The CORAS Project

The EU-funded CORAS project (IST-2000-25031) developed a tool-supported methodology for model-based risk analysis of security-critical systems. The project was initiated in January 2001 and successfully completed in September 2003. The CORAS consortium consisted of eleven institutions from four European countries. SINTEF was responsible for the technical coordination while Telenor AS R&D was the administrative coordinator and responsible partner towards the European Commission. The CORAS tool-supported methodology provides:

• A methodology for model-based security risk assessment integrating aspects from partly complementary risk assessment methods and state-of-the-art modelling methodology
• A UML based specification language targeting security risk assessment.
• A library of reusable experience packages.
• A computerised tool that supports the methodology and provides two repositories; an assessment repository and a repository for the reusable experience packages.
• An XML mark-up for exchange of risk assessment data.
• A vulnerability assessment report format.

News

2006-03-28: The CORAS Tool v2.1 Beta 1 has been released. This release improves security and contains enhanced diagram and table editing facilities, plus a number of other improvements and bugfixes. For more details, please see the release notes, or go ahead and download the CORAS Tool.

2006-03-14: A CORAS tutorial will be held at the CAISE'06 conference in Luxembourg, June 5-9.

2006-03-14: The CORAS Tool Subversion repository has been migrated to SourceForge. See the Subversion page for details on how to check out the source code. On another note, work is progressing on version 2.1, and we expect to have a beta version available shortly.

2005-11-27: The CORAS Tool version 2.0.3 has been released. This is a bugfix release which fixes an issue in the CORAS UML editor which prevented the user from creating certain relationships. See the download page.

[News archive]

Page updated March 28th 2006