SECURITY IN MTS 14TH MAY2013 SIG REPORT Fraunhofer FOKUS
Security in MTS 14th May2013 SIG Report
Feb 23, 2016
Security in MTS 14th May2013 SIG Report. Fraunhofer FOKUS. Agenda ( 14.5.). 4 Participants : I. Bryant, A. Takanen, P . Schmitting , A . Rennoch, ( supported by E . Chaulot-Talmon ) ISO SC27 & ETSI Security workshop presentation 26th April Idea : MTS & SC27/WG3 Liaison - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
SECURITY IN MTS14TH MAY2013
SIG REPORT
Fraunhofer FOKUS
Agenda (14.5.)
4 Participants: I. Bryant, A. Takanen, P. Schmitting, A. Rennoch, (supported by E. Chaulot-Talmon)
ISO SC27 & ETSI Security workshop presentation 26th April• Idea: MTS & SC27/WG3 Liaison• TODO: send request (with current working
documents)Discussion of draft document
2
SC27 WG3 liaison (to be decided)
ISO/IEC 24759 Test requirements for cryptographic modules ISO/IEC 30127: Detailing software penetration testing under ISO/IEC 15408 and ISO/IEC 18045 vulnerability analysis ISO/IEC TR 20004 Refining software vulnerability analysis under ISO/IEC 15408 and ISO/IEC 18045
for ETSI 101583 (Terminology)for ETSI 201581 (Security guidelines)WG3 is interested in ETSI 101582 (case studies)
3
SC27 WG4 liaison (to be decided)
ISO/IEC 27034-4 Application security validation
for ETSI 201581 (Security guidelines)
4
WI status and schedules
1. Terminology and Concepts (Ari): 3rd draft (word document) considered comments and updates-> need to be reviewed (CTI or E2NA)2. Case studies (Ari/Jürgen): Plan: early draft with two case studies (Diamonds)2-3 more case studies expected September (from Diamonds and Spacios)
5
WI status and schedules
3. Design guide V&V (Scott/Ian): -> new draft available with new input from Ian and Scott (still early draft)Plan: stable draft and review in September.
4. Security Testing Methodology (Scott): Plan: results to be integrated in V&V
6
„Terminology“ (3rd draft)
3 Definitions, symbols and abbreviations4 Introduction to security testing
4.1 Types of security testing4.2 Penetration testing tools
4.3 Test verdicts in security testing
5 Security test requirements6 Functional security testing7 Performance testing for security8 Fuzz testing9 Security Testing activities mapped to SDLC
7
„Case studies“ (1st draft)
Project case studies from:
• DIAMONDS project• G&D Banking (available)• Accurate (available)• Radio • Automotive• More?
• SPACIOS project• tbd
8
„Case studies“ (1st draft)
For each of the case studies a similar structure of the description is planned. It will consist of the following parts:
• Characteriazation• Background (challenges)• System under Test• Risk Analysis
• Security Testing Approaches • Applied approaches• Comparison with SoA tools/techniques
• Results so far• Expectations• Test Results
• Exploitation (value of techniques)9
Next steps
Jürgen/Peter: complete Diamonds case study inputAri/Peter: Invite E2NA and CTI to review Terminology & Concepts (after stable draft) ???Ian/Scott: provide stable draft for SeptemberMTS: request formal liaison with ISO SC27/WG3&4
Next SIG meetings• Discussion of current drafts in MTS#59• No SIG meeting planned (only if new drafts
available)10
Related Documents
