SECURITY SIG IN MTS01STOCTOBER 2013

DRAFT AGENDA

Fraunhofer FOKUS

Agenda SIG#7

Currently registered participants: J. Großmann, G. Rethy, A. Takanen, D. Hogrefe, A,. Wiles

1) Review/discussion APs and WI status2) Security Testing Terminology and Concepts3) Case Study Experiences4) Security Testing Methodologies5) Next steps

2

APs (from SIG#7)

Jürgen/Peter: complete Diamonds case study inputAri/Peter: Invite E2NA and CTI to review Terminology & Concepts (after stable draft) Ian/Scott: provide stable draft for September MTS: request formal liaison with ISO SC27/WG3&4

3

Review of „Terminology“

MTS members have been requested and encouraged again to provide to Ari comments on the draft.• Comments are available from Milan Zoric• Alignment between MTS-101582 SecTestCasev003 and

MTS-101583_final_draft

4

Cases Studies

Stable draft with 6 cases studies• 4 case studies from DIAMONDS (banknote, processing,

banking, automotive, radio protocols)• 2 case studies from SPACIOS (eHealth, document server)

Common structure • Case study characterization• Security testing approaches• Results• Summary

Security SIG in MTS, 4-5 October 20115

Security Testing Methodology

Draft with lots of notes, needs to be compiled in a draft document.Support offer from Ari and Jürgen (RASEN project)Open issues from last meeting:• Progress has been made, changes integrated, but still an early draft.• A work plan has been established, and Ian will contribute, discussion

took place with regard to the little progress done in the past year.• Request from Dieter: Harmonization is needed in the deliverable. A

work plan has been established.

Security SIG in MTS, 4-5 October 20116

Discussion

Status of Wis• Terminology (Ari)• Case studies (Jürgen)• Design guide (V&V) in progress (Scott)

• Contribution from Ian, Jan and others welcome

• „Security testing methodology“ (Scott)• Will be integrated e.g. as an annex to V&V document

Time schedules?

7