ePubs

The open archive for STFC research publications

Full Record Details

Persistent URL http://purl.org/net/epubs/work/29040
Record Status Checked
Record Id 29040
Title The CORAS Approach for Model-based Risk Management applied to e-Commerce Domain
Contributors
Abstract The CORAS project develops a practical framework for model-based risk management of security critical systems by exploiting the synthesis of risk analysis methods with semiformal specification methods, supported by an adaptable tool-integration platform. The framework is also accompanied by the CORAS process, which is a systems development process based on the integration of RUP and a standardised security risk management process, and it is supported by an XML-based tool-integration platform. The CORAS framework and process are being validated in extensive user trials in the areas of e-commerce and telemedicine. This paper presents an overview of the CORAS framework, emphasising on the modelling approach followed in the first of the user trials (concerning the authentication mechanism of an e-commerce platform) and it provides some examples of the risk analyses employed in this context.
Organisation CCLRC , BITD
Keywords XML-based tool integration , e-Commerce , Security Assessment , RUP , UML , Model-based Risk Management
Funding Information
Related Research Object(s):
Licence Information:
Language English (EN)
Type Details URI(s) Local file(s) Year
Book Chapter or Section In Advanced Communications and Multimedia Security. IFIP — The International Federation for Information Processing 100 edited by Borka Jerman-Blaži?, Tomaž Klobu?ar (1) , 169-181. Springer, 2002. http://rd.springe…978-0-387-35612-9_13 2002