spacer back contents
ERCIM News No.49, April 2002


CORAS - A Framework for Risk Analysis of Security Critical Systems

by Theo Dimitrakos, Juan Bicarregui and Ketil Stølen

CORAS is a European research and technological development project developing a tool supported framework for model-based security risk assessment.

A proper understanding of the limitations of the existing infrastructures is an important prerequisite for designing new services with a satisfying degree of security. In our opinion, an improved methodology for risk analysis is a necessary first step towards verifying and/or improving the security of such systems.

Ideally, risk management should be applied across all aspects of dependability. However, the increasing complexity of information systems urges the improvement of existing design and analysis methods in order to increase the likelihood that all possible threats are taken into consideration. More particularly there is a need for combining complementary security risk analysis methods with respect to the system architecture. We are not aware of an already developed integrated approach to system design and risk analysis, where the architecture expressed in the information system model is used to guide the combined application of risk analysis techniques. This need is being addressed in the European project CORAS for the area of security risk analysis.

An Overview of CORAS
The overall objective for the CORAS project is to develop a practical framework for model-based security risk assessment by exploiting the synthesis of risk analysis methods with semiformal specification methods supported by an adaptable tool-integration platform. As illustrated by the following figure, the CORAS framework has four main anchor-points.

The CORAS risk assessment methodology integrates aspects of HazOp analysis, Fault Tree Analysis (FTA), Failure Mode and Effect Criticality Analysis (FMECA), Markov Analysis as well as CRAMM. It is model-based in the sense that it gives detailed recommendations for the use of UML-oriented modelling in conjunction with assessment. It employs modelling technology for three main purposes:

  • to describe the target of assessment at the right level of abstraction.
  • as a medium for communication and interaction between different groups of stakeholders involved in risk assessment.
  • to document risk assessment results and the assumptions on which these results depend.

The core risk analysis segment of the CORAS risk management process are three sub-processes ('identify risks', 'analyse risks', 'risk evaluation'), grouped together at the top layer of the figure. The CORAS risk management process consists of instantiations of abstract patterns given the CORAS framework using different risk analysis methods in order to analyse different parts of the system. The choice of risk analysis method upon which the abstract pattern is instantiated depends on the viewpoint in which the part to be analysed appears and the detail incorporated in the context of the analysis depends on the phase in the development lifecycle. The specific instances of the CORAS risk management process that are used throughout the system lifecycle depend on the target (sub)system and the context of the analysis.

As the system description becomes more elaborate, any combination of refinement and decomposition results into a propagation of the risk analysis from the composite object to the components guided by the system architecture.

The CORAS Integration Platform
The CORAS platform is based on data integration implemented in terms of XML technology. The platform is being built around an internal data representation formalised in XML/XMI (characterised by XML schema). Based on XSL, relevant aspects of the internal data representation are being mapped to the internal data representations of other tools (and the other way around). This allows the integration of system design case-tools with analysis tools or tools for vulnerability and treat management., as shown in the following figure. Standard XML commodity component tools provide much of the basic functionality.

The CORAS framework for model-based risk assessment.

The CORAS framework for model-based risk assessment.

CORAS aims to support the design process by developing an innovative tool-supported risk analysis methodology and process integrating:

  • methods for risk analysis
  • semiformal description methods - in particular, state-of-the-art methods for viewpoint- and object-oriented modeling (UML, MSC, RM-ODP)
  • tool-integration technology supporting openness and interoperability.

The main innovations of the CORAS project stem from its emphasis on integrating risk analysis tightly into a UML and RM-ODP setting, supported by an iterative process, and underpinned by a platform for tool-integration targeting openness and interoperability.

Project website:

Please contact:
Theo Dimitrakos, CLRC
Tel: +44 1235 44 6387

Ketil Stølen, SINTEF Group, Norway
Tel: +47 22067897