The Disseminations of the CORAS Project
Chapters in Books
- Folker den Braber, Theo Dimitrakos, Bjørn Axel Gran, Mass Soldal Lund, Ketil Stølen, Jan Øyvind Aagedal. The CORAS methodology: model-based risk management using UML and UP. Chapter in book titled UML and the Unified Process. Liliana Favre (ed), pages 332-357, IRM Press, 2003.
- Ketil Stølen, Folker den Braber, Theo Dimitrakos, Rune Fredriksen, Bjørn Axel Gran, Siv-Hilde Houmb, Yannis C. Stamatiou, Jan Øyvind Aagedal. Model-based risk assessment in a component-based software engineering process: the CORAS approach to identify security risks. Chapter in book titled Business Component-Based Software Engineering. Franck Barbier (ed), pages 189-207, Kluwer, 2003.
Papers in Proceedings of International Conferences
- Nikos Stathiakis, Catherine Chronaki, Eva Skipenes, Eva Henriksen, Elina Charalambous, Adamantios Sykianakis, Georgios Vrouchos, Nikos Antonakis, Manolis Tsiknakis, Stelios Orphanoudakis. Risk assessment of a cardiology eHealth service in HYGEIAnet. In Proc. Computers in Cardiology (CIC'03), pages 201-204, IEEE, 2003.
- Yannis Stamatiou, Eva Skipenes, Eva Henriksen, Nikos Stathiakis, Adamantios Sikianakis, Eliana Charalambous, Nikos Antonakis, Ketil Stølen, Folker den Braber, Mass Soldal Lund, Katerina Papadaki, George Valvis. The CORAS approach for model-based risk management applied to a telemedicine service. In Proc. Medical Informatics Europe (MIE'03), pages 206-211, IOS Press, 2003.
- Mass Soldal Lund, Folker den Braber, Ketil Stølen. Maintaining results from security assessments. In Proc. 7th European Conference on Software Maintenance and Reengineering (CSMR'03), pages 341-350, IEEE Computer Society, 2003.
- Rune Fredriksen, Bjørn Axel Gran, Ketil Stølen, Ivan Djordjevic. Experiences from application of model-based risk assessment. In Proc. European Conference on Safety and Reliability (ESREL'03), vol. 1, pages 643-648, Swets & Zeitlinger, 2003.
- Theo Dimitrakos, Dimitris Raptis, Brian Ritchie, Ketil Stølen. Model based security risk analysis for web applications. In Proc. Euroweb'02, pages 43-55, British Computer Society, 2002.
- Theo Dimitrakos, Brian Ritchie, Dimitris Raptis, Jan Øyvind Aagedal, Folker den Braber, Ketil Stølen, Siv Hilde Houmb. Integrating model-based security risk management into eBusiness systems development - the CORAS approach. In Proc. 2nd IFIP Conference on E-Commerce, E-Business, E-Government (I3E'03), pages 159-175, Kluwer, 2002.
- Rune Fredriksen, Monica Kristiansen, Bjørn Axel Gran, Ketil Stølen, Tom Arthur Opperud, Theo Dimitrakos. The CORAS framework for a model-based risk management process. In Proc. Computer Safety, Reliability and Security (Safecomp'02), LNCS 2434, pages 94-105, Springer, 2002.
- Jan Øyvind Aagedal, Folker den Braber, Theo Dimitrakos, Bjørn Axel Gran, Dimitris Raptis, Ketil Stølen. Model-based risk assessment to improve enterprise security. In Proc. Enterprise Distributed Object Communication (EDOC'02), pages 51-62, IEEE Computer Society, 2002.
- Yannis C. Stamatiou, Eva Henriksen, Mass Soldal Lund, Eva Mantzouranis, Michalis Psarros, Eva Skipenes, Nikos Stathiakos, Ketil Stølen. Experiences from using model-based risk assessment to evaluate the security of a telemedicine application. In Proc. Telemedicine in Care Delivery (TICD'02), pages 115-119, 2002.
- Dimitris Raptis, Theo Dimitrakos, Bjørn Axel Gran, Ketil Stølen. The CORAS approach for model-based risk analysis applied to the e-commerce domain. In Proc. Communication and Multimedia Security (CMS'02), pages 169-181, Kluwer, 2002.
- Ivan Djordjevic, Eric Scharf, Dimitris Raptis, Bjørn Axel Gran. Suitability of risk analysis methods for security assessment of large-scale distributed computer systems. In Proc. Probabilistic Safety Assessment and Management (PSAM6), vol 2, pages 1897-1902, Elsevier, 2002.
- Ivan Djordevic, Chingwoei Gan, Eric Scharf, Raul Mondragon, Bjørn Axel Gran, Monica Kristiansen, Theo Dimitrakos, Ketil Stølen, Tom Arthur Opperud. Model-based risk management of security critical systems. In Proc. Third International Conference on Computer Simulation in Risk Analysis and Hazard Mitigation (Risk Analysis 2002), pages 253-264, WIT Press, 2002.
- Folker den Braber, Theo Dimitrakos, Bjørn Axel Gran, Ketil Stølen, Jan Øyvind Aagedal. Model-based risk management using UML and UP. In Proc. Information Resources Management Association International Conference (IRMA'02), pages 925-927, 2002.
- Theo Dimitrakos. System models, e-risk and e-trust. Towards bridging the gap? In Proc. IFIP Conference on e-Commerce, e-Business, e-Government (I3E'01), Kluwer, 2001.
- Rune Winther, Ole-Arnt Johnsen, Bjørn Axel Gran. Security assessments for safety critical systems using HAZOPs. In Proc. Computer Safety, Reliability and Security (Safecomp'01), LNCS 2187, pages 14-24, Springer, 2001.
Papers in Magazines
- Theo Dimitrakos, Juan Bicarregui, Ketil Stølen. CORAS – a framework for risk analysis of security critical systems. ERCIM News, number 49, pages 25-26, 2002.
- Knut Boge. Bedre risikoanalyser. Teknisk Ukeblad 9, pages 58-59, 2001.
Papers in Proceedings of Workshops and minor Conferences
- Mass Soldal Lund, Folker den Braber, Ketil Stølen. A component-oriented approach to security risk assessment. In Proc. 1st International Workshop on QoS in CBSE 2003 (QoSCBSE'03), organised in conjunction with Ada-Europe 2003, pages 99-110, Cépadues-éditions, 2003.
- Chingwoei Gan, Eric Scharf. Building an experience factory for a model-based risk analysis framework. In Proc. Second German Workshop on Experience Management (GWEM'03) organized in conjunction with the Professional Conference on Experience Management (WM'03), LNI Vol. P28, pages 257-258, GI, 2003.
- Ketil Stølen, Folker den Braber, Rune Fredriksen, Bjørn Axel Gran, Siv-Hilde Houmb, Mass Soldal Lund, Yannis C. Stamatiou, Jan Øyvind Aagedal. Model-based risk assessment - the CORAS approach. In Proc. Norsk Informatikkkonferanse (NIK'02), pages 239-249, Tapir, 2002.
- Siv-Hilde Houmb, Folker den Braber, Mass Soldal Lund, Ketil Stølen. Towards a UML profile for model-based risk assessment. In Proc. UML'02 Satellite Workshop on Critical Systems Development with UML, pages 79-91, Munich University of Technology, 2002.
- Ketil Stølen. CORAS - A framework for risk analysis of security critical systems. In supplement of the International Conference on Dependable Systems and Networks (DSN'01), pages D4 - D11, 2001.
- Theo Dimitrakos. Modelling trust in e-commerce. In Proc. AI'01 workshop on Novel E-Commerce Applications of Agents, pages 13-22, NRC-44883, 2001.
Abstracts in Proceedings
- Bjørn Axel Gran. The need for risk assessment of health care information systems. In Programme and Book of Abstracts Tromsø Telemedicine Conference (TTC'03), page 80, Norwegian Centre for Telemedicine, 2003.
- Siv-Hilde Houmb, Trond Stølen Gustavsen, Ketil Stølen, Bjørn Axel Gran. Model-based risk analysis of security critical systems. In Proc. 7th Nordic Workshop on Secure IT Systems (NordSec'02), page 193, Karlstad University Press, 2002.
- Eva Skipenes, Eva Henriksen, Eva Mantzouranis. The CORAS approach for model-based risk analysis applied to the telemedicine domain. In Programme & Book of Abstracts 4th Nordic Congress on Telemedicine/Norsk Telemed, page 103, 2002.
- Eva Henriksen, Eva Skipenes. Experiences from applying the CORAS model-based risk assessment process in the telemedicine domain. In European Journal of Medical Research, vol. 7/supplement I, page 33, Medical Scientific Publications, 2002.
Posters
- Eva Henriksen, Eva Skipenes. Telemedicine in the CORAS project. Presented at the International Conference on Telemedicine (ICT'02), Regensburg, 2002.
Invited Presentations and Presentations at Events without Proceedings
- Fredrik Vraalsen. Hvordan å teste og analysere sikkerhet. Presentation at Abelia Innovation seminar on userfriendly and secure webapplications, Oslo, September 11, 2003.
- Folker den Braber. Metodikk og verktøy for modellbasert risikoanalyse. Presentation at the ISF Norway Autumn Conference, Tønsberg, September 3, 2003.
- Folker den Braber. Hvordan å analysere systemer med hensyn til IT-sikkerhet. Presentation at SINTEF seminar on IT-security, Oslo, March 6, 2003.
- Ketil Stølen. FoU-utfordringer innen IT-sikkerhet, eksempler fra utvalgte prosjekter. Presentation at SINTEF seminar on IT-security, Oslo, March 6, 2003.
- Yannis C. Stamatiou. Experience and results from applying a model-based risk assessment methodology in the security analysis of a telecardiology application. Presentation at the 7th European Conference on Electronic Health Records (TEHRE'02), London, December 10, 2002.
- Chingwoei Gan. The CORAS platform/tool for model-based risk assessment. Presentation at the final advisory board meeting for the IST project RESHEN, Magdeburg, December 3, 2002.
- Ketil Stølen. Model-based risk assessment – the CORAS approach. Presented at the 1st iTrust Workshop, Glasgow, September 3, 2002.
- Bjørn Axel Gran. Modellbasert risikoanalyse. Invited presentation at the NONSTOPP seminar. Oslo, August 29, 2002.
- Bjørn Axel Gran. CORAS – Security in computerised safety related systems. Invited presentation at Security in Computerized Safety Related Systems - A Symposium on Security of Industrial Safety Related Computer, Boppard, January 22, 2002.
- Theo Dimitrakos. CORAS - A framework for risk analysis of security critical systems. Presentation at the ERCIM workshop The Role of Trust in e-Business in conjunction with the IFIP I3E conference, Zurich, October 3, 2001.
- Ketil Stølen. Model-based risk analysis using UML and RUP. Invited presentation at Munich University of Technology, Munich, October 22, 2001.
- Bjørn Axel Gran. CORAS - A platform for risk analysis of security critical systems. Invited presentation at the Dependability Days, Luleå, May 29-30, 2001.
Tutorials
- Bjørn Axel Gran. The CORAS methodology for model-based risk assessment. Tutorial presented at Safecomp 2003, Edinburg, September 23, 2003.
- Bjørn Axel Gran CORAS a model-based approach for risk assessment. Tutorial presented at Tromsø Telemedicine Conference (TTC'03), Tromsø, September 18, 2003.
CORAS Workshops and Meetings open to the Public
- CORAS Public Workshop. Organised in conjunction with the International Conference on Telemedicine, Regensburg, September 23, 2002.
- Petri Nets in Model Based Risk Analysis. Organised by SINTEF Telecom and Informatics, Oslo, March 20, 2002.
- Semiformal Modelling, e-Risk and e-Trust - Bridging the gaps. Organised by Rutherford Appleton Laboratory, Didcot, March 28, 2001.
Press Coverage
- Det positive i å vite om det negative. Gemini, number 2, page 6, 2003.
Contributions to Standardisation
- Contribution in response to request for proposals for UML Profile for Modelling Quality of Service and Fault Tolerance Characteristics and Mechanisms issued by the Object Management Group. Submitted by SINTEF in collaboration with OpenIT, September 9, 2002. Resubmitted in revised form, May and August, 2003.
- Contribution in response to call for comments on AS/NZS 4360:1999 Risk Management issued by Standards Australia International. Submitted by IFE, July 10, 2002.
Created: November 21, 2001. Last updated: April 20, 2004.