Initial methodologies for model-based security testing and risk-based security testing

This document constitutes the second deliverable for task 4.2 and task 4.3 of work package 4 on risk- and model-based security testing methodologies. While the other work packages of the DIAMONDS project describe techniques/methods and tools, work package 4 describes processes/guidelines for applying these tool and techniques in practice. This deliverable has four sections. First, in Section 1, we describe a conceptual framework defining the main concepts related to model-based security testing risk-based testing and their relationships. The conceptual framework serves a basis for defining methodologies for risk- and model-based security testing. In Section 2, we present an initial process for test-driven security risk assessment which was used in a DIAMONDS case study. This process has b een evaluated, and the results of the evaluation are presented in Section 3. Finally, Section 4 presents a method to increase the efficiency of the risk analysis process in the setting of model-based risk assessment.