Abstract
Summary.
The computer is most certain the best effective tool ever created for mankind. It has brought solutions and shortcuts in order to make life simpler. Because of its enormous concealment computers systems security, meaning the hardware and what is stored inside it, is threatened every second. Our concernment is about how these threats and risks directly affect other computer systems and software. We need to be in control of how to improve the security, and most importantly, how to improve it without making it less user friendly. Before we actually can deal with problems, we have to survey what threats and risks we might face. We have to calculate and evaluate the likelihood of things which might go wrong and how this will have an impact on our system. In order to do all this we have to make use of risk analyses and security seeking techniques.
This thesis presents CORAS analysis, which is a method for risk analyses, and Markov chains, which is a method for probability estimation. The context of the work has been to introduce the idea of an active relation between CORAS diagrams and Markov chains. We have seen through different scenarios if and how they can be related. The result of this thesis is a method including simulation of the system on the basis of CORAS threat diagrams, that produces the needed values to use Markov chains to calculate the probability.