COBRA: Component-Based Security Assessment
Security assessments are both costly and time-consuming, and cannot be carried out from scratch each time a system or a system component is updated or modified. This motivates the need for specific tool-supported efficient methodology addressing the maintenance of security assessment results in particular and a component-based approach to security assessment in general.
The COBRA project developed
- methodology for maintaining results from security assessments;
- methodology for composing results from security assessments;
- methodology for reusing results from security assessments;
- computerized support for the above methodology.
The COBRA project was funded by the Research Council of Norway. The overall funding was 750 000 NOK. The project was initiated in June 2002 and ran for seven months.
More detailed descriptions of the achieved results are available in the form of a research report titled "COBRA - Component-Based Security Assessment". The report is divided into 9 chapters and 3 appendices as follows:
Chapter 1: Introduction
Chapter 2: Security assessment
Chapter 3: Main concepts
Chapter 4: Data-structure
Chapter 5: Efficient methodology for maintaining security assessment results
Chapter 6: Efficient methodology for composing security assessment results
Chapter 7: Efficient methodology for reusing security assessment results
Chapter 8: Computerised support for the methodology
Chapter 9: Summary and conclusions
Appendix A: Specification of data and concern structure
Appendix B: Reusable elements
Appendix C: XML formats
As specified in the project-application, the research built on and interacted closely with the EU project CORAS.
COBRA results were published in two papers:
- Mass Soldal Lund, Folker den Braber, Ketil Stølen. A component-oriented approach to security risk assessment. In Proc. 1st International Workshop on QoS in CBSE 2003 (QoSCBSE'03), organised in conjunction with Ada-Europe 2003, pages 99-110, Cépadues-éditions, 2003.
- Mass Soldal Lund, Folker den Braber, Ketil Stølen. Maintaining results from security assessments. In Proc. 7th European Conference on Software Maintenance and Reengineering (CSMR'03), pages 341-350, IEEE Computer Society, 2003.
Created 16/11/2002. Last updated 27/05/2010.