Menu
▾
▴
coras-users — Mailing list for CORAS users
You can subscribe to this list here.
| 2005 |
Jan
(6) |
Feb
|
Mar
|
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(3) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2007 |
Jan
(1) |
Feb
|
Mar
|
Apr
(1) |
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
|
From: Edward B. <edw...@gm...> - 2011-10-29 16:29:17
|
Hello - Does anyone still use this list? CORAS looks like a nice package, except there seems to be a problem with setting the login/password. Following the very rudimentary instructions does not help me. Has anyone gotten this to work? Can you please send me the exact format of the entries in the files where usernames and passwords are kept for CORAS? Thanks - Ed |
|
From: jimena <ji...@gm...> - 2008-03-24 22:00:33
|
Hello, My colleages and me have been reading about CORAS Methodology and using the Tool as an assignment of a security subject at university (I'm an Informatics Engineer student at UBA in Argentina). We would like to ask you for some information about the consistency checks the tool does over the tables and other elements, and about the versioning it provides. We didn't find instructions in the "Getting started" guide, so any guide will be really appreciated. We would also like to know about any recent new/update available, or project status, as we observe last activity in sourceforge dates from 2006/2007. Thank you very much. |
|
From: Dexter B. <ms...@ms...> - 2007-05-02 19:12:31
|
hello,
I have been given an assignment to conduct a Threat Assessment on an
applications authentication and authorization sub-systems. I did extensive
research using ACM, IEEE Computer Society and even ProQuest to find a
suitable Threat Assessment methodology but was unable to find any. I did
find Threat Modelling and Risk Analysis methodologies, but nothing that
specifically stated 'Threat Assessment'.
I have surmised that most risk analysis methodologies, such as CORAS,
probably possess a threat assessment component. I have installed CORAS tool
2.0.3 and studied the framework thoroughly, but I am uncertain as to which
activities constitute a threat assessment. I am thinking that a threat
assessment exercise using CORAS should proceed as follows. From the CORAS
framework, the risk analysis technique should be executed as was
demonstrated in the Raptis, Dimitrakos, Axel Gran & Stølen 2002 trial. The
CORAS methodology from start through 2.2 should be employed to drive this
process. The vulnerability assessment will be excluded because it is beyond
the scope of a threat assessment. The CORAS tool will be used where possible
to document the process.
Can anyone confirm whether this is the correct approach for a Threat
Assessment using CORAS? Also, I don't seem to be able to create UML diagrams
with the tool. The menu otption is available, but I don't see how the
symbols are created on the UML diagram tab. Is UML only an import functiuon?
Thanks for any feedback.
DRB
|
|
From: Dexter B. <ms...@ms...> - 2007-05-02 13:16:37
|
<html><div style='background-color:'><P><BR><BR></P> <DIV class=RTE> <P>I have been given an assignment to conduct a Threat Assessment on an applications authentication and authorization sub-systems. I did extensive research using ACM, IEEE Computer Society and even ProQuest to find a suitable Threat Assessment methodology but was unable to find any. I did find Threat Modelling and Risk Analysis methodologies, but nothing that specifically stated 'Threat Assessment'. </P> <P>I have surmised that most risk analysis methodologies, such as CORAS, probably possess a threat assessment component. I have installed CORAS tool 2.0.3 and studied the framework thoroughly, but I am uncertain as to which activities constitute a threat assessment. I am thinking that a threat assessment exercise using CORAS should proceed as follows. From the CORAS framework, the risk analysis technique should be executed as was demonstrated in the Raptis, Dimitrakos, Axel Gran & Stølen 2002 trial. The CORAS methodology from start through 2.2 should be employed to drive this process. The vulnerability assessment will be excluded because it is beyond the scope of a threat assessment. The CORAS tool will be used where possible to document the process.</P> <P></P> <P></P> <P>Can anyone confirm whether this is the correct approach for a Threat Assessment using CORAS? Also, I don't seem to be able to create UML diagrams with the tool. The menu otption is available, but I don't see how the symbols are created on the UML diagram tab. Is UML only an import functiuon? Thanks for any feedback.</P> <P>DRB</P> <P> </P><FONT face=Arial size=2></FONT></DIV></div></html> |
|
From: boonhoo <th...@gm...> - 2007-04-05 02:16:21
|
Hi, I have installed the 2.1b1 version of coras-tool, but I am having problem with login. After creating the user accounts, the coras client keep returning 'wrong username / password' message. I checked the salt.properties file and the password seem to be hashed. I am using java version 1.4.2_07. Many thanks in advance. Regards, Boon Hoo |
|
From: Bjarte H. <Bja...@no...> - 2007-01-11 11:04:07
|
Hi I have the same problem that others also have reported. After = installing the tool and starting the server, the client will not = authenticate. This seems to be a generic problem to this SW version, is = it related to any JDK dependencies? I am using JDK 1.5_06. Please find = attached the log files. Bjarte Heggsum Thales Norway AS mobile: +47 90 92 92 03=20 |
|
From: <don...@co...> - 2006-07-18 19:06:56
|
from the client\log: 2006-07-08 09:46:08,510 DEBUG [org.jboss.security.ssl.RMISSLClientSocketFactory] createSocket, host=192.168.0.10, port=14445,needsClientAuth=false, wantsClientAuth=true 2006-07-08 09:46:08,520 DEBUG [coras.client.ui.LoginDialog] Authentication error: error during JRMP connection establishment; nested exception is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source) at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source) at sun.rmi.server.UnicastRef.invoke(Unknown Source) at org.jboss.invocation.jrmp.server.JRMPInvoker_Stub.invoke(Unknown Source) at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvokerProxy.java:119) at org.jboss.invocation.InvokerInterceptor.invokeInvoker(InvokerInterceptor.java:227) at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:167) at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46) at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:55) at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:169) at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:86) at $Proxy1.create(Unknown Source) at coras.client.ui.LoginDialog.login(LoginDialog.java:190) at coras.client.ui.LoginDialog$4.actionPerformed(LoginDialog.java:324) at javax.swing.AbstractButton.fireActionPerformed(Unknown Source) at javax.swing.AbstractButton$ForwardActionEvents.actionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.setPressed(Unknown Source) at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) at java.awt.Component.processMouseEvent(Unknown Source) at java.awt.Component.processEvent(Unknown Source) at java.awt.Container.processEvent(Unknown Source) at java.awt.Component.dispatchEventImpl(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Window.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.EventQueue.dispatchEvent(Unknown Source) at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) at java.awt.Dialog$1.run(Unknown Source) at java.awt.Dialog$3.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.awt.Dialog.show(Unknown Source) at java.awt.Component.show(Unknown Source) at java.awt.Component.setVisible(Unknown Source) at coras.client.CorasClient.login(CorasClient.java:566) at coras.client.CorasClient.access$000(CorasClient.java:113) at coras.client.CorasClient$1.windowOpened(CorasClient.java:467) at java.awt.Window.processWindowEvent(Unknown Source) at javax.swing.JFrame.processWindowEvent(Unknown Source) at java.awt.Window.processEvent(Unknown Source) at java.awt.Component.dispatchEventImpl(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Window.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.EventQueue.dispatchEvent(Unknown Source) at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) at java.awt.EventDispatchThread.pumpEvents(Unknown Source) at java.awt.EventDispatchThread.pumpEvents(Unknown Source) at java.awt.EventDispatchThread.run(Unknown Source) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source) at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source) at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source) at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source) at java.io.BufferedOutputStream.flushBuffer(Unknown Source) at java.io.BufferedOutputStream.flush(Unknown Source) at java.io.DataOutputStream.flush(Unknown Source) ... 57 more Caused by: sun.security.validator.ValidatorException: No trusted certificate found at sun.security.validator.SimpleValidator.buildTrustedChain(Unknown Source) at sun.security.validator.SimpleValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source) ... 67 more -------------- Original message -------------- From: "Vraalsen Fredrik" <Fre...@si...> > Hi Don, > > Well, since the config files seem to be updated (I assume you mean > users/roles/salt.properties in the server\default\conf directory), I am > not exactly sure what the problem could be. > > Could you send me any log files from the 'client\log' and > 'server\default\log' directory? > > > Best regards, > > Fredrik Vraalsen > CORAS development team > > > -----Original Message----- > From: cor...@li... > [mailto:cor...@li...] On Behalf Of > don...@co... > Sent: 17. juli 2006 18:27 > To: cor...@li... > Subject: [Coras-users] Authentication Problem with 2.1b1? > > Having issues authenticating against 2.1b1 with jdk1.5.0_07. > admin-users.bat appears to be working since account/pwd_hash is put into > the config files, but receive "Wrong username or password". > > No apparent error in server logs. > > Any assistance is appreciated. > > Thanks, > > Don |
|
From: Vraalsen F. <Fre...@si...> - 2006-07-18 18:51:28
|
Hi Don, Well, since the config files seem to be updated (I assume you mean users/roles/salt.properties in the server\default\conf directory), I am not exactly sure what the problem could be. Could you send me any log files from the 'client\log' and 'server\default\log' directory? Best regards, Fredrik Vraalsen CORAS development team -----Original Message----- From: cor...@li... [mailto:cor...@li...] On Behalf Of don...@co... Sent: 17. juli 2006 18:27 To: cor...@li... Subject: [Coras-users] Authentication Problem with 2.1b1? Having issues authenticating against 2.1b1 with jdk1.5.0_07. admin-users.bat appears to be working since account/pwd_hash is put into the config files, but receive "Wrong username or password". =20 =20 No apparent error in server logs. =20 Any assistance is appreciated.=20 =20 Thanks, =20 Don |
|
From: <don...@co...> - 2006-07-17 16:27:22
|
Having issues authenticating against 2.1b1 with jdk1.5.0_07. admin-users.bat appears to be working since account/pwd_hash is put into the config files, but receive "Wrong username or password". No apparent error in server logs. Any assistance is appreciated. Thanks, Don |
|
From: Vraalsen F. <Fre...@si...> - 2005-04-22 06:27:46
|
Dear Carlos, Which operating system are you using? Have you downloaded the installer = jar file (CorasTool-2.0b2-installer.jar)? There is no zip distribution = of the latest version of the CORAS platform (2.0 beta 2), except for the = source code package. The installer can be found at = http://prdownloads.sourceforge.net/coras/CorasTool-2.0b2-installer.jar?do= wnload In Windows, you should be able to install by just double clicking the = jar file, or you can run the command "java -jar = CorasTool-2.0b2-installer.jar" from the command line (all OSes). Please let me know if you have any more questions. Best regards, Fredrik Vraalsen SINTEF Information and Communication Technology P.O. Box 124, Blindern N-0314 Oslo, Norway=20 Direct: (+47) 22 06 73 45 Fax : (+47) 22 06 73 50 E-mail: fre...@si... Web : http://www.sintef.no/=20 ________________________________ From: cor...@li... = [mailto:cor...@li...] On Behalf Of Carlos = Maur=EDcio de B. Mello Sent: 21. april 2005 15:27 To: cor...@li... Subject: [Coras-users] How to install =09 =09 Recently, I have asked for instructions about how to install CORAS. I have received a link with the instructions. =20 I download the file; When I unzip this file, it creates some directories. =20 The instructions say to execute some .bat files inside bin directory, = but They are not in there. =20 I could not find any file .bat. =20 Is there anything wrong with the installation file posted in CORAS = HomePage?? =20 I'll be waiting for some help. =20 Thank You in an advanced. =20 Carlos Mello cmb...@in... |
|
From: <cmb...@in...> - 2005-04-21 13:27:52
|
Recently, I have asked for instructions about how to install CORAS. I have received a link with the instructions. I download the file; When I unzip this file, it creates some directories. The instructions say to execute some .bat files inside bin directory, = but They are not in there. I could not find any file .bat. Is there anything wrong with the installation file posted in CORAS = HomePage?? I'll be waiting for some help. Thank You in an advanced. Carlos Mello cmb...@in... |
|
From: Eddy C. <e.c...@gr...> - 2005-01-13 02:22:49
|
Hi Fredrik, I have not tried too many tables, but stakeholder table seems to exhibit this behaviour. Asset table seems to be fine. Cheers, Eddy "Vraalsen Fredrik" <Fre...@si...> 12/01/05 11:25 PM To "Eddy Cheung" <e.c...@gr...>, <cor...@li...> cc Subject RE: [Coras-users] Identifier in the tables Hi Eddy, No, you should be able to use anything for the identifier. This is on purpose, as the identifier will show up many times in the later tables (e.g. stakeholder id in the asset table), and as such should have more meaningful content than just a number. I have not experienced the problem you describe. Could you give some more details? Which particular table type did you use? Best regards, Fredrik Vraalsen CORAS Development team http://coras.sourceforge.net/ SINTEF Information and Communication Technology http://www.sintef.no/ -----Original Message----- From: cor...@li... [mailto:cor...@li...] On Behalf Of Eddy Cheung Sent: 5. januar 2005 06:55 To: cor...@li... Subject: [Coras-users] Identifier in the tables Hi Fredrik, I started to experiment with the Coras tool. I notice the a strange behaviour when saving the tables. Usually in any table, there is an identifier for the item. For example, asset id, stakeholder ID, etc. To improve readability, I usually use prefix in front of the identifier. for example: informational asset would be INF-001. This style works fine except when it comes to save. The identifier in last row would always shorten to just the number. Is the identifier field only limited to numerical values? Thanks, Eddy ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Coras-users mailing list Cor...@li... https://lists.sourceforge.net/lists/listinfo/coras-users |
|
From: Vraalsen F. <Fre...@si...> - 2005-01-12 13:25:59
|
Hi Eddy, No, you should be able to use anything for the identifier. This is on purpose, as the identifier will show up many times in the later tables (e.g. stakeholder id in the asset table), and as such should have more meaningful content than just a number. I have not experienced the problem you describe. Could you give some more details? Which particular table type did you use? Best regards, Fredrik Vraalsen CORAS Development team http://coras.sourceforge.net/=20 SINTEF Information and Communication Technology http://www.sintef.no/ -----Original Message----- From: cor...@li... [mailto:cor...@li...] On Behalf Of Eddy Cheung Sent: 5. januar 2005 06:55 To: cor...@li... Subject: [Coras-users] Identifier in the tables Hi Fredrik, I started to experiment with the Coras tool. I notice the a strange behaviour when saving the tables. Usually in any table, there is an identifier for the item. For example, asset id, stakeholder ID, etc.=20 To improve readability, I usually use prefix in front of the identifier. for example: informational asset would be INF-001. This style works fine except when it comes to save. The identifier in last row would always shorten to just the number. Is the identifier field only limited to numerical values? Thanks, Eddy ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Coras-users mailing list Cor...@li... https://lists.sourceforge.net/lists/listinfo/coras-users |
|
From: Eddy C. <e.c...@gr...> - 2005-01-05 05:54:38
|
Hi Fredrik, I started to experiment with the Coras tool. I notice the a strange behaviour when saving the tables. Usually in any table, there is an identifier for the item. For example, asset id, stakeholder ID, etc. To improve readability, I usually use prefix in front of the identifier. for example: informational asset would be INF-001. This style works fine except when it comes to save. The identifier in last row would always shorten to just the number. Is the identifier field only limited to numerical values? Thanks, Eddy |
|
From: Eddy C. <e.c...@gr...> - 2005-01-04 11:48:49
|
Hi Fredick, Thanks. It seems to do the trick. I will play with it a bit more. If there is any problem, I will let you know. Cheers, Eddy "Vraalsen Fredrik" <Fre...@si...> 04/01/05 06:00 PM To "Eddy Cheung" <e.c...@gr...>, <cor...@li...> cc Subject RE: [Coras-users] Coras Tool v2.0b2 Error exception Hi Eddy, Thanks for your bug report! I believe I know what the cause of the problem is. The library path is not set properly for JBoss, so it does not use the proper XML libraries (unless you are using JDK 1.5). Could you try running the server with the attached start-server.sh and let me know if this helps? Then I can upload a fixed version to SourceForge. Best regards, Fredrik Vraalsen CORAS development team SINTEF Information and Communication Technology -----Original Message----- From: cor...@li... [mailto:cor...@li...] On Behalf Of Eddy Cheung Sent: 4. januar 2005 02:43 To: cor...@li... Subject: [Coras-users] Coras Tool v2.0b2 Error exception Hi All, Downloaded Coras Tool v2.0b2, but it seems it need some configuration out of the box that may not be documented. I tried to follow the instruction in the help to create a new project. However, when the name and other details is enter to create new project, it did not show up. A closer look at the console show a range of exception been thrown. It seems there is a problem with asset configuration. The server started fine without any problem until the client connects to it. On the other hand, the client has a range of exception been thrown. Attached is two files capturing the exceptions. Operating Environment: MacOS X 10.3.7. Java VM: Java HotSpot(TM) Client VM 1.4.2-38,"Apple Computer, Inc." Thanks, Eddy |
|
From: Vraalsen F. <Fre...@si...> - 2005-01-04 08:00:26
|
Hi Eddy, Thanks for your bug report! I believe I know what the cause of the problem is. The library path is not set properly for JBoss, so it does not use the proper XML libraries (unless you are using JDK 1.5). Could you try running the server with the attached start-server.sh and let me know if this helps? Then I can upload a fixed version to SourceForge. Best regards, Fredrik Vraalsen CORAS development team SINTEF Information and Communication Technology -----Original Message----- From: cor...@li... [mailto:cor...@li...] On Behalf Of Eddy Cheung Sent: 4. januar 2005 02:43 To: cor...@li... Subject: [Coras-users] Coras Tool v2.0b2 Error exception Hi All, Downloaded Coras Tool v2.0b2, but it seems it need some configuration out of the box that may not be documented. I tried to follow the instruction in the help to create a new project.=20 However, when the name and other details is enter to create new project, it did not show up. A closer look at the console show a range of exception been thrown. It seems there is a problem with asset configuration.=20 The server started fine without any problem until the client connects to it. On the other hand, the client has a range of exception been thrown. Attached is two files capturing the exceptions. Operating Environment: MacOS X 10.3.7.=20 Java VM: Java HotSpot(TM) Client VM 1.4.2-38,"Apple Computer, Inc." Thanks, Eddy |
|
From: Eddy C. <e.c...@gr...> - 2005-01-04 01:43:00
|
Hi All, Downloaded Coras Tool v2.0b2, but it seems it need some configuration out of the box that may not be documented. I tried to follow the instruction in the help to create a new project. However, when the name and other details is enter to create new project, it did not show up. A closer look at the console show a range of exception been thrown. It seems there is a problem with asset configuration. The server started fine without any problem until the client connects to it. On the other hand, the client has a range of exception been thrown. Attached is two files capturing the exceptions. Operating Environment: MacOS X 10.3.7. Java VM: Java HotSpot(TM) Client VM 1.4.2-38,"Apple Computer, Inc." Thanks, Eddy |