Gencer Erdogan

Approaches for the combined use of risk analysis and testing: a systematic literature review

Risk analysis and testing are conducted for different purposes. Risk analysis and testing nevertheless involve processes that may be combined to the benefit of both. We may use testing to support risk analysis and risk analysis to support testing. This paper surveys literature on the combined use of risk analysis and testing. First, the existing approaches are identified through a systematic literature review. The identified approaches are then classified and discussed with respect to main goal, context of use and maturity level. The survey highlights the need for more structure and rigor in the definition and presentation of approaches. Evaluations are missing in most cases. The paper may serve as a basis for examining approaches for the combined use of risk analysis and testing, or as a resource for identifying the adequate approach to use.

A Systematic Method for Risk-Driven Test Case Design Using Annotated Sequence Diagrams

Risk-driven testing is a testing approach that aims at focusing the testing process on the aspects or features of the system under test that are most exposed to risk. Current risk-driven testing approaches succeed in identifying the aspects or features that are most exposed to risks, and thereby support testers in planning the testing process accordingly. However, they fail in supporting testers to employ risk analysis to systematically design test cases. Because of this, there exists a gap between risks, which are often described and understood at a high level of abstraction, and test cases, which are often defined at a low level of abstraction. In this paper, we bridge this gap. We give an example-driven presentation of a novel method, intended to assist testers, for systematically designing test cases by making use of risk analysis.

A Method for Developing Algorithms for Assessing Cyber-Risk Cost

We present a method for developing executable algorithms for quantitative cyber-risk assessment. Exploiting techniques from security risk modeling and actuarial approaches, the method pragmatically combines use of available empirical data and expert judgments. The input to the algorithms are indicators providing information about the target of analysis, such as suspicious events observed in the network. Automated execution of the algorithms facilitates continuous assessment.

Evaluation of the CORAL Approach for Risk-driven Security Testing based on an Industrial Case Study

The CORAL approach is a model-based method to security testing employing risk assessment to help security testers select and design test cases based on the available risk picture. In this paper we present experiences from using CORAL in an industrial case. The results indicate that CORAL supports security testers in producing risk models that are valid and threat scenarios that are directly testable. This, in turn, helps testers to select and design test cases according to the most severe security risks posed on the system under test.

Schematic Generation of English-Prose Semantics for a Risk Analysis Language Based on UML Interactions

To support risk-driven testing, we have developed CORAL, a language for risk analysis based on UML interactions. In this paper, we present its semantics as a translation of CORAL diagrams into English prose. The CORAL semantics is developed to help software testers to clearly and consistently document, communicate and analyze risks in a risk-driven testing process. We first provide an abstract syntax and a translation algorithm. Then, we evaluate the approach based on some examples. We argue that the resulting English prose is comprehensible by testers, is consistent with the semantics of UML interactions, and has a complexity that is linear to the complexity of CORAL diagrams in terms of size.

Risk-Based Decision Support Model for Offshore Installations

Abstract Background: During major maintenance projects on offshore installations, flotels are often used to accommodate the personnel. A gangway connects the flotel to the installation. If the offshore conditions are unfavorable, the responsible operatives need to decide whether to lift (disconnect) the gangway from the installation. If this is not done, there is a risk that an uncontrolled autolift (disconnection) occurs, causing harm to personnel and equipment. Objectives: We present a decision support model, developed using the DEXi tool for multi-criteria decision making, which produces advice on whether to disconnect/connect the gangway from/to the installation. Moreover, we report on our development method and experiences from the process, including the efforts invested. An evaluation of the resulting model is also offered, primarily based on feedback from a small group of offshore operatives and domain experts representing the end user target group. Methods/Approach: The decision support model was developed systematically in four steps: establish context, develop the model, tune the model, and collect feedback on the model. Results: The results indicate that the decision support model provides advice that corresponds with expert expectations, captures all aspects that are important for the assessment, is comprehensible to domain experts, and that the expected benefit justifies the effort for developing the model. Conclusions: We find the results promising, and believe that the approach can be fruitful in a wider range of risk-based decision support scenarios. Moreover, this paper can help other decision support developers decide whether a similar approach can suit them

A Method for Developing Qualitative Security Risk Assessment Algorithms

We present a method for developing qualitative security risk assessment algorithms where the input captures the dynamic state of the target of analysis. This facilitates continuous monitoring. The intended users of the method are security and risk practitioners interested in developing assessment algorithms for their own or their client’s organization. Managers and decision makers will typically be end users of the assessments provided by the algorithms. To promote stakeholder involvement, the method is designed to ensure that the algorithm and the underlying risk model are simple to understand. We have employed the method to create assessment algorithms for 10 common cyber attacks, and use one of these to demonstrate the approach.

Employing Graphical Risk Models to Facilitate Cyber-Risk Monitoring - the WISER Approach

We present a method for developing machine-readable cyber-risk assessment algorithms based on graphical risk models, along with a framework that can automatically collect the input, execute the algorithms, and present the assessment results to a decision maker. This facilitates continuous monitoring of cyber-risk. The intended users of the method are professionals and practitioners interested in developing new algorithms for a specific organization, system or attack type, such as consultants or dedicated cyber-risk experts in larger organizations. For the assessment results, the intended users are decision makers in charge of countermeasure selection from an overall business perspective.

Design Decisions in the Development of a Graphical Language for Risk-Driven Security Testing

We have developed a domain-specific modeling language named CORAL that employs risk assessment to help security testers select and design test cases based on the available risk picture. In this paper, we present CORAL and then discuss why the language is designed the way it is, and what we could have done differently.

Towards Transparent Real-Time Privacy Risk Assessment of Intelligent Transport Systems

There are many privacy concerns within Intelligent Transport Systems (ITS). On the one hand, end-users are concerned about their privacy risk exposure, while on the other hand, ITS providers need to claim privacy awareness and document compliance with regulations or otherwise face devastating fines. One approach to address these concerns is to use methods specifically developed to assess privacy risks of ITS. The literature lacks such methods, and the complex and dynamic nature of ITS introduces challenges that need to be properly addressed when assessing privacy risks. The main challenges are related to real-time assessment of privacy risks to (1) inform end-users about exposed privacy risks, and (2) help providers asses privacy-compliance risks. We propose a method to privacy risk assessment addressing these challenges. The method is exemplified on an ITS-example. The initial results indicate feasibility of the method and propose directions for future work.