Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sophia Antipolis, 25 January 2012

Published byAdolph Bretz Modified over 6 years ago

Similar presentations

Presentation on theme: "Sophia Antipolis, 25 January 2012"— Presentation transcript:

1 Sophia Antipolis, 25 January 2012
Security SIG in MTS Fraunhofer FOKUS Sophia Antipolis, 25 January 2012

2 Overview SIG#1 meeting report Status and next steps New contributions
Presentation by Ari (terminology) Contribution by Ian (lifecycle) TVRA presentation by Jan, Siv, Scott

3 SIG#1 meeting Participants from ten companies
Bryant, Ian National Policing Improvement Agency Cadzow, Scott Cadzow Communications Consulting Ltd. Grossmann, Juergen FhG FOKUS Jakob, Felix Dornier Consulting Engineering & Services GmbH Mallouli, Wissam Montimage Pietsch, Stephan Testing Technologies IST GmbH Rennoch, Axel FhG FOKUS Schieferdecker, Ina FhG FOKUS Schmitting, Peter FSCOM SARL Schulz, Stephan Conformiq Software Ltd. Stanca-Kaposta, Bogdan Testing Technologies IST GmbH Takanen, Ari Codenomicon Oy Vouffo Feudjio, Alain FhG FOKUS Weiser, Christian University of Oulu

4 Discussion and outcome
SIG#1 meeting Discussion and outcome Short introduction by Fokus (cp. Tallinn slides) Discussion on the security scope in MTS Presentation by Scott regarding need for security evaluation Presentation by Ian regarding „security testing“ lifecycle (from requirements to maintenance) Discussion on NWI „wording“ Appointment of rapporteurs: Ari T. and Scott C.

5 Security „scope“ in MTS
Model / Specification, system risks Risk Analysis (paper-based) guidance “Testing” (to break the system) Scanning (libs) “known attacks” Functional / traditional testing Neg. testing, unknown vul., config mistakes fuzzing -> product (units,…) (light) penetration -> system (=deployed product)

6 New Work Items Terminology: “Educational” material
To collect the basic terminology and ontology (relationship between stake holder and application) to be used for security testing in order to have a common understanding in MTS and related committees. “Educational” material Case study experiences To assemble case study experiences related to security testing in order to have a common understanding in MTS and related committees. Industrial experiences may cover but are not restricted to the following domains: Smart Cards, Industrial Automation, Radio Protocols, Transport/Automotive, Telecommunication. Security design guide enabling test and assurance (V&V) Guidance to the application system designers that enable verification and validation across the lifecycle, including case studies from telecommunication and ICT.

7 Glossary sources Common Criteria for Information Technology Security Evaluation (CC) is the driving force for the widest available mutual recognition of secure IT products. This web portal is available to support the information on the status of the CCRA, the CC and the certification schemes, licensed laboratories, certified products and related information, news and events. ISO series of standards have been specifically reserved by ISO for information security matters. This of course, aligns with a number of other topics, including ISO 9000 (quality management) and ISO (environmental management). rfc2828 abbreviations, explanations, and recommendations for use of information system security terminology. OUSPG's Glossary of Vulnerability Testing Terminology ISTQB Glossray of Testing Terms Standard glossary of terms used in Software Testing, Version 2.1 (dd. April 1st, 2010), Produced by the ‘Glossary Working Party’ International Software Testing Qualifications Board. Homepage:   MBT Notations ETSI ES V1.1.1 ( ) - MTS; MBT Requirements for Modelling Notations ETSI TR V1.2.1 ( ) – MTS; Model-based testing in standardisation Security Information Event Management (ISG ISI) Security SIG in MTS, 4-5 October 2011

8 Meeting discussion Discussion on NWI#3 Discussion on NWI#1:
Lifecycle by Ian become part of the introduction Work should be aligned with TISPAN Discussion on NWI#1: Ari presents security testing and fuzz testing terminology Separated bundling of terms (intro, list, discussion) Online monitoring may be own bundle Biggest need identified regarding Fuzzing terms No re-definition but coverage and references Not too much methodology (like fuzzing) Proposal to use a collaborative tool, but end up with word-document Security SIG in MTS, 4-5 October 2011

9 Terminology: initial collection, see contribution by Ari
Status and next steps NWIs progress Terminology: initial collection, see contribution by Ari Case studies: starting later Validation: see contribution by Jan, Scott, Siv SIG#2 meeting: next date tbc with Ari and Scott Proposal: to organize a security testing session (three 20min presentations) for next ETSI security workshop 2013

Download ppt "Sophia Antipolis, 25 January 2012"

Similar presentations

Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI 2010. All rights reserved.

Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI All rights reserved.
SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.

SECURITY SIG IN MTS 28 TH JANUARY 2015 PROGRESS REPORT Fraunhofer FOKUS.
Assurance Continuity: What and How? Nithya Rachamadugu September 25, 2007.

Assurance Continuity: What and How? Nithya Rachamadugu September 25, 2007.
Best Practices Working Group June 19-21, 2001 Munich, Germany.

Best Practices Working Group June 19-21, 2001 Munich, Germany.
Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.

Standards Certification Education & Training Publishing Conferences & Exhibits 1Copyright © 2006 ISA ISA-SP99: Security for Industrial Automation and Control.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.

1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Jeju, 13 – 16 May 2013Standards for Shared ICT TIA TR-50 M2M-Smart Device Communications Dr. Jeffery Smith Chief Innovation and Technology Officer/EVP.

Jeju, 13 – 16 May 2013Standards for Shared ICT TIA TR-50 M2M-Smart Device Communications Dr. Jeffery Smith Chief Innovation and Technology Officer/EVP.
Geneva, October 9, 2012 GSC16bis-IPR-09 TTC Activities on IPR in Standards October 9, 2012 Yukio Hiramatsu Chairman, TTC IPR Committee Document No: GSC16bis-IPR-09.

Geneva, October 9, 2012 GSC16bis-IPR-09 TTC Activities on IPR in Standards October 9, 2012 Yukio Hiramatsu Chairman, TTC IPR Committee Document No: GSC16bis-IPR-09.
Representing nursing in SNOMED CT Proposal for TR or Guideline.

Representing nursing in SNOMED CT Proposal for TR or Guideline.
9 th International Common Criteria Conference Report to IEEE P2600 WG Brian Smithson Ricoh Americas Corporation 10/24/2008.

9 th International Common Criteria Conference Report to IEEE P2600 WG Brian Smithson Ricoh Americas Corporation 10/24/2008.
SECURITY SIG IN MTS Fraunhofer FOKUS Tallinn, 4-5 October 2011 Berlin, 15 December 2011 update.

SECURITY SIG IN MTS Fraunhofer FOKUS Tallinn, 4-5 October 2011 Berlin, 15 December 2011 update.
SECURITY SIG IN MTS 02 ND OCTOBER 2013 PROGRESS REPORT Fraunhofer FOKUS.

SECURITY SIG IN MTS 02 ND OCTOBER 2013 PROGRESS REPORT Fraunhofer FOKUS.
World Class Standards 44TD21 The ETSI Standards Engineering Process STF308 DTR/MTS Steve Randall STF308 © ETSI All rights reserved MTS#44 March.

World Class Standards 44TD21 The ETSI Standards Engineering Process STF308 DTR/MTS Steve Randall STF308 © ETSI All rights reserved MTS#44 March.
Jeju, 13 – 16 May 2013Standards for Shared ICT ETSI Conformance and Interoperability Testing Jørgen Friis ETSI Chief Services Officer (CSO) Document No:

Jeju, 13 – 16 May 2013Standards for Shared ICT ETSI Conformance and Interoperability Testing Jørgen Friis ETSI Chief Services Officer (CSO) Document No:
SAE Cybersecurity Standards Activity

SAE Cybersecurity Standards Activity
SQA project process standards IEEE software engineering standards

SQA project process standards IEEE software engineering standards
Jürgen Großmann, Fraunhofer FOKUS

Jürgen Großmann, Fraunhofer FOKUS
JU September Stakeholder Engagement Conference Webinar #1

JU September Stakeholder Engagement Conference Webinar #1
Security SIG#6‘ in MTS 26th November 2012 Agenda & report

Security SIG#6‘ in MTS 26th November 2012 Agenda & report
Outcome TFCS-05 // May OICA, Paris

Outcome TFCS-05 // May OICA, Paris

Similar presentations

Ads by Google