Project deliverable Open Access

Security testing framework: strategy and approach

Schulz, Thorsten; Hohenegger, Andreas; Persson, Staffan; Ortega, Alvaro; Hametner, Reinhard; Paulitsch, Michael; Gries, Caspar; Tverdyshev, Sergey; Blasum, Holger; Tomáš, Kertis


MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="http://www.loc.gov/MARC21/slim">
  <leader>00000nam##2200000uu#4500</leader>
  <datafield tag="041" ind1=" " ind2=" ">
    <subfield code="a">eng</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">security  framework</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">security testing</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">analysis</subfield>
  </datafield>
  <datafield tag="653" ind1=" " ind2=" ">
    <subfield code="a">fuzz-test methodology</subfield>
  </datafield>
  <controlfield tag="005">20200120172302.0</controlfield>
  <controlfield tag="001">2586591</controlfield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">atsec information security GmbH</subfield>
    <subfield code="a">Hohenegger, Andreas</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">atsec information security GmbH</subfield>
    <subfield code="a">Persson, Staffan</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Epoche and Espri SLU</subfield>
    <subfield code="a">Ortega, Alvaro</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Thales Austria GmbH</subfield>
    <subfield code="a">Hametner, Reinhard</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Thales Austria GmbH</subfield>
    <subfield code="a">Paulitsch, Michael</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">SYSGO AG</subfield>
    <subfield code="a">Gries, Caspar</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">SYSGO AG</subfield>
    <subfield code="a">Tverdyshev, Sergey</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">SYSGO AG</subfield>
    <subfield code="a">Blasum, Holger</subfield>
  </datafield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Unicontrols A.S.</subfield>
    <subfield code="a">Tomáš, Kertis</subfield>
  </datafield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">1196822</subfield>
    <subfield code="z">md5:eb6fa10385ac85cf6e6972d2cd727a95</subfield>
    <subfield code="u">https://zenodo.org/record/2586591/files/certMILS-D4.1-SecurityTesting-Framework-PU-M09.pdf</subfield>
  </datafield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  </datafield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2017-09-29</subfield>
  </datafield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">openaire</subfield>
    <subfield code="p">user-certmils</subfield>
    <subfield code="p">user-mils</subfield>
    <subfield code="o">oai:zenodo.org:2586591</subfield>
  </datafield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="u">Universität Rostock</subfield>
    <subfield code="a">Schulz, Thorsten</subfield>
  </datafield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">Security testing framework: strategy and approach</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">user-certmils</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">user-mils</subfield>
  </datafield>
  <datafield tag="536" ind1=" " ind2=" ">
    <subfield code="c">731456</subfield>
    <subfield code="a">Compositional security certification for medium- to high-assurance COTS-based systems in environments with emerging threats</subfield>
  </datafield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u">https://creativecommons.org/licenses/by/4.0/legalcode</subfield>
    <subfield code="a">Creative Commons Attribution 4.0 International</subfield>
  </datafield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2">opendefinition.org</subfield>
  </datafield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;p&gt;This deliverable evaluates the state of the art in security testing techniques in relation to relevant industrial security standards. The research starts with a survey of non-industrial security frameworks and general identification of security vulnerabilities. We then have a look into the different testing contexts covered by Common Criteria requirements and IEC62443 standards and certification schemes. This is also brought into context with the certMILS application pilots and the applicability to testing of compositions as the fundamental architecture of a MILS system. Future work will focus on refining features of the testing framework for security testing of operating system components.The strategy for these activities is outlined in the third chapter, together with a short study of the technical feasibility.&lt;/p&gt;</subfield>
  </datafield>
  <datafield tag="773" ind1=" " ind2=" ">
    <subfield code="n">doi</subfield>
    <subfield code="i">isVersionOf</subfield>
    <subfield code="a">10.5281/zenodo.2586590</subfield>
  </datafield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.5281/zenodo.2586591</subfield>
    <subfield code="2">doi</subfield>
  </datafield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">publication</subfield>
    <subfield code="b">deliverable</subfield>
  </datafield>
</record>
232
228
views
downloads
All versions This version
Views 232232
Downloads 228228
Data volume 272.9 MB272.9 MB
Unique views 218218
Unique downloads 209209

Share

Cite as