Location of Repository

Towards a UML Profile for Model-Based Risk Assessment

By Siv Hilde Houmb, Folker Den Braber, Mass Soldal Lund, Ketil Stølen and Sintef Telecom Informatics


The EU-funded CORAS project (IST-2000-25031) is developing a framework for model-based risk assessment of security-critical systems. This framework is characterised by: (1) A careful integration of aspects from partly complementary risk assessment methods. (2) Guidelines and methodology for the use of UML to support and direct the risk assessment methodology. (3) A risk management process based on AS/NZS 4360 and ISO/IEC 17799. (4) A risk documentation framework based on RM-ODP. (5) An integrated risk management and system development process based on UP. (6) A platform for toolinclusion based on XML. This paper focuses on one specific aspect of the CORAS framework, namely the CORAS UML profile for risk assessment. In particular, it explains its role in the CORAS risk management process and demonstrates its use in the risk assessment of an e-Commerce system

Year: 2002
OAI identifier: oai:CiteSeerX.psu:
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://citeseerx.ist.psu.edu/v... (external link)
  • http://www.idi.ntnu.no/grupper... (external link)
  • Suggested articles

    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.