Security failures and data breaches are impacting not only enterprises but also critical infrastructures and public services. Solely in Germany successful attacks on IT systems in cause damage by 4.8 million euros a year. At the same time, we are experiencing how the current IT landscape is changing rapidly. Just a few years ago, the Internet was dedicated to interconnect stationary end user devices. Nowadays, the tendency towards an Internet of things makes the situation more complex. Mobile devices, home automation, smart grids and even vehicles are connected via the Internet and becoming theoretical accessible and thus vulnerable to hacker attacks. However, we are more than ever dependent on a secure and mature ICT infrastructure.
One of the keys to get and maintain such a secure and dependable infrastructure is a mature, systematic and capable security risk analysis and testing program. This workshop will provide a forum to discuss innovative security testing approaches and their combination with security risk analysis. At the same time, the workshop tries to draw a line to the industrial requirements and the challenges that arise when security testing meets the demands of cost efficiency and scalability. Experts from industry and academia will present and discuss their solutions to the key issues security risk analysis, vulnerability testing, model based security testing, and standardization. The contributions are complemented by industry grade research results from four large European research projects.
Preliminary Agenda
Day 1, September 19:
10:00 - 11:00 Keynote:
Ralf Böker, Federal Office for Information Security (BSI): Cyber security
11:30 - 13:00 Session 1: Security risk assessment and testing
- Jan Stijohann, SIEMENS: Siemens, Risk-based testing,
- Ketil Stølen, SINTEF: Test-based risk assessment
13:00 - 14:00 Lunch
14:00 - 16:00 Session 2: Standardization & Certification
- Gerard Gaudin, G2C, France: A full set of new standards in Cyber Defence addressing the full scope of security event detection issues
- Luca Compagna: Formal Validation and Testing of Security Standards at SAP: from research to industry
- Jürgen Großmann, Fraunhofer FOKUS: Security Testing Improvment Profile (STIP)
18:30 Social Event
Day 2, September, 20:
09:30 - 10:30 Keynote: NN
11:00 - 13:00 Session 3: Active security testing
- Luca Vigano, Università di Verona, Italy: The SPaCIoS Tool - property-driven and vulnerability-driven security testing
- Prof. Bruno Legeard, FEMTO-ST/UFCSmartesting: Model-based vulnerability testing from patterns and behavioral model
- Dr. Volker Baier, Codenomicon: Traffic capture fuzzing
- Martín Ochoa, Siemens/TUM: Model-based vulnerability testing
13:00 - 14:00 Lunch
14:00 - 16:30 Session 4: Active and passive security testing
- Prof. Dr. Sachar Paulus, Kuppinger Cole: Trustworthy software development
- Riccardo Scandariato, KULeuven: Security vulnerability prediction
- Graham Steel, Cryptosense, Paris: Security analysis of APIs, including the W3C Crypto API”
- Ana Cavalli, Institut Mines-Telecom, France: Application of passive testing techniques to secure interoperability testing
- Wissam Mallouli Montimage: Passive testing for security checking using MMT
More information on the agenda will follow soon.
Workshop Organization
DIAMONDS: Development and Industrial Application of Multi-Domain Security Testing Technologies
SPaCIoS: Secure Provision and Consumption in the Internet of Services
NESSOS: Network of Excellence on Engineering Secure Future Internet Software Services and Systems
RASEN: Compositional Risk Assessment and Security Testing of Networked Systems
INTER-TRUST: Interoperable Trust Assurance Infrastructure http://www.inter-trust.eu/
Hinweise zur Teilnahme:
Termin:
19.09.2013 ab 10:00 - 20.09.2013 17:00
Anmeldeschluss:
18.09.2013
Veranstaltungsort:
TU Berlin (mathematic building) Room MA141/142
Straße des 17. Juni 136
10623 Berlin
Berlin
Deutschland
Zielgruppe:
Wirtschaftsvertreter, Wissenschaftler
E-Mail-Adresse:
Relevanz:
international
Sachgebiete:
Informationstechnik
Arten:
Seminar / Workshop / Diskussion
Eintrag:
20.08.2013
Absender:
Ronny Meier
Abteilung:
Corporate Communications
Veranstaltung ist kostenlos:
nein
Textsprache:
Englisch
URL dieser Veranstaltung: http://idw-online.de/de/event44535
Sie können Suchbegriffe mit und, oder und / oder nicht verknüpfen, z. B. Philo nicht logie.
Verknüpfungen können Sie mit Klammern voneinander trennen, z. B. (Philo nicht logie) oder (Psycho und logie).
Zusammenhängende Worte werden als Wortgruppe gesucht, wenn Sie sie in Anführungsstriche setzen, z. B. „Bundesrepublik Deutschland“.
Die Erweiterte Suche können Sie auch nutzen, ohne Suchbegriffe einzugeben. Sie orientiert sich dann an den Kriterien, die Sie ausgewählt haben (z. B. nach dem Land oder dem Sachgebiet).
Haben Sie in einer Kategorie kein Kriterium ausgewählt, wird die gesamte Kategorie durchsucht (z.B. alle Sachgebiete oder alle Länder).