Abstract. The CORAS security risk modelling language is a customised graphical language for communication, documentation and analysis of security threat and risk scenarios. This paper presents a semantics for the CORAS language. The semantics is structured in that it provides stepby-step instructions on how to correctly interpret an arbitrary CORAS diagram. The result is a readable paragraph of English. This enables users of the CORAS language to easily extract the intended meaning of a given diagram. The semantics is modular in the sense that the semantics of any diagram can be deduced from the semantics of its elements and relations.
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.