Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

The ETSI TVRA security-measurement methodology by means of TTCN-3 Notation

Presentation held at TTCN-3 User Conference (T3UC), 7-9 June 2011, Bled
: Meer, J. de; Rennoch, A.

Preprint urn:nbn:de:0011-n-1782816 (376 KByte PDF)
MD5 Fingerprint: f100623b8e2f445257e56bbde8f568d0
Erstellt am: 8.9.2011

2011, 12 S.
TTCN-3 User Conference (T3UC) <10, 2011, Bled>
Vortrag, Elektronische Publikation
Fraunhofer FOKUS ()
security; testing; TVRA; TTCN-3

ETSI has provided a practical Evaluation Methodology, called the TVRA Methodology, with respect to three kinds of system: Threats, Vulnerabilities and Risks (TVR) of a system to be analyzed (thus being identified) by executing seven (basic version 2009) respectively 10 steps (advanced version 2010) according to recent ETSI TS 102 165-1 V4.2.x (2010) TISPAN specification. ETSI's Evaluation Philosophy behind the TVR-Analysis Methodology is that any security-sensitive system or module must be evaluated and tested against the security perimeter by which a module fortifies her assets. An example of fortification is the so-called Cryptographic Module according the specification of the NIST standard FIPS PUB 140-2. By this contribution we demonstrate ETSI's TVRA security evaluation approach by applying model-based testing techniques and, where appropriate - implementations by applying TTCN-3 notation to systems being subject of vulnerabilities and threats in a hostile environment.