论文信息 - Reusing Risk Analysis Results -- An Extension for the CORAS Risk Analysis Method

Reusing Risk Analysis Results -- An Extension for the CORAS Risk Analysis Method

This paper shows how the results of CORAS risk analysis can be reused and combined. It introduces new models, diagram types and procedures as an extension of the CORAS method. Taking risk analysis artifacts generated for the individual base components as input, probability values for unwanted incidents of complex systems can be calculated if the relations between these artifacts are modeled correctly. Initially developed for the S Network, a trustworthy repository, this extension is predestined for analyzing large scale systems consisting of heterogeneous components, which no single analyst team could handle.

Johannes Viehmann

[1] P. Grabov,et al. Bouncing failure analysis (BFA): the unified FTA-FMEA methodology , 2005, Annual Reliability and Maintainability Symposium, 2005. Proceedings..

[2] Johannes Viehmann,et al. The theory of creating trust with a set of mistrust-parties , 2012, 2012 Tenth Annual International Conference on Privacy, Security and Trust.

[3] Ketil Stølen,et al. Using Dependent CORAS Diagrams to Analyse Mutual Dependency , 2007, CRITIS.

[4] Ketil Stølen,et al. Model-Driven Risk Analysis - The CORAS Approach , 2010 .

[5] J. Dugan,et al. A modular approach for analyzing static and dynamic fault trees , 1997, Annual Reliability and Maintainability Symposium.

[6] David Coppit,et al. Developing a low-cost high-quality software tool for dynamic fault-tree analysis , 2000, IEEE Trans. Reliab..

[7] Ketil Stølen,et al. A graphical approach to risk identification, motivated by empirical investigations , 2006, MoDELS'06.

[8] Ketil Stølen,et al. Structured Semantics for the CORAS Security Risk Modelling Language , 2007 .

[9] A. Kolmogoroff. Grundbegriffe der Wahrscheinlichkeitsrechnung , 1933 .

[10] Antoine Rauzy,et al. New algorithms for fault trees analysis , 1993 .