Bjørn Axel Gran

Model-based risk assessment to improve enterprise security

The main objective of the CORAS project is to provide methods and tools for precise, unambiguous, and efficient risk assessment of security critical systems. To this end, we advocate a model-based approach to risk assessment, and define the required models for this. Whereas traditional risk assessment is performed without any formal description of the target of evaluation or results of the risk assessment, CORAS aims to provide a well defined set of models well suited to (1) describe the target of assessment at the right level of abstraction, (2) as a medium for communication between different groups of stakeholders involved in a risk assessment, and (3) to document risk assessment results and the assumptions on which these results depend. We propose models for each step in a risk assessment process and report results of use.

Use of Bayesian Belief Networks when combining disparate sources of information in the safety assessment of software-based systems

The paper discusses how disparate sources of information can be combined in the safety assessment of software-based systems. The emphasis is put on an emerging methodology, relevant for intelligent product-support systems, to combine information about disparate evidences systematically based on Bayesian Belief Networks. The objective is to show the link between basic information and the confidence one can have in a system. How one combines the Bayesian Belief Net (BBN) method with a software safety standard (RTCA/DO-178B) for safety assessment of software-based systems is also discussed. Finally, the applicability of the BBN methodology and experiences from cooperative research work together with Kongsberg Defence & Aerospace and Det Norske Veritas, and ongoing research with VTT Automation are presented.

A Bayesian Belief Network for Reliability Assessment

The objective of this paper is to present work on how a Bayesian Belief Network for a software safety standard, can be merged with a BBN on the reliability estimation of software based digital systems. The results on applying BBN methodology with a software safety standard is based upon previous research by the Halden Project, while the results on the reliability estimation is based on a Masters Thesis by Helminen. The research is also a part in the more long-term activity by the Halden Reactor Project on the use of BBNs as support for safety assessment of programmable systems. In this report it is discussed how the two approaches can be merged together into one Bayesian Network, and the problems with merging are pinpointed.

An Approach for Model-Based Risk Assessment

Traditional risk analysis and assessment is based on failure-oriented models of the system. In contrast to this, model-based risk assessment (MBRA) utilizes success-oriented models describing all intended system aspects, including functional, operational and organisational aspects of the target. The target models are then used as input sources for complementary risk analysis and assessment techniques, as well as a basis for the documentation of the assessment results. The EU-funded CORAS project developed a tool-supported methodology for model-based risk analysis of security-critical systems. The methodology has been tried out within the telemedicine and e-commerce areas, and provided through a series of seven trials a sound basis for risk assessments. This paper gives an overview of the results with focus on how the approach can be applied for addressing security aspects in a safety critical application and discusses how the methodology can be applied as a part of a trust case development.

THE USE OF BAYESIAN BELIEF NETS IN SAFETY ASSESSMENT OF SOFTWARE BASED SYSTEMS

The paper describes an investigation of methods to perform a reliability and safety assessment of the software in programmable safety relevant systems. It emphasises in particular how disparate information sources and different quantitative and qualitative methods should be combined in such an assessment. It starts with a general discussion of rule based, probabilistic and expert judgement methods and their applicability on software reliability. Then a method for combining different evidences in a reliability and safety assessment is pinpointed, viz. the Bayesian Belief Net (BBN) methodology. It is also illustrated how this method may be applied for safety assessment of software.

Assessment of programmable systems using Bayesian belief nets

This paper discusses some software safety standards, with respect to how they can be used to measure software safety. The possibility to transfer the requirements of a software safety standard into Bayesian Belief Nets is also investigated. The aim is to utilise the BBN methodology and associated tools, to transfer the software safety measurement into a probabilistic quantity. In this way software can be included in probabilistic safety analysis of the total programmable system. A project was performed in which the method was applied for evaluation of a real, safety related programmable system that was developed according to the avionic standard DO-178B. The test case, the standard, and the BBN methodology are shortly described, followed by a description of the construction of the BBN used in this project. Also a summary of some of the findings and experiences from the study is provided.

The coras approach for model-based risk management applied to e-commerce domain

The CORAS project develops a practical framework for model-based risk management of security critical systems by exploiting the synthesis of risk analysis methods with semiformal specification methods, supported by an adaptable tool-integration platform. The framework is also accompanied by the CORAS process, which is a systems development process based on the integration of RUP and a standardised security risk management process, and it is supported by an XML-based tool-integration platform. The CORAS framework and process are being validated in extensive user trials in the areas of e-commerce and telemedicine. This paper presents an overview of the CORAS framework, emphasising on the modelling approach followed in the first of the user trials (concerning the authentication mechanism of an e-commerce platform) and it provides some examples of the risk analyses employed in this context.

Addressing dependability by applying an approach for model-based risk assessment

Abstract This paper describes how an approach for model-based risk assessment (MBRA) can be applied for addressing different dependability factors in a critical application. Dependability factors, such as availability, reliability, safety and security, are important when assessing the dependability degree of total systems involving digital instrumentation and control (I&C) sub-systems. In order to identify risk sources their roles with regard to intentional system aspects such as system functions, component behaviours and intercommunications must be clarified. Traditional risk assessment is based on fault or risk models of the system. In contrast to this, MBRA utilizes success-oriented models describing all intended system aspects, including functional, operational and organizational aspects of the target. The EU-funded CORAS project developed a tool-supported methodology for the application of MBRA in security-critical systems. The methodology has been tried out within the telemedicine and e-commerce areas, and provided through a series of seven trials a sound basis for risk assessments. In this paper the results from the CORAS project are presented, and it is discussed how the approach for applying MBRA meets the needs of a risk-informed Man–Technology–Organization (MTO) model, and how methodology can be applied as a part of a trust case development.

The CORAS Framework for a Model-Based Risk Management Process

CORAS is a research and technological development project under the Information Society Technologies (IST) Programme (Commission of the European Communities, Directorate-General Information Society). One of the main objectives of CORAS is to develop a practical framework, exploiting methods for risk analysis, semiformal methods for object-oriented modelling, and computerised tools, for a precise, unambiguous, and efficient risk assessment of security critical systems. This paper presents the CORAS framework and the related conclusions from the CORAS project so far.

Model-Based Risk Assessment in a Component-Based Software Engineering Process

The EU-funded CORAS project (IST-2000–25031) is developing a framework for model-based risk assessment of security-critical systems. This framework is characterised by: (1) A careful integration of techniques and features from partly complementary risk assessment methods. (2) Patterns and methodology for UML oriented modelling targeting the different risk assessment methods. (3) A risk management process based on AS/NZS 4360. (4) A risk documentation framework based on RM-ODP. (5) An integrated risk management and system development process based on UP. (6) A platform for tool-inclusion based on XML. This chapter describes and explains the CORAS approach to model-based risk assessment. The ability to aid risk assessment in a component-based software engineering process receives particular attention. We consider maintenance, composition as well as reuse of risk assessment results.