Using Model-Driven Risk Analysis in Component-Based Development

Brændeland, Gyrd; Stølen, Ketil

doi:10.4018/978-1-60960-747-0.ch015

Cited by 3 publications

(4 citation statements)

References 26 publications

(40 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [3] this is demonstrated by the instantiation in CORAS. In [5] this modular and component-based approach to risk assessment using CORAS is integrated into a component-based system development process to support risk assessment in the development process. The instantiation in CORAS is further elaborated in [15], resulting in an extension referred to as Dependent CORAS.…”

Section: Related Workmentioning

confidence: 99%

Divide and Conquer – Towards a Notion of Risk Model Encapsulation

Refsdal

Rideng

Solhaug

et al. 2014

Engineering Secure Future Internet Services and Systems

Self Cite

View full text Add to dashboard Cite

Abstract. The criticality of risk management is evident when considering the information society of today, and the emergence of Future Internet technologies such as Cloud services. Information systems and services become ever more complex, heterogeneous, dynamic and interoperable, and many different stakeholders increasingly rely on their availability and protection. Managing risks in such a setting is extremely challenging, and existing methods and techniques are often inadequate. A main difficulty is that the overall risk picture becomes too complex to understand without methodic and systematic techniques for how to decompose a large scale risk analysis into smaller parts. In this chapter we introduce a notion of risk model encapsulation to address this challenge. Encapsulation facilitates compositional risk analysis by hiding internal details of a risk model. This is achieved by defining a risk model interface that contains all and only the information that is needed for composing the individual risk models to derive the overall risk picture. The interface takes into account possible dependencies between the risk models. We outline a method for compositional risk analysis, and demonstrate the approach by using an example on information security from the petroleum industry.

show abstract

Section: Related Workmentioning

confidence: 99%

Divide and Conquer – Towards a Notion of Risk Model Encapsulation

Refsdal

Rideng

Solhaug

et al. 2014

Engineering Secure Future Internet Services and Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…We provide a formal model for representing events that harm assets. For a discussion of how to obtain further risk analysis results for components, such as the cause of an unwanted incident, its consequence and probability we refer to [3].…”

Section: Incidents and Consequencesmentioning

confidence: 99%

A Denotational Model for Component-Based Risk Analysis

Brændeland

Refsdal

Stølen

2012

Formal Aspects of Component Software

Self Cite

View full text Add to dashboard Cite

Risk analysis is an important tool for developers to establish the appropriate protection level of a system. Unfortunately, the shifting environment of components and component-based systems is not adequately addressed by traditional risk analysis methods. This paper addresses this problem from a theoretical perspective by proposing a denotational model for component-based risk analysis. In order to model the probabilistic aspect of risk, we represent the behaviour of a component by a probability distribution over communication histories. The overall goal is to provide a theoretical foundation facilitating an improved understanding of risk in relation to components and component-based system development.

show abstract

“…• Higher Complexity of components architecture and the connectors introduces the chances of risk [1]. • Mismatch between connectors and message protocols • Interface specification of the components is not clear or not specified [5] [13] as architects have at hand incomplete, imprecise and uncertain component information [16].…”

Section: Component Based Software Development Risk During Elaborationmentioning

confidence: 99%

“…• Higher Complexity of components architecture and the connectors introduces the chances of risk [1]. • Mismatch between connectors and message protocols • Interface specification of the components is not clear or not specified [5] • Components are not interoperable [5] with each other due to missing well defined interfaces • Lack of Software architecture document that is extreme crucial in order to gain knowledge about the component • Loop holes in Architectural Style [13] as architects have at hand incomplete, imprecise and uncertain component information [16]. And the quality level that has been set during the initial phase of the software development cycle • Complicated system manual results lack of understanding by the users • Quality services after the COTS software installation at the user site are not given • User is not facilitated with the upgraded copies of the component based software • Updating or alteration of the component based system cannot be facilitated • Lack of tracing of alternate component in case of failure [8] • Planning the maintenance is difficult as the components have asynchronous cycle [8] A When the COTS Component and the requirement suggested by the user does not matches B Requirements of the users changes frequently C Budgets and schedules are not realistic D Unclear requirements specification E Lack of accuracy in schedule F Lack of reliable and suitable licensing contracts that encompass the appropriate documentation and responsibility of the vendor and developer in case of failure G Rigidness in Time constraints of schedule generates inflexibility H Market survey is not done properly than appropriate components that can map with user requirements cannot be found I Lack of contingency planning J Rapid requirement change of the user K Component search suffers from appropriate fetching and classification mechanism provided by the marketers L Architectural prototype not defined properly M Latest Technologies and fresh arrived COTS product are not analyzed or lack of market survey N Vendors incapability to delivers mind blowing demos and specifications of the COTS product O Architecture was not analyzed during the component selection process [8] P Cumbersome and complicated requirements Q Lack of vendor support R Missing authenticity of the components due to the lack of certified components S Unavailability of the source code leads to judging nature and the behavior of the components T Inappropriate domain knowledge of developer [7] U Higher Complexity of components architecture and the connectors introduces the Chances of risk V Mismatch between connectors and message protocols W Interface specification of the components is not clear or not specified properly X Incompatible or mismatch Interfaces may obstruct the data communication between the components which wants to exchange data Y Use of the Software model that does not support component based software Development process Z Prerequisite Quality is not met due to the lack of market survey that has to be done to Know Software Risk is "High Through this survey Risk factor come out to be in the second risk rating that reflects risk as low.…”

Section: Component Based Software Development Risk During Elaboration...mentioning

confidence: 99%