安全测试用例研究中的安全目标

The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI:10.1109/ARES.2007.136

K. Karppinen, R. Savola, M. Rapeli, Esa Tikkala

{"title":"安全测试用例研究中的安全目标","authors":"K. Karppinen, R. Savola, M. Rapeli, Esa Tikkala","doi":"10.1109/ARES.2007.136","DOIUrl":null,"url":null,"abstract":"Obviously, there is a need for automated information security analysis, validation, evaluation and testing approaches. Unfortunately, there is no state-of-art approach to carrying out information security evaluation in a systematic way. Information security evaluation of software-intensive and telecommunications systems typically relies heavily on the experience of the security professionals. Requirements are within the focus of the information security evaluation process. Information security requirements can be based on iterative risk, threat and vulnerability analyses, and technical and architectural information. There is a need for more practical ways to carry out this iterative process. In this paper we discuss security evaluation process, security objectives and security requirements from the basis of the experiences of a security testing project","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"54 12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Security Objectives within a Security Testing Case Study\",\"authors\":\"K. Karppinen, R. Savola, M. Rapeli, Esa Tikkala\",\"doi\":\"10.1109/ARES.2007.136\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Obviously, there is a need for automated information security analysis, validation, evaluation and testing approaches. Unfortunately, there is no state-of-art approach to carrying out information security evaluation in a systematic way. Information security evaluation of software-intensive and telecommunications systems typically relies heavily on the experience of the security professionals. Requirements are within the focus of the information security evaluation process. Information security requirements can be based on iterative risk, threat and vulnerability analyses, and technical and architectural information. There is a need for more practical ways to carry out this iterative process. In this paper we discuss security evaluation process, security objectives and security requirements from the basis of the experiences of a security testing project\",\"PeriodicalId\":383015,\"journal\":{\"name\":\"The Second International Conference on Availability, Reliability and Security (ARES'07)\",\"volume\":\"54 12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-04-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The Second International Conference on Availability, Reliability and Security (ARES'07)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2007.136\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The Second International Conference on Availability, Reliability and Security (ARES'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2007.136","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

摘要

显然，需要自动化的信息安全分析、验证、评估和测试方法。遗憾的是，目前还没有最先进的方法来系统地进行信息安全评估。软件密集型和电信系统的信息安全评估通常严重依赖于安全专业人员的经验。需求是信息安全评估过程的重点。信息安全需求可以基于迭代的风险、威胁和漏洞分析，以及技术和体系结构信息。需要更实际的方法来执行这一迭代过程。本文从一个安全测试项目的经验出发，讨论了安全评估过程、安全目标和安全需求

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Security Objectives within a Security Testing Case Study

Obviously, there is a need for automated information security analysis, validation, evaluation and testing approaches. Unfortunately, there is no state-of-art approach to carrying out information security evaluation in a systematic way. Information security evaluation of software-intensive and telecommunications systems typically relies heavily on the experience of the security professionals. Requirements are within the focus of the information security evaluation process. Information security requirements can be based on iterative risk, threat and vulnerability analyses, and technical and architectural information. There is a need for more practical ways to carry out this iterative process. In this paper we discuss security evaluation process, security objectives and security requirements from the basis of the experiences of a security testing project

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

The Second International Conference on Availability, Reliability and Security (ARES'07)

自引率

0.00%

发文量