CHARIOT-VESSEDIA Workshop 9 May 2019, Dublin, Ireland

Slides:



Advertisements
Similar presentations
Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
Advertisements

Implementing the SET-plan proposed Energy Efficiency Directive The proposed Directive establishes a common framework for promoting energy efficiency in.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
School of Computing, Dublin Institute of Technology.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
7.2 System Development Life Cycle (SDLC)
Computer Security: Principles and Practice
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Software Engineering Tools and Methods Presented by: Mohammad Enamur Rashid( ) Mohammad Rashim Uddin( ) Masud Ur Rahman( )
The Knowledge Resources Guide The SUVOT Project Sustainable and Vocational Tourism Rimini, 20 October 2005.
CSI315 Web Applications and Technology Overview of Systems Development (342)
Test Organization and Management
ISO Tor Stålhane IDI / NTNU. What is ISO ISO 9001 was developed for the production industry but has a rather general structure ISO describes.
Information Systems Security Computer System Life Cycle Security.
CLEANROOM SOFTWARE ENGINEERING.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
© 2011 Underwriters Laboratories Inc. All rights reserved. This document may not be reproduced or distributed without authorization. ASSET Safety Management.
MD Digital Government Summit, June 26, Maryland Project Management Oversight & System Development Life Cycle (SDLC) Robert Krauss MD Digital Government.
University of Toronto Department of Computer Science © Steve Easterbrook. This presentation is available free for non-commercial use with attribution.
1 Activities covered by project management Feasibility study Is project technically feasible and worthwhile from a business point of view? Planning Only.
1 Thank you for visiting our site and welcome to the “Introduction to ISO 22000” Presentation that you requested. For more information.
Verification and Validation in the Context of Domain-Specific Modelling Janne Merilinna.
The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
Team Skill 6: Building the Right System Assessing Requirements Quality (29)
The Global Cryosphere Watch 1 CRYONET ASIA FIRST WORKSHOP (Beijing, China, 2-5 December 2013) Barry Goodison, Vice-Chair, GCW Steering Group.
SecSDLC Chapter 2.
1 ISO/PC 283/N 197 ISO Current status of development November 2015.
The new ISO / CEN standard on sustainable and traceable cocoa ICCO Workshop on Certification Douala, June 25th 2013 Jack Steijn Chair of CEN TC 415.
What is a software? Computer Software, or just Software, is the collection of computer programs and related data that provide the instructions telling.
Technology Services – National Institute of Standards and Technology Conformity Assessment ANSI-HSSP Workshop Emergency Communications December 2, 2004.
Networks ∙ Services ∙ People Mark Johnston TNC15, Porto Plans in GEANT Innovation on the Production Network 15 th June 2015 Chief Network.
Beyond the BACoE: Developing Business Analysis Maturity.
Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.
 1- Definition  2- Helpdesk  3- Asset management  4- Analytics  5- Tools.
ISO/IEC Software Testing The New International Software Testing Standard By Tafline Murnane and Stuart Reid ISO/IEC JTC1/SC7 WG26 Software Testing.
Kick Off Meeting Largs, Scotland
Dr. Yeffry Handoko Putra, M.T
Welcome to the FSSC Global Markets Webinar 11 September 2017, 4pm CET
ISO/IEC Software Testing
CSCE 548 Secure Software Development Risk-Based Security Testing
Security Testing Methods
ISO Smart and Sustainable Cities developments
Security Issues Formalization
Software Verification and Validation
Chapter 10 Software Quality Assurance& Test Plan Software Testing
Trilateral Research EUROPEAN COMMISSION
ISO/IEC Software Testing
IEEE Std 1074: Standard for Software Lifecycle
System Development Life Cycle (SDLC)
Chapter 6: Design of Expert Systems
Task 1 Activities Achievements Pictures
Food Production Systems
European Innovation Council Pilot (EIC)
FORMAL SYSTEM DEVELOPMENT METHODOLOGIES
BIS 221 MENTOR Lessons in Excellence- -bis221mentor.com.
EU R&D in cybersecurity's certification
Presentation to TRAN Committee
CLINICAL INFORMATION SYSTEM
Verification and Validation Unit Testing
Software Verification, Validation, and Acceptance Testing
ISO Smart and Sustainable Cities developments
MANAGING THE DEVELOPMENT AND PURCHASE OF INFORMATION SYSTEMS
IoT: Privacy and Security
The Contiki Operating System Allan Blanchard, INRIA
Firmware security integrity checking Andrea Battaglia, Aspisec IT
Intelligent Management of Industrial IoT Bill Karakostas, VLTN
IoT Modelling Framework and Papyrus Shuai Li, CEA
Access to data requirementS
Presentation transcript:

CHARIOT-VESSEDIA Workshop 9 May 2019, Dublin, Ireland “THE ROAD AHEAD FOR A COGNITIVE COMPUTING PLATFORM SUPPORTING A UNIFIED APPROACH TOWARDS PRIVACY, SECURITY AND SAFETY (PSS) OF IOT SYSTEMS” ISO Standard 23643 development on verification and validation tools Emmanuel Querrec, TUAS (VESSEDIA) CHARIOT-VESSEDIA Workshop 9 May 2019, Dublin, Ireland CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland

The ISO standard Name of the standard: NP (New work item proposal) WD (Working draft) CD / FCD (Committee / final committee draft) DIS/ FDIS (Draft / final draft international standard) IS Name of the standard: ISO/IEC DIS 23643: Software and systems engineering – Capabilities of security and safety verification tools (SSVT) Objective of the standard: Level up and harmonize knowledge on SSVT and support efforts put in verification against software vulnerability while ensuring traceability of those efforts. Complement ISO/IEC 15408 Security Techniques. CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland

The conformity assessment scheme (CAS) for certification Name of the CAS: Verified in Europe Objective of the CAS: Giving throughout the verification value-chain, and especially to end-market, visibility on software that have put efforts in safety and security verification by pinpointing at effectuated verification tool capabilities (in reference to the ISO newly set taxonomy). CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland

CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland Task 1: participant profile (tick the correct statements, multiple choices allowed) I am : End-user of IoT device(s) for private purpose (smart car, smart TV, remotely connected device, etc…not a smart phone!) End-user/manager of IoT device for professional purpose (used in my company) End-user of software/application installed directly or connected to my IoT device through a network (whether private or professional) Developer of software/application Evaluator of software/application (e.g. security evaluation service) Involved in duties connected to standardization and certification (e.g. work group, certification body or accreditation body) ___________________________________________________________(free choice) CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland

CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland Task 2: software safety and security verification efforts throughout the SDLC (V-model adapted) All participants, for each phase of the SDLC: allocate a representative budget in percentage of total SSSV efforts between the 6 phases; put values so that they add up to 100 in each of the 6 small shapes displayed as: Tool practitioner or acquainted participants: for each phase of the SDLC, name the safety and security verification tool(s) you use or are familiar with, in the shapes displayed as: 1. Requirements definition, global specifications 6. System integration, testing and validation 2. Detailed specifications 5. Unit testing, test cases, integration-testing 3. Refinement/design 4. Code implementation CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland

The VESSEDIA software security verification tool capabilities Software security verification tool capabilities address vulnerabilities throughout the stages of the SDLC to cope with security risks when operating on IoT devices. In VESSEDIA, we introduce the following software security verification tool capabilities: Risk analysis tools Vulnerability analysis tools Security modeling tools Threat modeling tools E.g. Root cause analysis E.g. Penetration testing E.g. Definition of security objectives E.g. STRIDE model CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland 6

TYPE OF IoT DEVICE/EQUIPMENT/APPLICATION Task 3: Security risks Security risks: intentional, unauthorized act(s) designed to cause harm or damage. Which security risks on which IoT devices is your main concern? TYPE OF IoT DEVICE/EQUIPMENT/APPLICATION SECURITY RISK(S) CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland

TYPE OF IoT DEVICE/EQUIPMENT/APPLICATION Task 4: Safety risks Safety risks: “unacceptable risk that might lead to death or serious injury to people, loss or severe damage to property, or severe environmental harm”. Which safety risks on which IoT devices is your main concern? TYPE OF IoT DEVICE/EQUIPMENT/APPLICATION SAFETY RISK(S) CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland

The VESSEDIA software safety verification tool capabilities Software safety verification tool capabilities address vulnerabilities throughout the stages of the SDLC to cope with safety risks when operating on IoT devices. In VESSEDIA, we introduce the following software safety verification tool capabilities: Specification and refinement tools Model-checking tools Program analysis tools Proof tools Monitoring tools Programming rules checkers E.g. Automatic theorem provers E.g. control flow graph E.g. Level 1: Use of compiler diagnostic Level 2: Heuristic static analysis Level 3: Sound static analysis E.g. automatic theorem provers E.g. check specifications at runtime E.g. syntax and semantic rules in programming CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland

CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland Contact If you are interested to receive updates on our standard or in joining the interest group to steer the Verified in Europe CAS, please provide your contact information to the VESSEDIA team: Name: Company: E-mail: Phone: CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland

CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland Contact Details https://www.vessedia.eu/ Emmanuel Querrec emmanuel.querrec@turkuamk.fi The projects CHARIOT & VESSEDIA have received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 780075 & No 731453. CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.