Coras Poster
2
Model-based Risk Assessment What does model-based mean? Model-based me ans based on modelling techniques, as use d in, for example, the Unified Modelling Language (UML ). This language is us ed in specifying all a spects of an IT-system. A static picture of the relation between the different components is given through the use of class diagrams. A dynamic picture specifying the functions and actors of the s ystem is given by use case diagrams and sequence diagrams. The complete system is specified with the help of UML-diagrams. It is the architectural drawing of the IT-system. Why modell ing? Specifying an IT-system is often a complicated task that demands a method that can provide both the details and the overview of the IT-system. Modelling techniques give us the possib ility to specify all aspects of the system while keeping a good overview at the same time. What does Risk Assessment mean? A risk assessment is a process applied on, in our case, an IT-system or one of its components. The process indicates what kind of risks are connected to the use of the system, analyses and evaluates them and come s up with treatments on how to change the system in order to reduce these indicated risks. Why Risk Assessment? IT-systems get bigger, more complicated and their role in our everyday life gets increasingly important. An inevitable aspect with human made systems like an IT-system is that on top of the designed features we get a bunch of ‘anti’-features for free. These ‘anti’-features are nothing else than risks connected to operating the system. While designing a system it is important to not only know about these risks but also to be able to reduce them in as many s ituations as possible. This is the control that a risk assessment gives us. Requirements Analysis Features Actors Risk Analysis Vulnerabilities Crook Kind Use Case Diagram E-commerce system register login choose products pay guest registered user customer database product database Evil Use Case Diagram E-commerce system login with stolen username unauthorised login database crash ? crook customer database product database Model-based Risk Assessment The requirements analysi s forms the basis for the traditional ‘kind’ modelling. Risk analysis has a similar role but focuses on evil behaviour. Every design ed system carries its own risks and it is important that they are known. It is therefore not enough to only model th e desired behaviour but also the unwanted behaviour . In addition the evil actors, crooks, need to be identified just like the normal actors. Model-based risk assessment is about documenting the results of traditional risk analysis technique s in the same way as we are used to doing for system requirements. The design process nee ds to take into account both wanted and unwanted behaviou r and designed actors and evil actors. As shown here modelling can be used for both aspects providing the complete documentation of the system design from both good and bad angles. register login choose products pay login with stolen username unauthorised login database crash ? guest registered user customer database product database crook Complete Use Case Diagram E-commerce system Risk Assessment of Security Critical Systems CORAS has 11 partners CORAS has 11 partners Ketil Stølen SINTEF Telecom and Informatics [email protected] Tony Price TelenorResearch and Development [email protected] http://www.nr.no/coras Ketil Stølen SINTEF Telecom and Informatics [email protected] Tony Price TelenorResearch and Development [email protected] http://www.nr.no/coras Please contact us Please contact us
Transcript of Coras Poster
Model-based Risk Assessment
What does model-based mean?Model-based means based on modelling techniques, as used in, for example, the Unified
Modelling Language (UML). This language is used in specifying all aspects of an IT-system. Astatic picture of the relation between the different components is given through the use of classdiagrams. A dynamic picture specifying the functions and actors of the system is given by use
case diagrams and sequence diagrams.The complete system is specified with the help of UML-diagrams. It is the architectural drawing
of the IT-system.
Why modelling?Specifying an IT-system is often a complicated task that demands a method that can provide
both the details and the overview of the IT-system. Modelling techniques give us the possibility tospecify all aspects of the system while keeping a good overview at the same time.
What does Risk Assessment mean?
A risk assessment is a process applied on, in our case, an IT-system or one of its components.The process indicates what kind of risks are connected to the use of the system, analyses andevaluates them and comes up with treatments on how to change the system in order to reducethese indicated risks.
Why Risk Assessment?IT-systems get bigger, more complicated and their role in our everyday life gets increasingly
important. An inevitable aspect with human made systems like an IT-system is that on top of thedesigned features we get a bunch of ‘anti’-features for free. These ‘anti’-features are nothingelse than risks connected to operating the system. While designing a system it is important tonot only know about these risks but also to be able to reduce them in as many s ituations aspossible. This is the control that a risk assessment gives us.
Requirements Analysis
Features Actors
Risk Analysis
Vulnerabilities Crook
Kind Use Case DiagramE-commerce system
register
login
choose products
pay
guest
registered user
customer database
product database
Evil Use Case Diagram
E-commerce system
login with stolenusername
unauthorised login
database crash
?
crook
customer database
product database
Model-based Risk AssessmentThe requirements analysis forms the basis for the traditional ‘kind’ modelling. Risk analysis has a
similar role but focuses on evil behaviour. Every designed system carries its own risks and it isimportant that they are known. It is therefore not enough to only model the desired behaviour butalso the unwanted behaviour. In addition the evil actors, crooks, need to be identified just like thenormal actors. Model-based risk assessment is about documenting the results of traditional risk
analysis techniques in the same way as we are used to doing for system requirements. Thedesign process needs to take into account both wanted and unwanted behaviour and designed
actors and evil actors. As shown here modelling can be used for both aspects providing the
complete documentation of the system design from both good and bad angles.
register
login
chooseproducts
pay
login with stolenusername
unauthorisedlogin
database crash
?
guest
registered user
customer database
product database
crook
Complete Use Case DiagramE-commerce system
Risk Assessment of Security Critical Systems
CORAShas 11 partners
CORAShas 11 partners
Ketil StølenSINTEF Telecom and Informatics
Tony Price
TelenorResearch and [email protected]
http://www.nr.no/coras
Ketil StølenSINTEF Telecom and Informatics
Tony Price
TelenorResearch and [email protected]
http://www.nr.no/coras
Please contact us
Please contact us
