Computational BioMedicine Laboratory


Category: european

Project Title: A platform for risk analysis of security critical systems.

Funding Organization: EC/DG-Information Society

Programme: IST-2000-25031

Programme Nature: 5th Framework Programme R&D project

Coordinator: Telenor As,Oslo-NORWAY

Partners: Telenor Communications AS R&D (Norway), Intracom S.A. (Greece), Institute for energy technology (Norway), Norwegian Computing Center (Norway), SINTEF (Norway), Norwegian Centre of Telemedicine (Norway), Rutherford Appleton Labs (United Kingdom), Queen Marys and Westfield College (United Kingdom), Computer Technology Institute (Greece) and Solinet Gmbh (Germany)

Duration: 01/11/2001-30/06/2003

Expiration Date: 2003

Total Budget: 4.870.478 Euro

FORTH ICS budget: 198.346 Euro

Web Site:

Project Objective: A major challenge for users and vendors of information and communication technology in Europe and world-wide is to implement security in a way that meets business needs cost-effectively, both in the short term and as enterprise needs expand. In order to meet this challenge, we need to improve the existing methods of identifying and analysing possible threats, and of specifying, designing and implementing security policies. CORAS aims to develop a framework or precise, unambiguous, and efficient risk analysis of security critical systems. This framework will be built upon a selective integration of Risk Analysis techniques and semi-formal Object Oriented Modelling to support the formation, rigorous specification and endorsement of security policies. The framework will be obtained through adapting, refining, extending, and combining methods for risk analysis, semi-formal object oriented modelling, and computerized tools (supporting the above mentioned methods). The integration of risk analysis and semiformal modelling will receive special emphasis. In particular, for each analysis scenario considered:

  • What are the relevant system properties?
  • How should the relevant system properties be modelled using semiformal methods?
  • How do we make optimal use of the resulting semiformal models during risk analysis?
  • How do we represent the results from risk analysis (intermediate as well as final results)?
  • What are the general rules for maintenance and reuse of such results?
  • The CORAS framework will be tested and assessed in two major trials, one within telemedicine and one within e-commerce.

Conditions of Use | Privacy Policy