COMA: Component-oriented Model-based Security Analysis

A modular understanding of risks is a prerequisite for robust component-based development and for maintaining the trustworthiness and security of modular systems. In order to properly address risks related to component-based systems, the COMA project delivered a component-based approach to risk analysis in general and security risk analysis in particular. The approach is based on the same principles of modularity and composition as component-based development. The purpose of the approach is to support the integration of risk analysis into component-based development. The approach consists of:

The framework for component-based risk analysis provides a process for analysing separate parts of a system independently with means for combining separate analysis parts into an overall picture for the whole system. It applies the modular risk modelling approach for the purpose of identifying, analysing and documenting component risks. The component model with a notion of risk provides a formal foundation for integrating risk analysis into component-based development.

The COMA project was funded by the Research Council of Norway. The project was initiated in January 2004 and ran until 2008. The project funded one PhD-student, Gyrd Brændeland, and her needs with respect to travel and equipment.

PhD-thesis

Scientific Articles

Created: March 23, 2012. Last updated: March 23, 2012.