Download presentation
Presentation is loading. Please wait.
1
CHARIOT-VESSEDIA Workshop 9 May 2019, Dublin, Ireland
“THE ROAD AHEAD FOR A COGNITIVE COMPUTING PLATFORM SUPPORTING A UNIFIED APPROACH TOWARDS PRIVACY, SECURITY AND SAFETY (PSS) OF IOT SYSTEMS” ISO Standard development on verification and validation tools Emmanuel Querrec, TUAS (VESSEDIA) CHARIOT-VESSEDIA Workshop 9 May 2019, Dublin, Ireland CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
2
The ISO standard Name of the standard:
NP (New work item proposal) WD (Working draft) CD / FCD (Committee / final committee draft) DIS/ FDIS (Draft / final draft international standard) IS Name of the standard: ISO/IEC DIS 23643: Software and systems engineering – Capabilities of security and safety verification tools (SSVT) Objective of the standard: Level up and harmonize knowledge on SSVT and support efforts put in verification against software vulnerability while ensuring traceability of those efforts. Complement ISO/IEC Security Techniques. CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
3
The conformity assessment scheme (CAS) for certification
Name of the CAS: Verified in Europe Objective of the CAS: Giving throughout the verification value-chain, and especially to end-market, visibility on software that have put efforts in safety and security verification by pinpointing at effectuated verification tool capabilities (in reference to the ISO newly set taxonomy). CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
4
CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
Task 1: participant profile (tick the correct statements, multiple choices allowed) I am : End-user of IoT device(s) for private purpose (smart car, smart TV, remotely connected device, etc…not a smart phone!) End-user/manager of IoT device for professional purpose (used in my company) End-user of software/application installed directly or connected to my IoT device through a network (whether private or professional) Developer of software/application Evaluator of software/application (e.g. security evaluation service) Involved in duties connected to standardization and certification (e.g. work group, certification body or accreditation body) ___________________________________________________________(free choice) CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
5
CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
Task 2: software safety and security verification efforts throughout the SDLC (V-model adapted) All participants, for each phase of the SDLC: allocate a representative budget in percentage of total SSSV efforts between the 6 phases; put values so that they add up to 100 in each of the 6 small shapes displayed as: Tool practitioner or acquainted participants: for each phase of the SDLC, name the safety and security verification tool(s) you use or are familiar with, in the shapes displayed as: 1. Requirements definition, global specifications 6. System integration, testing and validation 2. Detailed specifications 5. Unit testing, test cases, integration-testing 3. Refinement/design 4. Code implementation CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
6
The VESSEDIA software security verification tool capabilities
Software security verification tool capabilities address vulnerabilities throughout the stages of the SDLC to cope with security risks when operating on IoT devices. In VESSEDIA, we introduce the following software security verification tool capabilities: Risk analysis tools Vulnerability analysis tools Security modeling tools Threat modeling tools E.g. Root cause analysis E.g. Penetration testing E.g. Definition of security objectives E.g. STRIDE model CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland 6
7
TYPE OF IoT DEVICE/EQUIPMENT/APPLICATION
Task 3: Security risks Security risks: intentional, unauthorized act(s) designed to cause harm or damage. Which security risks on which IoT devices is your main concern? TYPE OF IoT DEVICE/EQUIPMENT/APPLICATION SECURITY RISK(S) CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
8
TYPE OF IoT DEVICE/EQUIPMENT/APPLICATION
Task 4: Safety risks Safety risks: “unacceptable risk that might lead to death or serious injury to people, loss or severe damage to property, or severe environmental harm”. Which safety risks on which IoT devices is your main concern? TYPE OF IoT DEVICE/EQUIPMENT/APPLICATION SAFETY RISK(S) CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
9
The VESSEDIA software safety verification tool capabilities
Software safety verification tool capabilities address vulnerabilities throughout the stages of the SDLC to cope with safety risks when operating on IoT devices. In VESSEDIA, we introduce the following software safety verification tool capabilities: Specification and refinement tools Model-checking tools Program analysis tools Proof tools Monitoring tools Programming rules checkers E.g. Automatic theorem provers E.g. control flow graph E.g. Level 1: Use of compiler diagnostic Level 2: Heuristic static analysis Level 3: Sound static analysis E.g. automatic theorem provers E.g. check specifications at runtime E.g. syntax and semantic rules in programming CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
10
CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
Contact If you are interested to receive updates on our standard or in joining the interest group to steer the Verified in Europe CAS, please provide your contact information to the VESSEDIA team: Name: Company: Phone: CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
11
CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
Contact Details Emmanuel Querrec The projects CHARIOT & VESSEDIA have received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No & No CHARIOT – VESSEDIA Workshop, 9 May 2019, Dublin, Ireland
Similar presentations
