Divide and Conquer – Towards a Notion of Risk Model Encapsulation

  • Atle Refsdal
  • Øyvind Rideng
  • Bjørnar Solhaug
  • Ketil Stølen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8431)


The criticality of risk management is evident when considering the information society of today, and the emergence of Future Internet technologies such as Cloud services. Information systems and services become ever more complex, heterogeneous, dynamic and interoperable, and many different stakeholders increasingly rely on their availability and protection. Managing risks in such a setting is extremely challenging, and existing methods and techniques are often inadequate. A main difficulty is that the overall risk picture becomes too complex to understand without methodic and systematic techniques for how to decompose a large scale risk analysis into smaller parts. In this chapter we introduce a notion of risk model encapsulation to address this challenge. Encapsulation facilitates compositional risk analysis by hiding internal details of a risk model. This is achieved by defining a risk model interface that contains all and only the information that is needed for composing the individual risk models to derive the overall risk picture. The interface takes into account possible dependencies between the risk models. We outline a method for compositional risk analysis, and demonstrate the approach by using an example on information security from the petroleum industry.


Risk analysis risk modeling risk model encapsulation risk composition security ICT 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agence nationale de la sécurité des systèmes d’information: EBIOS 2010 – Expression of Needs and Identification of Security Objectives (2010) (in French)Google Scholar
  2. 2.
    Alberts, C.J., Dorofee, A.J.: OCTAVE Criteria. Tech. Rep. CMU/SEI-2001-TR-016, CERT (December 2001)Google Scholar
  3. 3.
    Brændeland, G., Refsdal, A., Stølen, K.: Modular analysis and modelling of risk scenarios with dependencies. Journal of Systems and Software 83(10), 1995–2013 (2010)CrossRefGoogle Scholar
  4. 4.
    Brændeland, G., Refsdal, A., Stølen, K.: A denotational model for component-based risk analysis. In: Arbab, F., Ölveczky, P.C. (eds.) FACS 2011. LNCS, vol. 7253, pp. 12–41. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  5. 5.
    Brændeland, G., Stølen, K.: Using model-driven risk analysis in component-based development, pp. 330–380. IGI Global (2011)Google Scholar
  6. 6.
    CRAMM – The total information security toolkit, http://www.cramm.com/ (accessed June 13, 2012)
  7. 7.
    Giese, H., Tichy, M.: Component-based hazard analysis: Optimal designs, product lines, and online-reconfiguration. In: Górski, J. (ed.) SAFECOMP 2006. LNCS, vol. 4166, pp. 156–169. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Giese, H., Tichy, M., Schilling, D.: Compositional hazard analysis of UML component and deployment models. In: Heisel, M., Liggesmeyer, P., Wittmann, S. (eds.) SAFECOMP 2004. LNCS, vol. 3219, pp. 166–179. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Gigerenzer, G.: Calculated Risks – How to Know When Numbers Deceive You. Simon & Schuster (2002)Google Scholar
  10. 10.
    International Electrotechnical Commission: IEC 61025 Fault Tree Analysis, FTA (1990)Google Scholar
  11. 11.
    International Organization for Standardization: ISO 31000 Risk management – Principles and guidelines (2009)Google Scholar
  12. 12.
    International Organization for Standardization/International Electrotechnical Commission: ISO/IEC 27001 – Information technology – Security techniques – Information security management systems – Requirements (2005)Google Scholar
  13. 13.
    Kaiser, B., Liggesmeyer, P., Mäckel, O.: A new component concept for fault trees. In: Proc. 8th Australian Workshop on Safety Critical Systems and Software (SCS), vol. 33, pp. 37–46. Australian Computer Society (2003)Google Scholar
  14. 14.
    Lund, M.S., Solhaug, B., Stølen, K.: Evolution in relation to risk and trust management. Computer 43(5), 49–50 (2010)CrossRefGoogle Scholar
  15. 15.
    Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis – The CORAS Approach. Springer (2011)Google Scholar
  16. 16.
    Microsoft Solutions for Security and Compliance and Microsoft Security Center of Excellence: The Security Risk Management Guide (2006)Google Scholar
  17. 17.
    Object Management Group: OMG Unified Modeling Language (OMG UML), Superstructure. Version 2.3, OMG Document: formal/2010-05-03 (2010)Google Scholar
  18. 18.
    de Roever, W.: The quest for compositionality – A survey of assertion-based proof systems for concurrent programs, part 1: Concurrency based on shared variables. In: Proc. IFIP Working Conference on the Role of Abstract Models in Computer Science. North-Holland (1985)Google Scholar
  19. 19.
    Stoneburner, G., Goguen, A., Feringa, A.: Risk management guide for information technology systems. Tech. Rep. 800-30, NIST (2001)Google Scholar
  20. 20.
    Tran, L.M.S., Solhaug, B., Stølen, K.: An approach to select cost-effective risk countermeasures exemplified in CORAS. Tech. Rep. A24343, SINTEF ICT (2013)Google Scholar
  21. 21.
    Verdon, D., McGraw, G.: Risk analysis in software design. IEEE Security & Privacy 2(4), 79–84 (2004)CrossRefGoogle Scholar
  22. 22.
    Viehmann, J.: Reusing risk analysis results – An extension for the CORAS risk analysis method. In: Proc. 4th International Conference on Information Privacy, Security, Risk and Trust (PASSAT), pp. 742–751. IEEE (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Atle Refsdal
    • 1
  • Øyvind Rideng
    • 2
  • Bjørnar Solhaug
    • 1
  • Ketil Stølen
    • 1
    • 3
  1. 1.SINTEF ICTNorway
  2. 2.Oilfield Technology GroupNorway
  3. 3.Dep. of InformaticsUniversity of OsloNorway

Personalised recommendations