Model based risk management of security critical systems

This paper describes a novel framework for a risk management process involving a model-based approach, developed as the main objective of CORAS (IST-2000 25031). The main motivation for this approach is to achieve an improved methodology for precise, unambiguous, and efficient risk analysis of security critical systems. There are several benefits from a model-based approach. Firstly, the description of the target system, its context and all security relevant features required for risk analysis, can be improved by applying state-of-the-art modelling technology. Secondly, it provides a rich set of graphical descriptions that address properties of the target system as well as their context (including the behaviour of humans), which improves communication and interaction between stakeholders involved in a risk analysis and also facilitates the formalization of threats and more precise documentation of risk analysis results and the assumptions. Finally, tighter integration of risk management in the system development process may considerably reduce the development costs. In this paper we place the emphasis on the proposed guidelines and recommendations for model-based risk management, which will be evaluated through trials in the e-commerce and telemedicine areas. Since CORAS is an ongoing project, the research described here is work in progress.