1 / 10

Security SIG in MTS

Security SIG in MTS. Fraunhofer FOKUS Tallinn, 4-5 October 2011 Berlin, 15 December 2011 update Sphia Antipolis 13 March 2012. Agenda SIG#2. Round Call Presentation Collection Introductory Presentation Motivation & „ History “ (SIG#1) Presentation of new c ontribution s

sahkyo
Télécharger la présentation

Security SIG in MTS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security SIG in MTS Fraunhofer FOKUS Tallinn, 4-5 October 2011 Berlin, 15 December 2011 update Sphia Antipolis 13 March 2012

  2. Agenda SIG#2 • Round Call • PresentationCollection • IntroductoryPresentation • Motivation & „History“ (SIG#1) • Presentationofnewcontributions • Next steps, perspectives: • SIG#3, Security workshop Security SIG in MTS, 15 December 2011

  3. Recall of SIG#1 meeting Discussionandoutcome • Short introductionby Fokus (historystarts 10/2011) • Discussion on thesecurityscope in MTS • Presentationby Scott regardingneedforsecurityevaluation • Presentationby Ian regarding „securitytesting“ lifecycle (fromrequirementstomaintenance) • Discussion on NWI „wording“ • Appointmentofrapporteurs: Ari T. and Scott C.

  4. Recall: Security „scope“ in MTS • Model / Specification, system risks • Risk Analysis (paper-based) • guidance • “Testing” (to break the system) • Scanning (libs) “known attacks” • Functional / traditional testing • Neg. testing, unknown vul., config mistakes • fuzzing -> product (units,…) • (light) penetration -> system (=deployed product)

  5. Recall: Security Work Items • Terminology: To collect the basic terminology and ontology (relationship between stake holder and application) to be used for security testing in order to have a common understanding in MTS and related committees. • “Educational” material • Case study experiences To assemble case study experiences related to security testing in order to have a common understanding in MTS and related committees. Industrial experiences may cover but are not restricted to the following domains: Smart Cards, Industrial Automation, Radio Protocols, Transport/Automotive, Telecommunication. • Security design guide enabling test and assurance (V&V) Guidance to the application system designers that enable verification and validation across the lifecycle, including case studies from telecommunication and ICT.

  6. Discussion • Scott introduces Working documentincluding Operational phase (available on server) • Alain presentsnewviews/modelstobeused in theguidelineby Scott (available on server) • Ari presentsthe different areasofthecollaborationplatform (seenextslide) Security SIG in MTS, 4-5 October 2011

  7. Wiki initiatedbyCodenomicon Security Testing Terminology and Concepts • Abstract • Introduction • Risk Assessment • Functional Testing • Penetration Testing • Vulnerability Testing • Performance Testing • Fuzzing Security SIG in MTS, 4-5 October 2011

  8. Discussion (cont.) • Invitepeoplefromother ETSI TC‘s: AP: Scott inviteOCG_security • Wiki textshould not onlybe a listofwords, but withtextandtutorialcharacter • Invite CTI to check Contents • Steve: theintroductionpartshouldfocus/promote newtestingareas Security SIG in MTS, 4-5 October 2011

  9. Discussion (cont.) • Steve: opportunityfor ETSI Security workshop • MTS tochair a securitytestingsession • Start to plan topics, areasofinterests • CfPexpected in September • Discussion on thelifecycle: no normative agreement on penetrationtestingavailable, Ian providesnewlifecyclediagram Security SIG in MTS, 4-5 October 2011

  10. Discussion (cont.) • continuerapporteur‘sworktowards SIG#3 • SIG#3: 15th May morning, before MTS#56 • SIG#4 tobedecidedduring SIG#3 Security SIG in MTS, 4-5 October 2011

More Related