60 likes | 65 Views
This progress report outlines case studies and methodologies related to security testing in various domains, providing guidance and terminology for the MTS and related committees.
E N D
Security SIG in MTS27th January 2016Progress Report Fraunhofer FOKUS
MTS SECURITY SIG Work Items Case Studies:To assemble case study experiencesrelated to security testing in order to have a common understanding in MTS and related committees. Industrial experiences may cover but are not restricted to the following domains: Smart Cards, Industrial Automation, Radio Protocols, Transport/Automotive, Telecommunication • Terminology: To collect the basic terminology and ontology (relationship between stake holder and application) to be used for security testingin order to have a common understanding in MTS and related committees. Published Security Assurance Life Cycle: Guidance to the application system designers in such a way to maximise both security assurance and the verification and validation of the capabilities offered by the system's security measures. Risk-based Security Testing: Describes a set of methodologies that combine risk assessment and testing. The methodologies are based on standards like ISO 31000 and IEEE 829/29119 Published Draft Published TC MTS – Security SIG – Update 2016-01-27
EG 203 250: Security Assurance Lifecycle • Document Reference • DEG 203 250 • Document Title • Methods for Testing and Specification (MTS); • Security Assurance Activities in the System Lifecycle • Document Purpose The present document gives guidance to the product and/or system development and deployment communities as to activities required to achieve appropriate security assurance. It provides an high level guidance as to how security assurance fits into a system lifecycle in such a way as to maximise the overall product and/or system’s security. • Document Status Draft v0.0.14 (2015-12) TC MTS – Security SIG – Update 2016-01-27
EG 203 250: Security Assurance Lifecycle-- Progress • Document Progress • Design section of Life Cycle drafted • TVRA parts reduced • Aligned with TR 101583 • Restructuring of document after review • Introduced “Demonstration of Fulfillment” for each Sections 6-9 • Alignment of diagrams • Processing of comments from Jürgen/Milan • Next steps/open issues • Amplifying guidance in Security Activities section for each of the workstreams • Introducing the SFDs for each of the workstreams • Final shouldification and simplification of language • TB approval planned for May 2016 TC MTS – Security SIG – Update 2016-01-27
Group status/members • Ari has left Codenmicon and has canceled his activities in ETSI MTS Security SIG (he might come back in future) • Current active Security SIG members: Jürgen and Ian • Either stop/suspend Security SIG (after publication of EG 203250) or find a way to attract people to join TC MTS – Security SIG – Update 2016-01-27
Outlook Future topics/issues/cooperation: Automated security testing: See proposal Study Period Report – Automation of Security Testing (Doc#21) • Document timeline: • TR 101 582 (Case Studies) has been approved in May 2014 • TR 101 583 Terminology has been approved in January 2015 • DEG 203 251 (Security Risk Assessment and Testing) has been approved in October 2015 • DEG 203 250 (Security Assurance Lifecycle) to be approved in May 2016 TC MTS – Security SIG – Update 2016-01-27