BT Technology Journal

, Volume 25, Issue 1, pp 141–153 | Cite as

A risk-driven security analysis method and modelling language

  • P. Kearney
  • L. Brügger


The BT Security Research Centre has defined and continues to develop a modelling language and method for representing and analysing ICT security requirements. The language is used to create a model that serves as a medium for communication between consultant and customer, a guide in making decisions, and the basis of a specification for implementing a solution. Three sub-models deal with business and technical requirements of the ICT system; threats, vulnerability and risks; and security measures and processes. The modelling process is iterative, with decisions being driven by optimisation of business value, trading off risk against cost. This paper focuses on aspects of the method dealing with assessment of risk and analysis of requirements for operational risk management.


Modelling Language Security Requirement Security Management Threat Event Attack Tree 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Baldwin A, Beres Y, Shiu S and Kearney P: ’A Model Based Approach to Trust, Security and Assurance’, BT Technol J, 24, No 4, pp 53–68 (October 2006).CrossRefGoogle Scholar
  2. 2.
    Baldwin A, Beres Y and Shiu S: ’Using assurance models to aid the risk and governance life cycle’, BT Technol J, 25, No 1, pp 128–140 (January 2007).Google Scholar
  3. 3.
    Meta-Object Facility (MOF™) specification —
  4. 4.
    Unified Modelling Language specification —
  5. 5.
    Evans G and Benton S: ’The BT Risk Cockpit — A Visual Approach to ORM’, BT Technol J, 25, No 1, pp 88–100 (January 2007).Google Scholar
  6. 6.
    Sindre G and Opdahl A L: ’Eliciting security requirements with misuse cases’, Requir Eng, 10, pp 34–44 (2005).CrossRefGoogle Scholar
  7. 7.
    Firesmith D: ’Security Use Cases’, Journal of Object Technology, 2, pp 53–64 (2003).Google Scholar
  8. 8.
    Firesmith D: ’Engineering Security Requirements’, Journal of Object Technology, 2, pp 53–68 (2003).Google Scholar
  9. 9.
    Schneier B: ’Attack Trees: Modeling Security Threats’, Dr Dobb’s Journal (1999).Google Scholar
  10. 10.
    Mauw S and Oostdijk M: ’Foundations of Attack Trees’, in ‘Information Security and Cryptology — ICISC 2005’ Springer Lecture Notes in Computer Science, Vol 3935, pp 186–198 (2005).Google Scholar
  11. 11.
    Microsoft Security Developer Center: ’Threat Modeling’, —
  12. 12.
    Giorgini P, Massacci F, Mylopoulos J and Zannone N: ’Modelling Security Requirements through Ownership, Permission and Delegation’, 13th IEEE International Conference Requirements Engineering (2005).Google Scholar
  13. 13.
    Braber et al: ’Model-based security analysis in seven steps — a guided tour to the CORAS method’, BT Technol J, 25, No 1, pp 101–117 January (2007).Google Scholar
  14. 14.
    ’UML Profile for Modeling Quality of Service and Fault Tolerance Characteristics and Mechanisms’, OMG Adopted Specification (2004).Google Scholar
  15. 15.
    ’QinetiQ: The MOD Application of Domain Based Security (DBSy)’, Version 1.0, CD-ROM (2004).Google Scholar
  16. 16.
    Flechais I, Mascolo C and Sasse M A: ’Integrating Security and Usability into the Requirements and Design Process’, in 2nd International Conference on Global E-Security, IEE (2006).Google Scholar
  17. 17.
    Flechais I, Sasse M A and Hailes S: ’Bringing security home: a process for developing secure and usable systems’, pp 49–57 (2003).Google Scholar
  18. 18.
    Basin D, Doser J and Lodderstedt T: ’Model driven security: From UML models to access control infrastructures’, ACM Transactions on Software Engineering and Methodology, 15, pp 39–91 (2006).CrossRefGoogle Scholar
  19. 19.
    Lodderstedt T, Basin D and Doser J: ’SecureUML: A UML-Based Modeling Language for Model-Driven Security’, Lecture Notes in Computer Science, Vol 2460, pp 426–441 (2002).Google Scholar
  20. 20.
    Jürjens J: ’Towards Development of Secure Systems Using UMLsec’, Lecture Notes in Computer Science, Vol 2029, pp 187–200 (2001).Google Scholar
  21. 21.
    Jürjens J: ’UMLsec — Presenting the Profile’, 6th Annual Workshop on Distributed Objects and Components Security, Baltimore, MD (2002).Google Scholar
  22. 22.
    Eclipse Graphical Modelling Framework — Scholar

Copyright information

© Springer Science+Business Media, Inc. 2007

Authors and Affiliations

  • P. Kearney
  • L. Brügger

There are no affiliations available

Personalised recommendations