Evaluation of the CORAL Approach for Risk-driven Security Testing based on an Industrial Case Study

Sammendrag

The CORAL approach is a model-based method to security testing employing risk assessment to help security
testers select and design test cases based on the available risk picture. In this paper we present experiences from
using CORAL in an industrial case. The results indicate that CORAL supports security testers in producing risk models that are valid and threat scenarios that are directly testable. This, in turn, helps testers to select and design test cases according to the most severe security risks posed on the system under test.

Kategori

Vitenskapelig Kapittel/Artikkel/Konferanseartikkel

Oppdragsgiver

Research Council of Norway (RCN) / 201579
Research Council of Norway (RCN) / 236657

Språk

Engelsk

Forfatter(e)

Gencer Erdogan
Ketil Stølen
Jan Øyvind Aagedal

Institusjon(er)

Universitetet i Oslo
SINTEF Digital / Sustainable Communication Technologies
Diverse norske bedrifter og organisasjoner

År

2016

Forlag

SciTePress

Bok

Proceedings of the 2nd International Conference on Information Systems Security and Privacy, ICISSP 2016, February 19-21, 2016, in Rome, Italy

ISBN

978-989-758-167-0

Side(r)

219 - 226

DOI

https://doi.org/10.5220/0005650902190226

Vis denne publikasjonen hos Cristin

Kontakt oss

Tjenester

Rapporter og publikasjoner

Forskningssenter og samarbeid

Karriere

Bærekraft

Institutter

Andre enheter

Ledelse og organisering

Om oss

Følg oss