To main content

Conceptual framework for security testing, security risk analysis and their combinations

Abstract

Security testing and security risk analysis are key issues and central to strengthening the ability of companies to face the new security challenges posed by the future internet. We present a conceptual framework clarifying the notions of security testing, security risk analysis, and related concepts, as well as defining the relations among them. The conceptual framework is built upon established concepts from state-of-the-art standards. We focus on model-based approaches for security testing and security risk analysis and distinguish between model-based security testing (MST) and model-based security risk analysis (MSR). In particular, we present the two possible combinations of MST and MSR, which are risk-driven model-based security testing (RMST) and test-driven model-based security risk analysis (TMSR). The conceptual framework offers a basis for future research by providing a common understanding of the central notions within security testing and security risk analysis.

Category

Report

Language

English

Author(s)

  • Yan Li

Affiliation

  • University of Oslo
  • SINTEF Digital / Software and Service Innovation

Year

2012

Publisher

Fraunhofer FOKUS

View this publication at Cristin