The Coras Approach for Model-Based Risk Management Applied to E-Commerce Domain [chapter]

Dimitris Raptis, Theo Dimitrakos, Bjørn Axel Gran, Ketil Stølen
2002 IFIP Advances in Information and Communication Technology  
The CORAS project develops a practical framework for model-based risk management of security critical systems by exploiting the synthesis of risk analysis methods with semiformal specification methods, supported by an adaptable tool-integration platform. The framework is also accompanied by the CORAS process, which is a systems development process based on the integration of RUP and a standardised security risk management process, and it is supported by an XML-based tool-integration platform.
more » ... e CORAS framework and process are being validated in extensive user trials in the areas of e-commerce and telemedicine. This paper presents an overview of the CORAS framework, emphasising on the modelling approach followed in the first of the user trials (concerning the authentication mechanism of an ecommerce platform) and it provides some examples of the risk analyses employed in this context.
doi:10.1007/978-0-387-35612-9_13 fatcat:iw6skypplvdf7neyqlxbrk2uia