Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Security testing approaches in industry and standardization

: Schieferdecker, I.; Rennoch, A.; Großmann, J.

23rd International Conference on Software & Systems Engineering and their Applications, ICSSEA 2011 : Paris, Nov 29 - Dec 1, 2011
Paris, 2011
8 pp.
International Conference on Software & Systems Engineering and their Applications (ICSSEA) <23, 2011, Paris>
Conference Paper
Fraunhofer FOKUS ()
security; testing; risk-based; common criteria; TVRA; fuzzing

Security and model-based testing are no new topics but still under development and of high interest. In particular, their combination is still a challenge for academic work and industrial applications. Systematic and automated security testing include e.g. security functional testing, Model-based fuzzing, Risk-oriented testing and the usage of security test pattern. National and international standardization committees provide significant efforts by their working groups in the context of security testing. They cover fundamental frameworks but also detailed test specifications for concrete technologies. The range of activities is very large and includes classical concepts from security evaluation using common criteria (CCRA) but also European activities from ETSI addressing TVRA. The cont ribution gives an overview about important standardization taxonomies and activities as well as sample innovative industrial case studies, including tools and techniques that have been selected in the European ITEA project DIAMONDS.