CORAS - A Framework for Risk Analysis of Security Critical Systems
by Theo Dimitrakos, Juan Bicarregui and Ketil Stølen
CORAS is a European research and technological development project developing a tool supported framework for model-based security risk assessment.
A proper understanding of the limitations of the existing infrastructures is an important prerequisite for designing new services with a satisfying degree of security. In our opinion, an improved methodology for risk analysis is a necessary first step towards verifying and/or improving the security of such systems.
Ideally, risk management should be applied across all aspects of dependability. However, the increasing complexity of information systems urges the improvement of existing design and analysis methods in order to increase the likelihood that all possible threats are taken into consideration. More particularly there is a need for combining complementary security risk analysis methods with respect to the system architecture. We are not aware of an already developed integrated approach to system design and risk analysis, where the architecture expressed in the information system model is used to guide the combined application of risk analysis techniques. This need is being addressed in the European project CORAS for the area of security risk analysis.
An Overview of CORAS
The CORAS risk assessment methodology integrates aspects of HazOp analysis, Fault Tree Analysis (FTA), Failure Mode and Effect Criticality Analysis (FMECA), Markov Analysis as well as CRAMM. It is model-based in the sense that it gives detailed recommendations for the use of UML-oriented modelling in conjunction with assessment. It employs modelling technology for three main purposes:
The core risk analysis segment of the CORAS risk management process are three sub-processes ('identify risks', 'analyse risks', 'risk evaluation'), grouped together at the top layer of the figure. The CORAS risk management process consists of instantiations of abstract patterns given the CORAS framework using different risk analysis methods in order to analyse different parts of the system. The choice of risk analysis method upon which the abstract pattern is instantiated depends on the viewpoint in which the part to be analysed appears and the detail incorporated in the context of the analysis depends on the phase in the development lifecycle. The specific instances of the CORAS risk management process that are used throughout the system lifecycle depend on the target (sub)system and the context of the analysis.
As the system description becomes more elaborate, any combination of refinement and decomposition results into a propagation of the risk analysis from the composite object to the components guided by the system architecture.
The CORAS Integration Platform
The main innovations of the CORAS project stem from its emphasis on integrating risk analysis tightly into a UML and RM-ODP setting, supported by an iterative process, and underpinned by a platform for tool-integration targeting openness and interoperability.