Pattern-Based Risk Identification for Model-Based Risk Management

Heisel, Maritta; Wagner, Marvin

doi:10.1007/978-3-031-40132-9_8

Maritta Heisel¹⁰ &
Marvin Wagner¹⁰

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14165))

181 Accesses

Abstract

In a previous publication, we have introduced Risk Issue Questionnaires (RIQs) that serve to support risk identification for critical systems. The starting point of our risk identification method are architectural patterns contained in a system architecture, e.g., process control loops or interactive systems. A RIQ enumerates the typical risks associated with such a pattern. By assessing for each issue contained in a RIQ whether it is relevant or not, risks for the system under analysis are identified in a systematic way.

In this paper, we complement the RIQ method by a method to set up and validate CORAS threat models for documenting the identified risks. In this way, we provide a basis to perform the further steps of a model-based risk management process. We equip our RIQs with modeling hints that specify what kind of modeling element should be used to represent a given issue in a threat model. Furthermore, we define formal validation conditions (VCs) that allow the risk modeler to check the generated threat models for coherence and completeness, and present a modeling tool that is able to check the defined VCs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 59.99; Price excludes VAT (USA)

Softcover Book: USD 74.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
Note that ISO 31000 also mentions positive consequences. However, such consequences do not require any treatment and are hence not taken into account in our work.
2.
When we use the term “HAZOP”, we mean that the HAZOP guide-words [4] should be considered to determine what “wrong” values may be, e.g. no, early, reverse, etc.
3.
The chain of threat scenarios must explain how the newly introduced threat scenario can harm the asset, which has been specified when marking the issue as relevant.
4.
It is not mandatory that the names of the modeling elements reflect the wording of the instantiated RIQs, but usually it is useful for traceability reasons.
5.
To better map the model with the RIQ items, we include the number of the RIQ issue in the name of the modeling element.
6.
https://www.eclipse.org/modeling/emf/, accessed January 11, 2023.
7.
https://www.eclipse.org/sirius/, accessed January 11, 2023.
8.
https://www.eclipse.org/acceleo/documentation/, accessed January 11, 2023.
9.
https://www.omg.org/spec/OCL/, accessed January 11, 2023.
10.
https://www.obeodesigner.com/en/, accessed January 11, 2023.
11.
https://www.first.org/cvss/, accessed January 6, 2023.

References

International Organization for Standardization: ISO 31000:2018 Risk management - Principles and guidelines. Standard (2018)
Google Scholar
Heisel, M., Omerovic, A.: Risk identification based on architectural patterns. In: Paiva, A.C.R., Cavalli, A.R., Ventura Martins, P., Pérez-Castillo, R. (eds.) QUATIC 2021. CCIS, vol. 1439, pp. 341–355. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85347-1_25
Chapter Google Scholar
Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis, The CORAS Approach. Springer (2010). https://doi.org/10.1007/978-3-642-12323-8
IEC: Hazard and Operability Studies (HAZOP studies). IEC 61882, International Electrotechnical Commission (IEC) (2001)
Google Scholar
Jackson, M.: Problem Frames: Analyzing and Structuring Software Development Problems. Addison-Wesley Longman Publishing Co., Inc. (2001)
Google Scholar
Tuma, K., Çalikli, G., Scandariato, R.: Threat analysis of software systems: a systematic literature review. J. Syst. Softw. 144, 275–294 (2018)
Article Google Scholar
Mayer, N., Aubert, J., Grandry, E., Feltus, C., Goettelmann, E., Wieringa, R.J.: An integrated conceptual model for information system security risk management supported by enterprise architecture management. Softw. Syst. Model. 18(3), 2285–2312 (2019)
Article Google Scholar
Mohammadi, N.G., Goeke, L., Heisel, M., Surridge, M.: Systematic risk assessment of cloud computing systems using a combined model-based approach. In Filipe, J., Smialek, M., Brodsky, A., Hammoudi, S., eds.: Proceedings of the 22nd International Conference on Enterprise Information Systems, ICEIS 2020, Prague, Czech Republic, 5–7 May 2020, vol. 2, pp. 53–66. SCITEPRESS (2020)
Google Scholar
Maidl, M., Wirtz, R., Zhao, T., Heisel, M., Wagner, M.: Pattern-based modeling of cyber-physical systems for analyzing security. In Sousa, T.B., ed.: Proceedings of the 24th European Conference on Pattern Languages of Programs, EuroPLoP 2019, Irsee, Germany, 3–7 July 2019, pp. 23:1–23:10. ACM (2019)
Google Scholar
Shaked, A., Margalit, O.: Sustainable risk identification using formal ontologies. Algorithms 15(9), 316 (2022)
Article Google Scholar
Leveson, N.: Engineering a safer world : systems thinking applied to safety. MIT Press (2011)
Google Scholar
Beckers, K., Frese, T., Hatebur, D., Heisel, M.: A structured and model-based hazard analysis and risk assessment method for automotive systems. In: Procs of the 24th IEEE International Symposium on Software Reliability Engineering, pp. 238–247. IEEE Computer Society (2013)
Google Scholar
Neema, H., Wang, L., Koutsoukos, X.D., Tang, C.Y., Stouffer, K.: Model-based risk analysis approach for network vulnerability and security of the critical railway infrastructure. In David, D.P., Mermoud, A., Maillart, T. (eds.).: Critical Information Infrastructures Security - 16th International Conference, CRITIS 2021, Lausanne, Switzerland, 27–29 September 2021, Revised Selected Papers, vol. 13139. LNCS, pp. 79–98. Springer (2021). https://doi.org/10.1007/978-3-030-93200-8_5

Download references

Acknowledgments

We thank Jens Leicht, Thomas Santen and Roman Wirtz for their useful comments on this work.

Author information

Authors and Affiliations

University of Duisburg-Essen, Duisburg, Germany
Maritta Heisel & Marvin Wagner

Authors

Maritta Heisel
View author publications
You can also search for this author in PubMed Google Scholar
Marvin Wagner
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Maritta Heisel .

Editor information

Editors and Affiliations

Technical University of Denmark, Lyngby, Denmark
Anne E. Haxthausen
University of Bremen, Bremen, Germany
Wen-ling Huang
Swansea University, Swansea, UK
Markus Roggenbach

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Heisel, M., Wagner, M. (2023). Pattern-Based Risk Identification for Model-Based Risk Management. In: Haxthausen, A.E., Huang, Wl., Roggenbach, M. (eds) Applicable Formal Methods for Safe Industrial Products. Lecture Notes in Computer Science, vol 14165. Springer, Cham. https://doi.org/10.1007/978-3-031-40132-9_8

Download citation

DOI: https://doi.org/10.1007/978-3-031-40132-9_8
Published: 17 August 2023
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-40131-2
Online ISBN: 978-3-031-40132-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Pattern-Based Risk Identification for Model-Based Risk Management