1.
    Alberts, C.J., Davey, J.: OCTAVE criteria version 2.0. Technical report CMU/SEI-2001-TR-016, Carnegie Mellon University (2004)Google Scholar
  2. 2.
    Barber, B., Davey, J.: The use of the CCTA risk analysis and management methodology CRAMM in health information systems. In: 7th International Congress on Medical Informatics (MEDINFO 1992), pp. 1589–1593. North-Holland (1992)Google Scholar
  3. 3.
    Brændeland, G., Refsdal, A., Stølen, K.: Modular analysis and modelling of risk scenarios with dependencies. Journal of Systems and Software 83(10), 1995–2013 (2010)CrossRefGoogle Scholar
  4. 4.
    Breu, M., Breu, R., Löw, S.: MoVEing forward: Towards an architecture and processes for a Living Models infrastructure. International Journal On Advances in Life Sciences 3(1-2), 12–22 (2011)Google Scholar
  5. 5.
    Communication from the Commission on a European programme for critical infrastructure protection. In: The European Commission, COM, 786 final (2006)Google Scholar
  6. 6.
    EUROCONTROL: Air traffic management strategy for the years 2000+ (2003)Google Scholar
  7. 7.
    Innerhofer-Oberperfler, F., Breu, R.: Using an enterprise architecture for IT risk management. In: Information Security South Africa Conference, ISSA 2006 (2006)Google Scholar
  8. 8.
    International Organization for Standardization: ISO 31000 Risk management – Principles and guidelines (2009)Google Scholar
  9. 9.
    Ligaarden, O.S., Refsdal, A., Stølen, K.: Using indicators to monitor security risk in systems of systems: How to capture and measure the impact of service dependencies on the security of provided services. In: IT Security Governance Innovations: Theory and Research. IGI Global (to appear, 2012)Google Scholar
  10. 10.
    Lund, M.S., Solhaug, B., Stølen, K.: Evolution in relation to risk and trust management. Computer 43(5), 49–55 (2010)CrossRefGoogle Scholar
  11. 11.
    Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis – The CORAS Approach. Springer (2011)Google Scholar
  12. 12.
    Lund, M.S., Solhaug, B., Stølen, K.: Risk Analysis of Changing and Evolving Systems Using CORAS. In: Aldini, A., Gorrieri, R. (eds.) FOSAD VI. LNCS, vol. 6858, pp. 231–274. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
    Massacci, F., Mylopoulos, J., Zannone, N.: Security Requirements Engineering: The SI* Modeling Language and the Secure Tropos Methodology. In: Ras, Z.W., Tsay, L.-S. (eds.) Advances in Intelligent Information Systems. SCI, vol. 265, pp. 147–174. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Microsoft Solutions for Security and Compliance and Microsoft Security Center of Excellence: The Security Risk Management Guide (2006)Google Scholar
  15. 15.
    Object Management Group: OMG Unified Modeling Language (OMG UML), Superstructure. Version 2.2, OMG Document: formal/2009-02-02 (2009)Google Scholar
  16. 16.
    Peltier, T.R.: Information Security Risk Analysis, 2nd edn. Auerbach Publications (2005)Google Scholar
  17. 17.
    Report on the industrial validation of SecureChange solutions. SecureChange project deliverable D1.3 (2012)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Fredrik Seehusen
    • 1
  • Bjørnar Solhaug
    • 1
  1. 1.SINTEF ICTNorway

Personalised recommendations