The ROME is a software implementation of the CAESAR method. The purpose of the CAESAR method is to illustrate the possibilities of structural system security assessment methods. Thus, it estimates the security level of an entire distributed information system, based on the security level of, and the relations between, its included components. However, being an illustration of structural system security assessment methods CAESAR is far from complete and the design choices made are topics of discussion.

The software implementation of the CAESAR system security assessment method is called ROME. The purpose of ROME is threefold:

  • to illustrate the CAESAR method with an intuitive and comprehensive tool,
  • to evaluate existing or planned systems using the CAESAR method, and
  • to evaluate and enhance the CAESAR method.

ROME supports all classes and physical relations as described in Appendix A. It allows system models to be created and stored as well as existing system models to be modified or examined. Models are evaluated in real time. The alterations of relations and components immediately affect other components and the overall security level. Evaluation results are displayed in highly configurable color or shape shifts, on either one of several component levels or on the overall system level. The figure below shows a screenshot of the main window of the ROME software.

In the upper left corner, system information is displayed. Both modeled properties, such as the number of components, and calculated properties, such as the overall security level are displayed. In the lower left corner, the currently selected component is showed along with both modeled properties, such as its name, class and security level estimate, and calculated properties, such as its neighboring security contribution and system-dependent security level. In the upper right corner, a pie chart along with a percentile is shown. The color of the pie chart changes depending on the current overall security level of the modeled system from blue when 100% secure to red when 0% secure. The large window to the right is the workspace, where the modeled system is displayed. Each class has its own icon. Physical relations are shown as gray lines between components. Also concerning ROME further details can be found in (Hallberg Jonas, Hunstad Amund, Bond Anders, Peterson Mikael, & Påhlsson Nils, 2004).