Design Decisions in the Development of a Graphical Language for Risk-Driven Security Testing

  • Gencer ErdoganEmail author
  • Ketil Stølen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10224)


We have developed a domain-specific modeling language named CORAL that employs risk assessment to help security testers select and design test cases based on the available risk picture. In this paper, we present CORAL and then discuss why the language is designed the way it is, and what we could have done differently.


Risk-driven security testing Model-based testing Security risk assessment Domain-specific modeling language 



This work has been conducted as part of the EMFASE project funded by SESAR Joint Undertaking (SESAR WP-E project, 2013–2016) managed by Eurocontrol, and the AGRA project (236657) funded by the Research Council of Norway under the BIA research programme.


  1. 1.
    Empirical Framework for Security Design and Economic Trade-Off (EMFASE) (2016). Accessed 21 Apr 2016
  2. 2.
    Erdogan, G., Li, Y., Runde, R.K., Seehusen, F., Stølen, K.: Approaches for the combined use of risk analysis and testing: a systematic literature review. Int. J. Softw. Tools Technol. Transfer 16(5), 627–642 (2014)CrossRefGoogle Scholar
  3. 3.
    Erdogan, G., Refsdal, A., Stølen, K.: Schematic Generation of English-prose Semantics for a Risk Analysis Language Based on UML Interactions. Technical report A26407, SINTEF Information and Communication Technology (2014)Google Scholar
  4. 4.
    Erdogan, G., Stølen, K., Aagedal, J.Ø.: Evaluation of the CORAL approach for risk-driven security testing based on an industrial case study. In: Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP 2016), pp. 219–226. SCITEPRESS (2016)Google Scholar
  5. 5.
    Erdogan, G.: CORAL: A Model-Based Approach to Risk-Driven Security Testing. Ph.D. thesis, University of Oslo (2015)Google Scholar
  6. 6.
    Grøndahl, I.H., Lund, M.S., Stølen, K.: Reducing the effort to comprehend risk models: text labels are often preferred over graphical means. Risk Anal. 31(11), 1813–1831 (2011)CrossRefGoogle Scholar
  7. 7.
    Haugen, Ø., Husa, K.E., Runde, R.K., Stølen, K.: STAIRS towards formal design with sequence diagrams. Softw. Syst. Model. 4(4), 355–357 (2005)CrossRefGoogle Scholar
  8. 8.
    Hogganvik, I., Stølen, K.: A graphical approach to risk identification, motivated by empirical investigations. In: Nierstrasz, O., Whittle, J., Harel, D., Reggio, G. (eds.) MODELS 2006. LNCS, vol. 4199, pp. 574–588. Springer, Heidelberg (2006). doi: 10.1007/11880240_40 CrossRefGoogle Scholar
  9. 9.
    International Electrotechnical Commission. IEC 61882, Hazard and Operability studies (HAZOP studies) - Application guide (2001)Google Scholar
  10. 10.
    International Organization for Standardization. ISO/IEC 27000: 2009(E), Information technology - Security techniques - Information security management systems - Overview and vocabulary (2009)Google Scholar
  11. 11.
    International Organization for Standardization. ISO/IEC 27005: 2011(E), Information technology - Security techniques - Information security risk management (2011)Google Scholar
  12. 12.
    International Organization for Standardization. ISO/IEC/IEEE 29119–1: 2013(E), Software and system engineering - Software testing - Part 1: Concepts and definitions (2013)Google Scholar
  13. 13.
    Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., Trujillo-Rasua, R.: Attack trees with sequential conjunction. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IAICT, vol. 455, pp. 339–353. Springer, Cham (2015). doi: 10.1007/978-3-319-18467-8_23 CrossRefGoogle Scholar
  14. 14.
    Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: Dont miss the forest for the attack trees. Comput. Sci. Rev. 13–14, 1–38 (2014)CrossRefzbMATHGoogle Scholar
  15. 15.
    Krogstie, J.: Model-Based Development and Evolution of Information Systems - A Quality Approach. Springer, London (2012)CrossRefGoogle Scholar
  16. 16.
    Labunets, K., Li, Y., Massacci, F., Paci, F., Ragosta, M., Solhaug, B., Stølen, K., Tedeschi, A.: Preliminary Experiments on the Relative Comprehensibility of Tabular and Graphical Risk Models. In: Fifth SESAR Innovation Days, pp. 1–7. SESAR WPE (2015)Google Scholar
  17. 17.
    Lund, M.S., Solhaug, B., Stølen, K.: Analysis, Model-Driven Risk: The CORAS Approach. Springer, Heidelberg (2011)CrossRefzbMATHGoogle Scholar
  18. 18.
    Moody, D.L.: The “physics” of notations: toward a scientific basis for constructing visual notations in software engineering. IEEE Trans. Software Eng. 35(6), 756–779 (2009)CrossRefGoogle Scholar
  19. 19.
    Dias Neto, A.C., Subramanyan, R., Vieira, M., Travassos, G.H.: A survey on model-based testing approaches: a systematic review. In: Proceedings of the 1st ACM International Workshop on Empirical Assessment of Software Engineering Languages and Technologies (WEASELTech 2007), pp. 31–36. ACM (2007)Google Scholar
  20. 20.
    Object Management Group. UML Testing Profile (UTP), version 1.2: formal/2013-04-03Google Scholar
  21. 21.
    Object Management Group. Unified Modeling Language (UML), version 2.5: formal/2015-03-01Google Scholar
  22. 22.
    Open Web Application Security Project (2016). Accessed 20 Apr 2016
  23. 23.
    Potter, B., McGraw, G.: Software security testing. IEEE Secur. Priv. 2(5), 81–85 (2004)CrossRefGoogle Scholar
  24. 24.
    Refsdal, A., Runde, R.K., Stølen, K.: Stepwise refinement of sequence diagrams with soft real-time constraints. J. Comput. Syst. Sci. 81(7), 1221–1251 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Rumbaugh, J., Jacobson, I., Booch, G.: The Unified Modeling Language Reference Manual, 2nd edn. Addison-Wesley, Boston (2005)Google Scholar
  26. 26.
    Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. 10(1), 34–44 (2005)CrossRefGoogle Scholar
  27. 27.
    Utting, M., Pretschner, A., Legeard, B.: A taxonomy of model-based testing approaches. Softw. Test. Verification Reliab. 22(5), 297–312 (2012)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Department for Software and Service InnovationSINTEF DigitalOsloNorway
  2. 2.Department of InformaticsUniversity of OsloOsloNorway

Personalised recommendations