The SECURIS Project

Model-Driven Development and Analysis of Secure Information Systems

SECURIS established computerised methodology for the development of secure IT systems targeting security from an overall business perspective, emphasising the organisational and business context to the same extent as the actual technology. SECURIS built on:

• The tool supported methodology for model-based security risk analysis resulting from the EU funded CORAS project.
• The tools supported methodology for model-driven system development resulting from the EU funded COMBINE project.

The main results were

• Prototype tool supporting the capture and formalisation of security requirements.
• Prototype tool supporting model-driven specification and implementation of security policies.
• Prototype tool supporting model-driven specification and development of security architectures.
• Prototype tool supporting model-driven security assessment.
• Refined security risk methodology.

SECURIS was trial-driven and based on an iterative process. Each iteration was in average of six months duration and terminated with a trial embedded in a project of one of the industrial partners. SECURIS was funded by the Research Council of Norway and ran from January 1, 2003 until December 31, 2007.

SECURIS was a joint initiative between

• Hydro
• NetCom
• Centre for Information Security
• Norwegian Defence Logistics Organisation
• DNV Software (2004)
• SINTEF ICT

Further information:

• The SECURIS team
• The SECURIS dissemination
• The SECURIS contact point

Created: February 3, 2003. Last updated: June 1, 2010.