You are here: Home Tutorials Tutorial 3
Tutorial 3 PDF Print E-mail


Tutorial 3

Tutorial 3. September 22, 2011 (To Be Confirmed)

Mass Soldal Lund,

Title: Analysing risk in practice: The CORAS approach to model-driven risk analysis

Abstract: The term “risk” is known from many fields. On an almost daily basis we face references to
“contractual risk”, “economic risk”, “operational risk”, “environmental risk”, “health risk”, “political risk”, “legal risk”, “security risk”, and so forth. In order to identify and assess risks we may conduct risk analyses. The exact nature of an analysis, however, varies considerably depending on the nature of the risks we address. We may classify risk analysis approaches into two main categories: offensive (balancing potential gain against risk of loss) and defensive (protecting what is already there).
In order to defend something, it is important to know exactly what we are defending. This motivates asset-driven risk analysis, in other words risk analysis where the assets of the target (the tings of value) are identified as early as possible and where the rest of the analysis is driven by these assets. In order to analyse something, it is necessary to have a clear picture of what this something is. Understanding the structure and behaviour of the target of analysis is therefore important. However, understanding and modelling the target is only one aspect the modelling in a risk analysis; modelling what can go wrong is even more important. In fact, this is what risk analysis is all about. We then talk about risk modelling and model-driven risk analysis.
In this tutorial we present CORAS, which is an asset-driven, defensive approach to risk analysis. For risk analysis in practice, there is a need for well-defined methods, techniques and practical guidelines for how to do this. This is exactly what CORAS provides. The CORAS approach is a self-contained risk analysis methodology and the first to be truly model-driven in the sense that modelling is an integrated part in every part of the process. This means that target models and threat and risk models are applied in all phases of the risk analysis for visualization, communication and documentation of risk information, and are the main driver of the risk analysis process. The methodology is described in detail in the book Model-Driven Risk Analysis. The CORAS Approach, and has been validated through application in a large number of full-scale industrial analyses.
The CORAS approach consists of three main components: 1) The CORAS language, which is a language tailor-made for modelling risk in a precise and rigorous, yet intuitive and easily understandable manner. 2) The CORAS method, which provides detailed guidelines for how to conduct the various stages of a risk analysis in practice. 3) The CORAS tool, which is a modelling tool for editing models in the CORAS language.
In addition to presenting the basics of risk analysis and the CORAS approach, we also give a presentation of more advanced use of risk models expressed in the CORAS language.

Instructor Bio: Mass Soldal Lund is employed as a research scientist at SINTEF ICT. He received his PhD in informatics from the University of Oslo in 2008. He has been working with risk analysis for 10 years, is one of the designers of the CORAS approach, and has been leading several risk analyses.


- Gyrd Brændeland, Atle Refsdal, Ketil Stølen. Modular analysis and modelling of risk scenarios with dependencies. Journal of Systems and Software, 83: 1995-2013, Elsevier, 2010.

- Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen. Evolution in relation to risk and trust management. Computer, 43(5):49-55, IEEE Computer Society, May 2010.

- Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen. Model-driven risk analysis. The CORAS approach. Springer, 2011.

- Atle Refsdal, Ketil Stølen. Employing key indicators to provide a dynamic risk picture with a notion of confidence. Trust Management III. Third IFIP WG 11.11 International Conference (IFIPTM 2009), pages 215-233, Springer, 2009.

Expected Duration: 3 hours