ETSI TC MTS, SECURITY SIG IN MTS (METHODS FOR TESTING AND SPECIFICATION) Jürgen Großmann, Fraunhofer FOKUS

Transcription

1 ETSI TC MTS, SECURITY SIG IN MTS (METHODS FOR TESTING AND SPECIFICATION) Jürgen Großmann, Fraunhofer FOKUS

2 MTS SECURITY SIG Security testing at a glance Assemble security testing experiences from multiple domains Integrate recent research results from relevant research projects Preparatory work for European standards in security testing Sustainable provision of advanced security test technologies to European industry Main topics: Advanced model-based security testing methods Risk-based security testing methods Security assurance life cycle 2

3 MTS SECURITY SIG Work Items Case Studies:To assemble case study experiencesrelated to security testing in order to have a common understanding in MTS and related committees. Industrial experiences may cover but are not restricted to the following domains: Smart Cards, Industrial Automation, Radio Protocols, Transport/Automotive, Telecommunication Security Assurance Life Cycle: Guidance to the application system designers in such a way to maximise both security assurance and the verification and validation of the capabilities offered by the systems's security measures. EG Security Assurance Lifecycle TR Terminology TR Case Studies Terminology:To collect the basic terminology and ontology (relationship between stake holder and application) to be used for security testingin order to have a common understanding in MTS and related committees. EG Risk-based Security Testing Risk-based Security Testing: To collect the basic terminology and ontology (relationship between stake holder and application) to be used for security testing in order to have a common understanding in MTS and related committees.

4 TR : SECURITY TESTING CASE STUDIES Risk-based security testing Different domains Different vulnerabilities Different approaches Common evaluation Automotive (head unit) Radio protocols (ad-hoc networks) E-health (patient monitoring) Banking (banknote processing, share-based payment) ITEA DIAMONDS: Development and Industrial Application of Multi-Domain-Security Testing Technologies SPaCIoS: Secure Provision and Consumption in the Internet of Services 4

5 TR : SECURITY TESTING CASE STUDIES EXAMPLE: Risk-based security testing CORAS Risk Analysis Behavioural Fuzzing Data Fuzzing with TTCN-3 Risk Analysis Security Test Test Code Test Pattern Generation (CORAS) Generation Identification (TTCN-3) Test Execution Pattern name Context Problem/Goal Solution Usage of Unusual Behavior Sequences Test pattern kind: Behavior Testing Approach(es): Prevention Security of information systems is ensured in many cases by a strict and clear definition of what constitutes valid behavior sequences from the security perspective on those systems. For example Test procedure template: Known uses Model-based behavioural fuzzing of sequence diagrams is an application of this pattern Security Test Pattern Catalogue

6 EG : Risk-based Security Testing Test-based risk assessment Risk Assessment Step1: Establish Objective and Context Step3: Risk Identification Step4: Risk Estimation Step5: Risk Evaluation Step7: Risk Validation and Treatment Step2: Testing Process Step6: Testing Process Step 1: Establish Objective and Context Step 2: Testing Process: using testing for identifying/discovering threat test scenarios or areas or vulnerabilities where the risk assessment should be focused. Step 3: Risk Identification Step 4: Risk Estimation Step 5: Risk Evaluation Step 6: Testing Process: using testing to validate the correctness of the risk model. Step 7: Risk Validation and Treatment 6

7 EG : Risk-based Security Testing Risk-based testing Testing Process Step1: Test Planning Step3: Test Design & Implementation Step4: Test Environment Setup & Maintenance Step6: Test Execution Step2: Risk assessment Step5: Risk assessment Step 1: Test Planning Step 2: Risk Assessment: using risk assessment to identify and prioritize test procedures that will be used as a starting point for test design. Step 3: Test Design and Implementation Step 4: Test Environment Set-up and Maintenance Step 5: Risk Assessment: using risk assessment to prioritize the test cases which should be executed. Step 6: Test Execution Step7: Test Incident Reporting 7

8 EG : Security Assurance Lifecycle 8

9 TR : SECURITY TESTING TERMINOLOGY To collect the basic terminology and ontology (relationship between stake holder and application) to be used for security testing in order to have a common understanding in MTS and related committees. Introduction to security testing Penetration testing Verification of security functions Resilience and robustness testing Risk-based security testing

10 Summary & Outlook Document timeline: TR (Case Studies) approved in 2014 Terminology to be approved in 2014 EG (Security Assurance Lifecycle) and EG (Risk-based Security Testing) to be approved in 2015 ETSI ISI/MTS liaisons to ISO/IEC JTC1 SC27 WG4/WG3 have been confirmed by the SC27, Oct. 28, 2013, Songdo Korea: Liaison Officer nominated by JTC1 SC27: Jan demeer (DIN NIA27) SC27 IT ST PoW: Economics of Information Security and Privacy Security Evaluation, Testing, Processes, Methods and Specification Certification and Auditing Requirements and Methods SC27 WG3: IT ST Security Evaluation Criteria, Convenor M. Banon SC27 WG4: IT ST Security Controls and Services, Convenor J. Amsenga 10