1 / 9

The DIAMONDS Security Information Model

The DIAMONDS Security Information Model. A. Vouffo (Fraunhofer FOKUS). Introduction. ETSI TVRA [ TS 102 165- 1 V4.2.3 (2011 - 03 )] provides an information model for security

aysha
Télécharger la présentation

The DIAMONDS Security Information Model

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The DIAMONDS Security Information Model A. Vouffo (Fraunhofer FOKUS)

  2. Introduction • ETSI TVRA [TS 102 165- 1 V4.2.3 (2011 - 03)]provides an informationmodelforsecurity • SINTEF reuseselementsofthe ETSI TVRA informationmodel in its CORAS metamodelandextendsitwithriskmodellingconcepts • Common Criteriacombineselementsof ETSI TVRA andintroducestestingconcepts. • Howevertestingis not specificallyaddressedbyanyofthosemodels • The DIAMONDS projectisworking on Model-based Security Testing • Model-basedsecurity design • Model-basedtesting • An informationmodelcombining model-basedtestingand model-basedsecurity design canbecommongroundfor model-basedsecuritytesting

  3. Goals • Toclarifyterminologyanddefineconcepts • Toputconceptsfromthe different aspectsofsecurity (System design, security design, riskanalysisandtesting) in relationshiptoeachother. • Toprovide a commonconceptspacefortoolstargetting different aspectsofthemethod.

  4. Generic Security TRVA Model

  5. Overviewofthe DIAMONDS Information Model

  6. DIAMONDS Information Model: Common Criteria

  7. DIAMONDS Information Model:

  8. DIAMONDS Information Model: Test Patterns

  9. Summary and Outlook • The DIAMONDS informationmodelreusesconceptsalreadydefinedby TVRA, SINTEF and Common Criteria • Focus is on testingconceptsandrelationshipwithothersecurityconcepts • The model will provide a commonbaseforthe DIAMONDS project‘ssecuritytestingintegrationplatform • The modelis not completelydefinedyet • Testinginformationmodelisready • Security informationmodelisready • Genericsystem design informationmodelisready • Linking ofconceptswitheachotherhasbeenstarted, but yettobecompleted

More Related