Security assessments are both costly and time-consuming, and cannot be carried out from scratch each time a system or a system component is updated or modified. This motivates the need for specific tool-supported efficient methodology addressing the maintenance of security assessment results in particular and a component-based approach to security assessment in general.
The COBRA project developed
The COBRA project was funded by the Research Council of Norway. The overall funding was 750 000 NOK. The project was initiated in June 2002 and ran for seven months.
More detailed descriptions of the achieved results are available in the form of a research report titled "COBRA - Component-Based Security Assessment". The report is divided into 9 chapters and 3 appendices as follows:
Chapter 1: Introduction Chapter 2: Security assessment Chapter 3: Main concepts Chapter 4: Data-structure Chapter 5: Efficient methodology for maintaining security assessment results Chapter 6: Efficient methodology for composing security assessment results Chapter 7: Efficient methodology for reusing security assessment results Chapter 8: Computerised support for the methodology Chapter 9: Summary and conclusions Appendix A: Specification of data and concern structure Appendix B: Reusable elements Appendix C: XML formats
As specified in the project-application, the research built on and interacted closely with the EU project CORAS.
So far the COBRA results have been published in two papers:
Created 16/11/2002. Last updated 31/07/2003.