Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Enhancing security testing via automated replication of IT-asset topologies

 
: Birkholz, H.; Sieverdingbeck, I.; Kuntze, N.; Rudolph, C.

:

IEEE Computer Society:
International Conference on Availability, Reliability and Security, ARES 2013. Proceedings : 2-6 September 2013, Universität Regensburg, Germany, including workshops
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2013
ISBN: 978-0-7695-5008-4
ISBN: 978-1-4799-1097-7
S.341-349
International Conference on Availability, Reliability and Security (ARES) <8, 2013, Regensburg>
Englisch
Konferenzbeitrag
Fraunhofer SIT ()

Abstract
Security testing of IT-infrastructure in a production environment can have a negative impact on business processes supported by IT-assets. A test bed can be used to provide an alternate testing environment in order to mitigate this impact. Unfortunately, for small and medium enterprises, maintaining a physical test bed and its consistency with the production environment is a cost-intensive task. In this paper, we present the Infrastructure Replication Process (IRP) and a corresponding Topology Editor, to provide a cost-efficient method that makes security testing in small and medium enterprises more feasible. We utilize a virtual environment as a test bed and provide a structured approach that takes into account the differences between a physical and a virtual environment. Open standards, such as SCAP, OVAL or XCCDF, and the utilization the Interconnected-asset Ontology-IO-support the integration of the IRP into existing (automated) processes. We use the implementation of a prototype to present a proof-of-concept that shows how typical challenges regarding security testing can be successfully mitigated via the IRP.

: http://publica.fraunhofer.de/dokumente/N-300513.html