1 / 9

Integrating Security and Testing in the DIAMONDS Information Model

The DIAMONDS Information Model, developed by Vouffo at Fraunhofer FOKUS, enhances security testing by integrating concepts from the ETSI TVRA model and SINTEF's CORAS metamodel with an emphasis on risk modeling. This innovative framework seeks to clarify terminology and relationships among critical aspects of security, including system and security design, risk analysis, and testing. By providing a common foundation for model-based security testing, the DIAMONDS project lays the groundwork for future integration of security concepts and testing methodologies, fostering a holistic approach to security.

aysha
Télécharger la présentation

Integrating Security and Testing in the DIAMONDS Information Model

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The DIAMONDS Security Information Model A. Vouffo (Fraunhofer FOKUS)

  2. Introduction • ETSI TVRA [TS 102 165- 1 V4.2.3 (2011 - 03)]provides an informationmodelforsecurity • SINTEF reuseselementsofthe ETSI TVRA informationmodel in its CORAS metamodelandextendsitwithriskmodellingconcepts • Common Criteriacombineselementsof ETSI TVRA andintroducestestingconcepts. • Howevertestingis not specificallyaddressedbyanyofthosemodels • The DIAMONDS projectisworking on Model-based Security Testing • Model-basedsecurity design • Model-basedtesting • An informationmodelcombining model-basedtestingand model-basedsecurity design canbecommongroundfor model-basedsecuritytesting

  3. Goals • Toclarifyterminologyanddefineconcepts • Toputconceptsfromthe different aspectsofsecurity (System design, security design, riskanalysisandtesting) in relationshiptoeachother. • Toprovide a commonconceptspacefortoolstargetting different aspectsofthemethod.

  4. Generic Security TRVA Model

  5. Overviewofthe DIAMONDS Information Model

  6. DIAMONDS Information Model: Common Criteria

  7. DIAMONDS Information Model:

  8. DIAMONDS Information Model: Test Patterns

  9. Summary and Outlook • The DIAMONDS informationmodelreusesconceptsalreadydefinedby TVRA, SINTEF and Common Criteria • Focus is on testingconceptsandrelationshipwithothersecurityconcepts • The model will provide a commonbaseforthe DIAMONDS project‘ssecuritytestingintegrationplatform • The modelis not completelydefinedyet • Testinginformationmodelisready • Security informationmodelisready • Genericsystem design informationmodelisready • Linking ofconceptswitheachotherhasbeenstarted, but yettobecompleted

More Related