1 / 10

Security in MTS 14th May2013 SIG Report

Security in MTS 14th May2013 SIG Report. Fraunhofer FOKUS. Agenda ( 14.5.). 4 Participants : I. Bryant, A. Takanen, P . Schmitting , A . Rennoch, ( supported by E . Chaulot-Talmon ) ISO SC27 & ETSI Security workshop presentation 26th April Idea : MTS & SC27/WG3 Liaison

aure
Télécharger la présentation

Security in MTS 14th May2013 SIG Report

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in MTS14th May2013SIG Report Fraunhofer FOKUS

  2. Agenda (14.5.) • 4Participants: I. Bryant, A. Takanen, P. Schmitting, A. Rennoch, (supportedbyE. Chaulot-Talmon) • ISO SC27 & ETSI Security workshoppresentation 26th April • Idea: MTS & SC27/WG3 Liaison • TODO: send request (withcurrentworkingdocuments) • Discussionofdraftdocument

  3. SC27 WG3 liaison (tobedecided) • ISO/IEC 24759 Test requirements for cryptographic modules • ISO/IEC 30127: Detailing software penetration testing under ISO/IEC 15408 and ISO/IEC 18045 vulnerability analysis • ISO/IEC TR 20004 RefiningsoftwarevulnerabilityanalysisunderISO/IEC 15408 andISO/IEC 18045 • for ETSI 101583 (Terminology) • forETSI 201581 (Security guidelines) • WG3 isinterested in ETSI 101582 (casestudies)

  4. SC27 WG4 liaison (tobedecided) • ISO/IEC 27034-4Applicationsecurityvalidation • for ETSI 201581 (Security guidelines)

  5. WI statusandschedules • Terminology and Concepts (Ari): 3rd draft (word document) considered comments and updates -> needtobereviewed (CTI or E2NA) • Case studies (Ari/Jürgen): Plan: early draft with two case studies (Diamonds) 2-3 more case studies expected September (from Diamonds and Spacios)

  6. WI statusandschedules • Design guide V&V(Scott/Ian): -> new draft available with new input from Ian and Scott (still early draft) Plan: stable draft and review in September. • Security Testing Methodology (Scott): Plan: results to be integrated in V&V

  7. „Terminology“ (3rd draft) 3 Definitions, symbols and abbreviations 4 Introduction to security testing 4.1 Types of security testing 4.2 Penetration testing tools 4.3 Test verdicts in security testing 5Security test requirements 6Functional security testing 7Performance testing for security 8Fuzz testing 9 Security Testing activities mapped to SDLC

  8. „Case studies“ (1st draft) • Project case studies from: • DIAMONDS project • G&D Banking (available) • Accurate (available) • Radio • Automotive • More? • SPACIOS project • tbd

  9. „Case studies“ (1st draft) • For each of the case studies a similar structure of the description is planned. It will consist of the following parts: • Characteriazation • Background (challenges) • System under Test • Risk Analysis • Security Testing Approaches • Applied approaches • Comparison with SoA tools/techniques • Results so far • Expectations • Test Results • Exploitation (value of techniques)

  10. Next steps • Jürgen/Peter: complete Diamonds casestudyinput • Ari/Peter: Invite E2NA and CTI toreviewTerminology & Concepts(after stabledraft) ??? • Ian/Scott: providestabledraftfor September • MTS: request formal liaisonwithISO SC27/WG3&4 • Next SIG meetings • Discussionofcurrentdrafts in MTS#59 • NoSIG meetingplanned(onlyifnewdraftsavailable)

More Related