Project deliverable Open Access
Security testing framework: strategy and approach
Schulz, Thorsten; Hohenegger, Andreas; Persson, Staffan; Ortega, Alvaro; Hametner, Reinhard; Paulitsch, Michael; Gries, Caspar; Tverdyshev, Sergey; Blasum, Holger; Tomáš, Kertis
DataCite XML Export
<?xml version='1.0' encoding='utf-8'?>
<resource xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://datacite.org/schema/kernel-4" xsi:schemaLocation="http://datacite.org/schema/kernel-4 http://schema.datacite.org/meta/kernel-4.1/metadata.xsd">
<identifier identifierType="DOI">10.5281/zenodo.2586591</identifier>
<creators>
<creator>
<creatorName>Schulz, Thorsten</creatorName>
<givenName>Thorsten</givenName>
<familyName>Schulz</familyName>
<affiliation>Universität Rostock</affiliation>
</creator>
<creator>
<creatorName>Hohenegger, Andreas</creatorName>
<givenName>Andreas</givenName>
<familyName>Hohenegger</familyName>
<affiliation>atsec information security GmbH</affiliation>
</creator>
<creator>
<creatorName>Persson, Staffan</creatorName>
<givenName>Staffan</givenName>
<familyName>Persson</familyName>
<affiliation>atsec information security GmbH</affiliation>
</creator>
<creator>
<creatorName>Ortega, Alvaro</creatorName>
<givenName>Alvaro</givenName>
<familyName>Ortega</familyName>
<affiliation>Epoche and Espri SLU</affiliation>
</creator>
<creator>
<creatorName>Hametner, Reinhard</creatorName>
<givenName>Reinhard</givenName>
<familyName>Hametner</familyName>
<affiliation>Thales Austria GmbH</affiliation>
</creator>
<creator>
<creatorName>Paulitsch, Michael</creatorName>
<givenName>Michael</givenName>
<familyName>Paulitsch</familyName>
<affiliation>Thales Austria GmbH</affiliation>
</creator>
<creator>
<creatorName>Gries, Caspar</creatorName>
<givenName>Caspar</givenName>
<familyName>Gries</familyName>
<affiliation>SYSGO AG</affiliation>
</creator>
<creator>
<creatorName>Tverdyshev, Sergey</creatorName>
<givenName>Sergey</givenName>
<familyName>Tverdyshev</familyName>
<affiliation>SYSGO AG</affiliation>
</creator>
<creator>
<creatorName>Blasum, Holger</creatorName>
<givenName>Holger</givenName>
<familyName>Blasum</familyName>
<affiliation>SYSGO AG</affiliation>
</creator>
<creator>
<creatorName>Tomáš, Kertis</creatorName>
<givenName>Kertis</givenName>
<familyName>Tomáš</familyName>
<affiliation>Unicontrols A.S.</affiliation>
</creator>
</creators>
<titles>
<title>Security testing framework: strategy and approach</title>
</titles>
<publisher>Zenodo</publisher>
<publicationYear>2017</publicationYear>
<subjects>
<subject>security framework</subject>
<subject>security testing</subject>
<subject>analysis</subject>
<subject>fuzz-test methodology</subject>
</subjects>
<dates>
<date dateType="Issued">2017-09-29</date>
</dates>
<language>en</language>
<resourceType resourceTypeGeneral="Text">Project deliverable</resourceType>
<alternateIdentifiers>
<alternateIdentifier alternateIdentifierType="url">https://zenodo.org/record/2586591</alternateIdentifier>
</alternateIdentifiers>
<relatedIdentifiers>
<relatedIdentifier relatedIdentifierType="DOI" relationType="IsVersionOf">10.5281/zenodo.2586590</relatedIdentifier>
<relatedIdentifier relatedIdentifierType="URL" relationType="IsPartOf">https://zenodo.org/communities/certmils</relatedIdentifier>
<relatedIdentifier relatedIdentifierType="URL" relationType="IsPartOf">https://zenodo.org/communities/mils</relatedIdentifier>
</relatedIdentifiers>
<version>1.0</version>
<rightsList>
<rights rightsURI="https://creativecommons.org/licenses/by/4.0/legalcode">Creative Commons Attribution 4.0 International</rights>
<rights rightsURI="info:eu-repo/semantics/openAccess">Open Access</rights>
</rightsList>
<descriptions>
<description descriptionType="Abstract"><p>This deliverable evaluates the state of the art in security testing techniques in relation to relevant industrial security standards. The research starts with a survey of non-industrial security frameworks and general identification of security vulnerabilities. We then have a look into the different testing contexts covered by Common Criteria requirements and IEC62443 standards and certification schemes. This is also brought into context with the certMILS application pilots and the applicability to testing of compositions as the fundamental architecture of a MILS system. Future work will focus on refining features of the testing framework for security testing of operating system components.The strategy for these activities is outlined in the third chapter, together with a short study of the technical feasibility.</p></description>
</descriptions>
<fundingReferences>
<fundingReference>
<funderName>European Commission</funderName>
<funderIdentifier funderIdentifierType="Crossref Funder ID">10.13039/501100000780</funderIdentifier>
<awardNumber awardURI="info:eu-repo/grantAgreement/EC/H2020/731456/">731456</awardNumber>
<awardTitle>Compositional security certification for medium- to high-assurance COTS-based systems in environments with emerging threats</awardTitle>
</fundingReference>
</fundingReferences>
</resource>
232
228
views
downloads
| All versions | This version | |
|---|---|---|
| Views | 232 | 232 |
| Downloads | 228 | 228 |
| Data volume | 272.9 MB | 272.9 MB |
| Unique views | 218 | 218 |
| Unique downloads | 209 | 209 |
Indexed in
- Publication date:
- September 29, 2017
- DOI:
-
- Keyword(s):
- security framework security testing analysis fuzz-test methodology
- Grants:
-
European Commission:
- certMILS - Compositional security certification for medium- to high-assurance COTS-based systems in environments with emerging threats (731456)
- Communities:
- License (for files):
- Creative Commons Attribution 4.0 International