A Denotational Model for Component-Based Risk Analysis

  • Gyrd Brændeland
  • Atle Refsdal
  • Ketil Stølen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7253)


Risk analysis is an important tool for developers to establish the appropriate protection level of a system. Unfortunately, the shifting environment of components and component-based systems is not adequately addressed by traditional risk analysis methods. This paper addresses this problem from a theoretical perspective by proposing a denotational model for component-based risk analysis. In order to model the probabilistic aspect of risk, we represent the behaviour of a component by a probability distribution over communication histories. The overall goal is to provide a theoretical foundation facilitating an improved understanding of risk in relation to components and component-based system development.


Risk Analysis Probabilistic Choice Composite Component Transmission Event Internal Interaction 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ahrens, F.: Why it’s so hard for Toyota to find out what’s wrong. The Washington Post (March 2010)Google Scholar
  2. 2.
    Brændeland, G., Refsdal, A., Stølen, K.: A denotational model for component-based risk analysis. Technical Report 363, University of Oslo, Department of Informatics (2011)Google Scholar
  3. 3.
    Brændeland, G., Stølen, K.: Using model-driven risk analysis in component-based development. In: Dependability and Computer Engineering: Concepts for Software-Intensive Systems. IGI Global (2011)Google Scholar
  4. 4.
    Broy, M., Stølen, K.: Specification and development of interactive systems – Focus on streams, interfaces and refinement. Monographs in computer science. Springer (2001)Google Scholar
  5. 5.
    Courant, R., Robbins, H.: What Is Mathematics? An Elementary Approach to Ideas and Methods. Oxford University Press (1996)Google Scholar
  6. 6.
    de Alfaro, L., Henzinger, T.A., Jhala, R.: Compositional Methods for Probabilistic Systems. In: Larsen, K.G., Nielsen, M. (eds.) CONCUR 2001. LNCS, vol. 2154, pp. 351–365. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Derman, C.: Finite state Markovian decision process. Mathematics in science and engineering, vol. 67. Academic Press (1970)Google Scholar
  8. 8.
    Dudley, R.M.: Real analysis and probability. Cambridge studies in advanced mathematics, Cambridge (2002)Google Scholar
  9. 9.
    Probability theory. Encyclopædia Britannica Online (2009)Google Scholar
  10. 10.
    Folland, G.B.: Real Analysis: Modern Techniques and Their Applications. Pure and Applied Mathematics, 2nd edn. John Wiley and Sons Ltd., USA (1999)Google Scholar
  11. 11.
    Halmos, P.R.: Measure Theory. Springer (1950)Google Scholar
  12. 12.
    Haugen, Ø., Husa, K.E., Runde, R.K., Stølen, K.: STAIRS towards formal design with sequence diagrams. Software and System Modeling 4(4), 355–357 (2005)CrossRefGoogle Scholar
  13. 13.
    He, J., Josephs, M., Hoare, C.A.R.: A theory of synchrony and asynchrony. In: IFIP WG 2.2/2.3 Working Conference on Programming Concepts and Methods, pp. 459–478. North Holland (1990)Google Scholar
  14. 14.
    ISO. Risk management – Vocabulary, ISO Guide 73:2009 (2009)Google Scholar
  15. 15.
    Jürjens, J. (ed.): Secure systems development with UML. Springer (2005)Google Scholar
  16. 16.
    Khan, K.M., Han, J.: Composing security-aware software. IEEE Software 19(1), 34–41 (2002)CrossRefGoogle Scholar
  17. 17.
    Khan, K.M., Han, J.: Deriving systems level security properties of component based composite systems. In: Australian Software Engineering Conference, pp. 334–343 (2005)Google Scholar
  18. 18.
    Komjáth, P., Totik, V.: Problems and theorems in classical set theory. Problem books in mathematics. Springer (2006)Google Scholar
  19. 19.
    Lamport, L.: How to write a proof. American Mathematical Monthly 102(7), 600–608 (1993)MathSciNetCrossRefGoogle Scholar
  20. 20.
    Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)Google Scholar
  21. 21.
    Meyn, S.: Control Techniques for Complex Networks. Cambridge University Press (2007)Google Scholar
  22. 22.
    OMG. Unified Modeling LanguageTM (OMG UML), Superstructure, Version 2.3 (2010)Google Scholar
  23. 23.
    Refsdal, A.: Specifying Computer Systems with Probabilistic Sequence Diagrams. PhD thesis, Faculty of Mathematics and Natural Sciences, University of Oslo (2008)Google Scholar
  24. 24.
    Refsdal, A., Runde, R.K., Stølen, K.: Underspecification, Inherent Nondeterminism and Probability in Sequence Diagrams. In: Gorrieri, R., Wehrheim, H. (eds.) FMOODS 2006. LNCS, vol. 4037, pp. 138–155. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  25. 25.
    Runde, R.K., Haugen, Ø., Stølen, K.: The Pragmatics of STAIRS. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2005. LNCS, vol. 4111, pp. 88–114. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
    Segala, R.: Modeling and Verification of Randomized Distributed Real-Time Systems. PhD thesis, Laboratory for Computer Science, Massachusetts Institute of Technology (1995)Google Scholar
  27. 27.
    Segala, R., Lynch, N.A.: Probabilistic simulations for probabilistic processes. Nordic Journal of Computing 2(2), 250–273 (1995)MathSciNetzbMATHGoogle Scholar
  28. 28.
    Seidel, K.: Probabilistic communicationg processes. Theoretical Computer Science 152(2), 219–249 (1995)MathSciNetzbMATHCrossRefGoogle Scholar
  29. 29.
    Sere, K., Troubitsyna, E.: Probabilities in action system. In: Proceedings of the 8th Nordic Workshop on Programming Theory (1996)Google Scholar
  30. 30.
    Skorokhod, A.V.: Basic principles and application of probability theory. Springer (2005)Google Scholar
  31. 31.
    Standards Australia, Standards New Zealand. Australian/New Zealand Standard. Risk Management, AS/NZS 4360:2004 (2004)Google Scholar
  32. 32.
    Weisstein, E.W.: CRC Concise Encyclopedia of Mathematics, 2nd edn. Chapman & Hall/CRC (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Gyrd Brændeland
    • 1
    • 2
  • Atle Refsdal
    • 2
  • Ketil Stølen
    • 1
    • 2
  1. 1.Department of InformaticsUniversity of OsloNorway
  2. 2.SINTEFNorway

Personalised recommendations