Sophia Antipolis, 25 January 2012

Slides:



Advertisements
Similar presentations
Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI All rights reserved.
Advertisements

SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.
Assurance Continuity: What and How? Nithya Rachamadugu September 25, 2007.
Best Practices Working Group June 19-21, 2001 Munich, Germany.
Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Jeju, 13 – 16 May 2013Standards for Shared ICT TIA TR-50 M2M-Smart Device Communications Dr. Jeffery Smith Chief Innovation and Technology Officer/EVP.
Geneva, October 9, 2012 GSC16bis-IPR-09 TTC Activities on IPR in Standards October 9, 2012 Yukio Hiramatsu Chairman, TTC IPR Committee Document No: GSC16bis-IPR-09.
Representing nursing in SNOMED CT Proposal for TR or Guideline.
9 th International Common Criteria Conference Report to IEEE P2600 WG Brian Smithson Ricoh Americas Corporation 10/24/2008.
SECURITY SIG IN MTS Fraunhofer FOKUS Tallinn, 4-5 October 2011 Berlin, 15 December 2011 update.
SECURITY SIG IN MTS 02 ND OCTOBER 2013 PROGRESS REPORT Fraunhofer FOKUS.
World Class Standards 44TD21 The ETSI Standards Engineering Process STF308 DTR/MTS Steve Randall STF308 © ETSI All rights reserved MTS#44 March.
Jeju, 13 – 16 May 2013Standards for Shared ICT ETSI Conformance and Interoperability Testing Jørgen Friis ETSI Chief Services Officer (CSO) Document No:
SAE Cybersecurity Standards Activity
SQA project process standards IEEE software engineering standards
Jürgen Großmann, Fraunhofer FOKUS
JU September Stakeholder Engagement Conference Webinar #1
Security SIG#6‘ in MTS 26th November 2012 Agenda & report
Outcome TFCS-05 // May OICA, Paris
CONFORMIQ DESIGNER 2012 MTS #55 Meeting.
Security SIG in MTS 05th November 2013 DEG/MTS RISK-BASED SECURITY TESTING Fraunhofer FOKUS.
Chapter 10 Software Quality Assurance& Test Plan Software Testing
SQA project process standards IEEE software engineering standards
Global Standards Collaboration (GSC) GSC-15
RECENT DICUSSIONS IN ITU-T ON COLLABORATION
Security SIG in MTS Fraunhofer FOKUS Tallinn, 4-5 October 2011.
CCSDS System Engineering
TTC Activities on IPR in Standards
ISTQB Foundation Let’s Get Started!.
Hyper-V Cloud Proof of Concept Kickoff Meeting <Customer Name>
ETSI EE status of activities in 2013
ETSI Standardization Activities on M2M communications
Mapping Special Interest Group SNOMED IHTSDO
Status Report November 2007
Berlin, 15 December 2011 update
Outcome TFCS-11// February Washington DC
ETSI Conformance and Interoperability Testing
EU R&D in cybersecurity's certification
Security in MTS 14th May2013 SIG Report
Security in MTS 19th September 2012 SIG Report
Security SIG in MTS Fraunhofer FOKUS Tallinn, 4-5 October 2011.
9th International Common Criteria Conference Report to IEEE P2600 WG
Automated Interoperability Testing
ESS Vision 2020: ESS.VIP Validation
Berlin, 15 December 2011 update
Berlin, 15 December 2011 update
STF 442 Specialist Task Force initiated by ETSI MTS Manpower Duration
ETSI Work Item on “Test Description Language”
Security SIG#4 in MTS 10th August 2012
Security SIG#4 in MTS 10th August 2012 Report
Security SIG#5 in MTS 19th September 2012 Agenda
TB/ISG <name> Management report to OCG#xx – date
Security SIG#7 in MTS 18th January 2013 draft Agenda
Massimo Bezzi - Vice President
Security SIG in MTS 27th January 2016 Progress Report
Milan Zoric Centre for Testing and Interoperability ETSI
Security SIG#6 in MTS 19th November 2012 draft Agenda
CONFORMIQ DESIGNER Proposal for 2012 MBT Standardization Activities Stephan Schulz (MTS Chair)
MTS WG TST STATUS Axel Rennoch MTS#74, Sophia-Antipolis, May 24, 2018.
TIA TR-50 M2M-Smart Device Communications
I&C requirements and configuration management
ESO response to EU RFID Mandate M/436
Overview of the recommendations on software updates
Axel Rennoch MTS#74, Sophia-Antipolis, May 24, 2018
UCAAT 2017 is hosted and organised by Fraunhofer FOKUS.
Axel Rennoch MTS#73, Munich, January 23, 2017
Open API and Open Architecture Working Group (OA2-WG) *DRAFT*
Security in MTS 19th September 2012 SIG Report
Introduction of TC MTS - Methods for Testing and Specification
Presentation transcript:

Sophia Antipolis, 25 January 2012 Security SIG in MTS Fraunhofer FOKUS Sophia Antipolis, 25 January 2012

Overview SIG#1 meeting report Status and next steps New contributions Presentation by Ari (terminology) Contribution by Ian (lifecycle) TVRA presentation by Jan, Siv, Scott

SIG#1 meeting Participants from ten companies Bryant, Ian National Policing Improvement Agency Cadzow, Scott Cadzow Communications Consulting Ltd. Grossmann, Juergen FhG FOKUS Jakob, Felix Dornier Consulting Engineering & Services GmbH Mallouli, Wissam Montimage Pietsch, Stephan Testing Technologies IST GmbH Rennoch, Axel FhG FOKUS Schieferdecker, Ina FhG FOKUS Schmitting, Peter FSCOM SARL Schulz, Stephan Conformiq Software Ltd. Stanca-Kaposta, Bogdan Testing Technologies IST GmbH Takanen, Ari Codenomicon Oy Vouffo Feudjio, Alain FhG FOKUS Weiser, Christian University of Oulu

Discussion and outcome SIG#1 meeting Discussion and outcome Short introduction by Fokus (cp. Tallinn slides) Discussion on the security scope in MTS Presentation by Scott regarding need for security evaluation Presentation by Ian regarding „security testing“ lifecycle (from requirements to maintenance) Discussion on NWI „wording“ Appointment of rapporteurs: Ari T. and Scott C.

Security „scope“ in MTS Model / Specification, system risks Risk Analysis (paper-based) guidance “Testing” (to break the system) Scanning (libs) “known attacks” Functional / traditional testing Neg. testing, unknown vul., config mistakes fuzzing -> product (units,…) (light) penetration -> system (=deployed product)

New Work Items Terminology: “Educational” material To collect the basic terminology and ontology (relationship between stake holder and application) to be used for security testing in order to have a common understanding in MTS and related committees. “Educational” material Case study experiences To assemble case study experiences related to security testing in order to have a common understanding in MTS and related committees. Industrial experiences may cover but are not restricted to the following domains: Smart Cards, Industrial Automation, Radio Protocols, Transport/Automotive, Telecommunication. Security design guide enabling test and assurance (V&V) Guidance to the application system designers that enable verification and validation across the lifecycle, including case studies from telecommunication and ICT.

Glossary sources Common Criteria for Information Technology Security Evaluation (CC) is the driving force for the widest available mutual recognition of secure IT products. This web portal is available to support the information on the status of the CCRA, the CC and the certification schemes, licensed laboratories, certified products and related information, news and events. ISO 27000 series of standards have been specifically reserved by ISO for information security matters. This of course, aligns with a number of other topics, including ISO 9000 (quality management) and ISO 14000 (environmental management). rfc2828 abbreviations, explanations, and recommendations for use of information system security terminology. OUSPG's Glossary of Vulnerability Testing Terminology https://www.ee.oulu.fi/research/ouspg/Glossary ISTQB Glossray of Testing Terms Standard glossary of terms used in Software Testing, Version 2.1 (dd. April 1st, 2010), Produced by the ‘Glossary Working Party’ International Software Testing Qualifications Board. Homepage:  http://www.german-testing-board.info/de/index.shtm# MBT Notations ETSI ES 202 951 V1.1.1 (2011-07) - MTS; MBT Requirements for Modelling Notations ETSI TR 102 840 V1.2.1 (2011-02) – MTS; Model-based testing in standardisation Security Information Event Management (ISG ISI) Security SIG in MTS, 4-5 October 2011

Meeting discussion Discussion on NWI#3 Discussion on NWI#1: Lifecycle by Ian become part of the introduction Work should be aligned with TISPAN Discussion on NWI#1: Ari presents security testing and fuzz testing terminology Separated bundling of terms (intro, list, discussion) Online monitoring may be own bundle Biggest need identified regarding Fuzzing terms No re-definition but coverage and references Not too much methodology (like fuzzing) Proposal to use a collaborative tool, but end up with word-document Security SIG in MTS, 4-5 October 2011

Terminology: initial collection, see contribution by Ari Status and next steps NWIs progress Terminology: initial collection, see contribution by Ari Case studies: starting later Validation: see contribution by Jan, Scott, Siv SIG#2 meeting: next date tbc with Ari and Scott Proposal: to organize a security testing session (three 20min presentations) for next ETSI security workshop 2013

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.