Abstract
CORAS is a research and technological development project under the Information Society Technologies (IST) Programme (Commission of the European Communities, Directorate-General Information Society). One of the main objectives of CORAS is to develop a practical framework, exploiting methods for risk analysis, semiformal methods for object-oriented modelling, and computerised tools, for a precise, unambiguous, and efficient risk assessment of security critical systems. This paper presents the CORAS framework and the related conclusions from the CORAS project so far.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
CORAS: ”A Platform for Risk Analysis of Security Critical Systems”, IST-2000-25031,(2000).(http://www.nr.no/coras/)
OMG: UML proposal to the Object Management Group(OMG), Version 1.4, 2000.
ISO/IEC 10746: Basic Reference Model of Open Distributed Processing, 1999.
AS/NZS 4360: Risk Management. Australian/New Zealand Standard 1999.
Krutchen, P.: The Rational Unified Process, An Introduction, Addison-Wesley (1999)
W3C: Extensible Markup Language (XML) 1.0 October 2000
Redmill F., Chudleigh M., Catmur J.: Hazop and Software Hazop, Wiley, 1999.
Andrews J.D., Moss, T.R.: Reliability and Risk Assessment, 1st Ed. Longman Group UK, 1993.
Bouti A., Kadi A.D.: A state-of-the-art review of FMEA/FMECA, International Journal of Reliability, Quality and Safety Engineering, vol. 1,no. 4, pp (515–543), 1994.
Littlewood B.: A Reliability Model for Systems with Markov Structure, Appl. Stat., 24(2), pp (172–177), 1975.
Hollnagel E.: Human Reliability Analysis: Context and Control, Academic press, London, UK, 1993.
Barber B., Davey J.: Use of the CRAMM in Health Information Systems, MED-INFO 92, ed Lun K.C., Degoulet P., Piemme T. E. and Rienho. O., North Holland Publishing Co, Amsterdam, pp (1589–1593), 1992.
Henley E. J., and Kumamoto, H.: Probabilistic Risk Assessment and Management for Engineers and Scientists. 2nd Ed. IEEE Press, 1996.
Damianou N., Dulay N., Lupu E., and Sloman M.: Ponder: A Language for Specifying Security and Management Policies for Distributed Systems. The Language Specification — Version 2.2. Research Report DoC 2000/1, Department of Computing, Imperial College, London, April, 2000. 99
Warmer Jos B., and Kleppe Anneke G.: The Object Constraint Language — precise modeling with UML. Addison-Wesley, 1999.
OMG: Meta Object Facility. Object Management Group(OMG), http://www.omg.org
Winther, Rune et al.: Security Assessments of Safety Critical Systems Using HAZOPs, U. Voges (Ed.): SAFECOMP 2001, LNCS 2187, pp. (14–24), 2001, Springer-Verlag Berlin Heidelberg 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fredriksen, R., Kristiansen, M., Gran, B.A., Stølen, K., Opperud, T.A., Dimitrakos, T. (2002). The CORAS Framework for a Model-Based Risk Management Process. In: Anderson, S., Felici, M., Bologna, S. (eds) Computer Safety, Reliability and Security. SAFECOMP 2002. Lecture Notes in Computer Science, vol 2434. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45732-1_11
Download citation
DOI: https://doi.org/10.1007/3-540-45732-1_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44157-1
Online ISBN: 978-3-540-45732-9
eBook Packages: Springer Book Archive