Recent Posts
Publications
Cyber-Risk Management
Atle Refsdal, Bjørnar Solhaug and Ketil Stølen, SINTEF
Abstract
This book provides a brief and general introduction to cybersecurity and cyber-risk assessment. Not limited to a specific approach or technique, its focus is highly pragmatic and is based on established international standards (including ISO 31000) as well as industrial best practices. It explains how cyber-risk assessment should be conducted, which techniques should be used when, what the typical challenges and problems are, and how they should be addressed. More info regarding the book is available at the publisher website
cyber-risk_management_flyer.pdf
An Industrial Perspective on Security Testing, Risk Assessment, and Legal Compliance
Frank Werner and Albert Zenkoff, Software AG
Arthur Molnar, Info World
Erlend Eilertsen, EVRY
Abstract
Existing security solutions promise to fulfill needs of modern industry with respect to security testing, risk assessment, and legal compliance to mitigate the overall risk exposure. The RASEN approach targets all of the above mentioned criteria by introducing a new methodology along with underlying toolset. In this white paper, the effectiveness and scope of RASEN is evaluated on three different scenarios, giving recommendations of its applicability, the integration of the provided tool-set, and an assessment to which degree the quality of software increased.
The RASEN method for risk-based security testing and legal compliance assessment
Fredrik Seehusen, SINTEF ICT
Jürgen Großmann, Fraunhofer FOKUS
Samson Y. Esayas, Dep. of Private Law, Univ. of Oslo
Abstract
We present a method that provides a comprehensive approach to cyber security by integrating three areas of cyber security assessment which are traditionally viewed in isolation: risk assessment, security testing, and legal compliance.
RASEN-innovation1-whitepaper.pdf
The RACOMAT Tool – Risk Assessment COMbined with Automated Testing
Johannes Viehmann, Fraunhofer FOKUS
Abstract
The RACOMAT tool allows users to combine component based security risk assessment with security testing. Testing can be integrated seamlessly into the incident simulations the tool uses for its compositional risk analysis.
RASEN_innovation2-whitepaper.pdf
The PMVT approach: a RASEN innovation for security Pattern and Model-based Vulnerability Testing
Bruno Legeard, Fabien Peureux, Smartesting, Institut FEMTO-ST
Martin Schneider, Fraunhaufer FOKUS
Fredrik Seehusen, SINTEF ICT
Alexandre Vernotte, Institut FEMTO-ST
Abstract
This white paper introduces a dynamic application security testing approach, called Pattern-driven and Model-based Vulnerability Testing (PMVT for short), proposed within the RASEN project to generate and execute vulnerability test cases.
RASEN_innovation3_whitepaper.pdf
Tutorial in tool-supported cyber-risk assessment
Atle Refsdal and Bjørnar Solhaug, SINTEF ICT
Abstract
This tutorial gives an introduction to cyber-risk assessment and demonstrates how it can be conducted using the CORAS risk assessment tool. The presentation includes an introduction to the essential elements that we need to understand in order to assess cyber-risk in a methodic and adequate manner: What is a cyber-system, what is a cyber-threat, what is cyber-security, and what is cyber-risk?
SASSI15_tutorial_cyber_risk.pdf
Cyber-Risk Management
Atle Refsdal, Bjørnar Solhaug, Ketil Stølen SINTEF ICT
Abstract
Available at http://www.springer.com/us/book/9783319235691
The CORAS Tool
CORAS tool refers to three standalone tools: the core CORAS tool, and two support tools (CAPEC2CORAS, and CorasAnalyzer) which provide additional functionality to the core tool. The core CORAS tool can be downloaded at http://coras.sourceforge.net. The support tools are available upon request.
CORAS.pdf
The RACOMAT tool
Until September 2013, in the context of the global surveillance disclosures, the German government justified NSA spying, because “security is a super basic right” (Hans-Peter Friedrich, German minister of the interior, own translation) and surveillance is necessary to fight terrorism and other threats. Their opinion changed dramatically as soon as they learned that the mobile phone of German chancellor Angela Merkel was obviously monitored, too. Which risk is higher? Living in an Orwellian surveillance for sure or being eventually not able to prevent some act of terrorism? Obviously, it is necessary to weight risks against each other.
However, risk assessment might be difficult and expensive, it often depends on the skills and estimates of the analysts. Testing is one analysis method that might yield more objective results, but security testing itself might be difficult and expensive, too, because security testing means to test for unwanted behavior and there is usually no specification what to expect. Besides that manual testing is itself error prone and infeasible for large scale systems, even highly insecure system can produce lots of correct test verdicts if the “wrong” test cases have been created and executed. Therefore, it makes sense to do Risk Assessment COMbined with Automated Testing, i.e. to use RACOMAT.
RACOMAT.pdf
CertifyIt
Smartesting CertifyIt is a tool suite that automatically generates test cases based on a model of system requirements. Manual test design is labor intensive and error prone; this manual work can be avoided for complex applications by modeling the key concepts (abstraction) and allowing Smartesting CertifyIt to automate your test design work. Since the model is more expressive and simpler than the system-under-test, it can more readily be reviewed for correctness and coherency, as well as be updated more easily. Some plugins have been developed during RASEN project for the deployment of the RASEN approach in order to assess its accuracy and precision regarding risk-based objectives. Smartesting CertifyIt including these plugins supports UML/OCL models as the specification modeling language, and generates test cases to cover security test patterns used as test objectives.
CertifyIt.pdf
ARIS
The ARIS Business Architect (ABA) is proprietary software from Software AG. On top of the base installation of the ARIS Business Architect, the RASEN methodology can be added by importing the RASEN artefacts including the base package, consisting of the reports, the definition of necessary modeling elements, the macro, a preliminary set of already defined CWEs, and a predefined set of generic component types previously generated.
ARIS.pdf
Using CAPEC for Risk-Based Security Testing
Fredrik Seehusen, SINTEF ICT
Abstract
We present a method for risk-based security testing that takes a set of CAPEC attack patterns as input and produces a risk model which can be used for security test identification and prioritization. Since parts of the method can be automated, we believe that the method will speed up the process of constructing a risk model significantly. We also argue that the constructed risk model is suitable for security test identification and prioritization.
CAPEC-RISK2015_paper.pdf
Risk Assessment and Security Testing of Large Scale Networked Systems with RACOMAT
Johannes Viehmann, Fraunhofer FOKUS, Germany
Frank Werner, Software AG
Abstract
Risk management is an important part of the software quality management because security issues can result in big economical losses and even worse legal consequences. While risk assessment as the base for any risk treatment is widely regarded to be important, doing a risk assessment itself remains a challenge especially for complex large scaled networked systems. This paper presents an ongoing case study in which such a system is assessed. In order to deal with the challenges from that case study, the RACOMAT method and the RACOMAT tool for compositional risk assessment closely combined with security testing and incident simulation for have been developed with the goal to reach a new level of automation results in risk assessment.
Download whitepaper
Industry challenges addressed by the RASEN project
Frank Werner and Albert Zenkoff, Software AG
Arthur Molnar, Info World
Erlend Eilertsen, EVRY AS
Abstract
This whitepaper is authored by the industrial partners of the project and provides an overview of the challenges and benefits the RASEN project is expected to bring to industrial organization that deploy large-scale networked systems, as current existing and conventional tools fail to support industrial needs adequately. Although requirements are very diverse there is a common set of industry generic requirements applicable to a large number of industrial software developing companies. The RASEN project is addressing those, striving to deliver a new methodology and a supportive software environment.
Download whitepaper
Compositional Risk Assessment – Managing the Complexity of Large-Scale Systems
Atle Refsdal and Bjørnar Solhaug, SINTEF ICT
Ketil Stølen, SINTEF, University of Oslo
Abstract
Traditional methods for risk assessment are not well-equipped to tackle the complexity of large-scale, networked systems. The RASEN project proposes a novel divide-and-conquer strategy by means of compositional risk assessment as detailed within this whitepaper.
Download whitepaper
Automated Risk-based Security Testing – Finding Vulnerabilities That Are Worth Being Found
Fabien Peureux, Smartesting
Martin Schneider, Fraunhofer FOKUS
Fredrik Seehusen, SINTEF ICT
Abstract
As is well established in industrial contexts such as detailed within the Industry challenges addressed by the RASEN project whitepaper, fixing and even testing for every possible vulnerability is far too expensive. Especially when considering complex and networked systems, testing has to focus on vulnerabilities that would cause more damage when being exploited than it would cost to fix them. The present paper illustrates the RASEN approach for finding vulnerabilities in targeted applications.
Download whitepaper
Combining Compliance and Security Risk Assessment
Samson Y. Esayas and Tobias Mahler, Dep. of Private Law, Univ. of Oslo
Bjørnar Solhaug, SINTEF ICT
Abstract
Organizations that rely on ICT infrastructures need to maintain a high level of information security and protection from cyber-attacks. This is not only due to the self-interest of protecting business critical infrastructures; it is also due to laws that deal with information security. For this reason, technical and legal risks often need to be understood in combination. The RASEN project proposes an approach to integrate compliance and security risk assessment.
Download whitepaper
Combining Security Risk Assessment and Security Testing
Jürgen Großmann, Fraunhofer FOKUS
Fredrik Seehusen, SINTEF ICT
Abstract
Complex networked systems have become an integral part of our supply infrastructure. Mobile devices, home automation, smart grids and even vehicles are connected via the Internet and becoming accessible and thus vulnerable to hacker attacks. While the number of security incidents drastically increases,
we are more than ever dependent on a secure and mature ICT infrastructure. One of the keys to maintain such a secure and dependable infrastructure are mature, systematic and capable proactive measures to reduce or prevent the risks of security incidents. This paper describes the systematic
integration of security risk assessment and security testing to enable efficient and focused security assessments of networked systems.
Download whitepaper
RASEN Process for Cyber-Risk Assessment
Bjørnar Solhaug, SINTEF ICT, Norway
RASEN tutorial
Abstract
This presentation details the concepts of cyber-space, cyber-security and information security.
RASEN_CyberSecurity.pptx
A Systematic Method for Risk‐driven Test Case Design Using Annotated Sequence Diagrams
Gencer Erdogan, Atle Refsdal, and Ketil Stølen, SINTEF
Abstract
Risk-driven testing is a testing approach that aims at focusing the testing on the aspects or features of the system under test that are most exposed to risk. Current risk-driven testing approaches succeed in identifying the aspects of features that are most exposed to risks, and thereby support testers in planning the testing process accordingly. We give an example-driven presentation of a novel method, intended to assist testers for systematically designing test cases by making use of risk analysis.
2014.SINTEF-A26036.pdf
Schematic Generation of English‐prose Semantics for a Risk Analysis Language Based on UML Interactions
Gencer Erdogan, Atle Refsdal, and Ketil Stølen, SINTEF
Abstract
To support risk-driven testing, we have developed CORAL, a language for risk analysis based on UML interactions. In this report, we present its semantics as a translation of CORAL diagrams into English prose. The CORAL semantics is developed to help software testers to clearly and consistently document, communicate and analyse risks in a risk-driven testing process.
2014.SINTEF-A26407.pdf
A Pattern-driven and Model-Based Test Generation Toolchain for Web Vulnerability
Alexandre Vernotte, Institut FEMTO-ST
Bruno Legeard, Fabien Peureux, Institut FEMTO-ST, Smartesting R&D Center
ESSOS_15.pdf
The RASEN tool-supported method for risk-based security testing and compliance assessment
Jürgen Großmann, Fraunhofer FOKUS
Tool Supported Method for RBST and Compliance Assessment
A Technique for Risk-Based Test Procedure Identification, Prioritization and Selection
Fredrik Seehusen, SINTEF ICT
Presentation within ISoLA 2014, Corfu, Greece
Download Presentation
Combining Risk Assessment and Security Testing
Jürgen Großmann, Martin Schneider, Johannes Viehmann, Marc-Florian Wendland, Fraunhofer FOKUS
Presentation within ISoLA 2014, Corfu, Greece
Download Presentation
Risk-Based Vulnerability Testing using Security Test Patterns
Julien Botella, Bruno Legeard, Fabien Peureux, Smartesting
Alexandre Vernotte, Institut FEMTO-ST
Abstract
This paper introduces an original security testing approach guided by risk assessment, by means of risk coverage, to perform and automate vulnerability testing for Web applications. This approach, called Risk-Based Vulnerability Testing, adapts Model-Based Testing techniques, which are mostly used currently to address functional features. It also extends Model-Based Vulnerability Testing techniques by driving the testing process using security test patterns selected from risk assessment results. The adaptation of such techniques for Risk-Based Vulnerability Testing defines novel features in this research domain. In this paper, we describe the principles of our approach, which is based on a mixed modeling of the System Under Test: the model used for automated test generation captures some behavioral aspects of the Web applications, but also includes vulnerability test purposes to drive the test generation process.
Download article
Efficient Detection of Multi-step Cross-Site Scripting Vulnerabilities
Alexandre Vernotte, Frederic Dadeau, Institut FEMTO-ST
Franck Lebeau, Erdil
Bruno Legeard, Fabien Peureux, Francois Piat, Smartesting
Abstract
Cross-Site Scripting (XSS) vulnerability is one of the most critical breaches that may compromise the security of Web applications. Reflected XSS is usually easy to detect as the attack vector is immediately executed, and classical Web application scanners are commonly efficient to detect it. However, they are less efficient to discover multi-step XSS, which requires behavioral knowledge to be detected. In this paper, we propose a Pattern-driven and Model-based Vulnerability Testing approach (PMVT) to improve the capability of multi-step XSS detection. This approach relies on generic vulnerability test patterns, which are applied on a behavioral model of the application under test, in order to generate vulnerability test cases. A toolchain, adapted from an existing Model-Based Testing tool, has been developed to implement this approach. This prototype has been experimented and validated on real life Web applications, showing a strong improvement of detection ability
w.r.t. Web application scanners for this kind of vulnerabilities.
Download article
From Test Legacy to Model-Based Testing
Arnaud Bouzy, Bruno Legeard, Smartesting, France
Presenttion within UCAAT 2014, Munich, September 16, 2014
Download Presentation
Model-‐Based Security Testing with Test Patterns
Julien Botella, Bruno Legeard, Fabien Peureux, Smartesting, France
Jürgen Grossmann, Martin Schneider, Fraunhofer FOKUS, Germany
Fredrik Seehusen, SINTEF, Norway
Presenttion within UCAAT 2014, Munich, September 18, 2014
Download Presentation
The RACOMAT Method and Tool
Johannes Viehmann, Fraunhofer FOKUS, Germany
Presenttion within UCAAT 2014, Munich, September 18, 2014
Download Presentation
How to derive high level test procedures from a risk model
Fredrik Seehusen, SINTEF, Norway
Presenttion within UCAAT 2014, Munich, September 18, 2014
Download Presentation
Testing a webservices based ecosystem using MBT
Franck Le Gall & David G. Jimenez, Easy Global Market
Laurent Artusio, Thierry Nagellen, Orange R&D
Julien Bernard, Lucas Gruber, FEMTO-ST/CNRS
Bruno Legeard, Smartesting & University of Franche-Comté
Presenttion within UCAAT 2014, Munich, September 18, 2014
Download Presentation
Risk management
Bjørnar Solhaug, SINTEF ICT, Norway
Tutorial presented at the International Symposium on Engineering Secure Software and Systems (ESSoS’14), February 26, 2014
Download tutorial
An Integrated Approach for Compliance and Security Risk Assessment
Samson Y. Esayas, Tobias Mahler, University of Oslo, Norway
Bjørnar Solhaug, SINTEF ICT, Norway
Published in: Lov & Data, number 121, pages 32-35, 2015
Abstract:
Organizations that rely on information and communications technology (ICT) infrastructures need to maintain a high level of information security and protection from cyber-attacks. This is not only due to the self-interest of protecting business critical infrastructures; it is also due to laws that deal with information security. For this reason, technical and legal risks often need to be understood in combination. The RASEN project proposes an approach to integrate compliance and security risk assessment.
Currently not available for download
Divide and conquer – Towards a notion of risk encapsulation
Atle Refsdal, SINTEF ICT, Norway
Øyvind Rideng, CTO, Oilfiled Technology Group, Norway
Bjørnar Solhaug, SINTEF ICT, Norway
Ketil Stølen, SINTEF ICT & Dep. of Informatics, University of Oslo, Norway
Published in In Advances in Engineering Secure Future Internet Services and Systems. LNCS 8431, 345-365, Springer, 2014
Abstract
The criticality of risk management is evident when considering the information society of today, and the emergence of Future Internet technologies such as Cloud services. Information systems and services become ever more complex, heterogeneous, dynamic and interoperable, and many different stakeholders increasingly rely on their availability and protection. Managing risks in such a setting is extremely challenging, and existing methods and techniques are often inadequate. A main difficulty is that the overall risk picture becomes too complex to understand without methodic and systematic techniques for how to decompose a large scale risk analysis into smaller parts. In this chapter we introduce a notion of risk model encapsulation to address this challenge. Encapsulation facilitates compositional risk analysis by hiding internal details of a risk model. This is achieved by defining a risk model interface that contains all and only the information that is needed for composing the individual risk models to derive the overall risk picture. The interface takes into account possible dependencies between the risk models. We outline a method for compositional risk analysis, and demonstrate the approach by using an example on information security from the petroleum industry.
Currently not available for download
ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System
Kristian Beckers, University of Duisburg-Essen, Germany
Maritta Heisel, University of Duisburg-Essen, Germany
Bjørnar Solhaug, SINTEF ICT, Norway
Ketil Stølen, SINTEF ICT & Dep. of Informatics, University of Oslo, Norway
Published in In Advances in Engineering Secure Future Internet Services and Systems. LNCS 8431, pp. 315-344, Springer, 2014.
Abstract
Established standards on security and risk management provide guidelines and advice to organizations and other stakeholders on how to fulfill their security needs. However, realizing and ensuring compliance with such standards may be challenging. This is partly because the descriptions are very generic and have to be refined and interpreted by security experts, and partly because they lack techniques and practical guidelines. In previous work we showed how existing security requirements engineering methods can be used to support the ISO 27001 information security standard. In this chapter we present ISMS-CORAS, which is an extension of the CORAS method for risk management that supports the ISO 27001 standard. ISMS-CORAS comes with techniques and guidelines necessary for establishing an Information Security Management System (ISMS) compliance with the standard, as well as the artifacts that are needed for the required documentation. We validate the method by applying it to a scenario from the smart grid domain.
Currently not available for download
The CORAS Language – Why it is Designed the Way it is
Bjørnar Solhaug, SINTEF ICT, Norway
Ketil Stølen, SINTEF ICT & Dep. of Informatics, University of Oslo, Norway
Published in Safety, Reliability, Risk and Life-Cycle Performance of Structures and Infrastructures, Proc. of 11th International Conference on Structural Safety & Reliability (ICOSSAR’13). CRC Press, 2013.
Abstract
In this research paper two of SINTEF’s researchers involved in the RASEN project provide an insight into the CORAS risk analysis approach that is widely used within our project. The paper provides a brief technical introduction together with insight regarding the major design decisions that shaped the CORAS approach.
Download preprint version
Model-Driven Risk Analysis of Evolving Critical Infrastructures
Bjørnar Solhaug, SINTEF ICT, Norway
Fredrik Seehusen, SINTEF ICT, Norway
Published in Journal of Ambient Intelligence and Humanized Computing, pp. 1-18, 2013.
Abstract
This paper addresses the challenge of continuous risk management and validation of risk models by presenting a tool-supported approach to model-driven security risk analysis of changing and evolving systems. The presented artifacts are exemplified and validated using the domain of air traffic management
Download preprint version
An Approach to Select Cost-Effective Risk Countermeasures Exemplified in CORAS
Le Minh Sang Tran, PhD Student, University of Trento, Italy
Bjørnar Solhaug, SINTEF ICT, Norway
Ketil Stølen, SINTEF ICT & Dep. of Informatics, University of Oslo, Norway
SINTEF A24343- Unrestricted Technical Report
Abstract
This technical report presents an approach to integrate countermeasure cost-benefit assessments into the risk analysis and to provide decision makers with the ncessary decision support. The presented approach comes with the necessary modeling support, a calculus for reasoning about the countermeasure cost and effect as well as means for visualization of the results to aid decision makers. This report presents the instantiation in CORAS using an eHealth scenario.
Download technical report
An Approach to Select Cost-Effective Risk Countermeasures
Le Minh Sang Tran, PhD Student, University of Trento, Italy
Bjørnar Solhaug, SINTEF ICT, Norway
Ketil Stølen, SINTEF ICT & Dep. of Informatics, University of Oslo, Norway
Published in Proceedings of the 27th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec’13). LNCS 7964, pp. 266-273, Springer 2013.
Abstract
This paper presents an approach to integrate the countermeasure cost-benefit assessment into the risk analysis and to provide decision makers with the necessary decision support. The approach comes with the necessary modeling support, a calculus for reasoning about the countermeasure cost and effect, as well as means for visualization of the results to aid decision makers.
Download article
A Trace Management Platform for Risk-Based Security Testing
Juergen Grossmann, Fraunhofer FOKUS, Germany
Michael Berger, Fraunhofer FOKUS, Germany
Johannes Viehmann , Fraunhofer FOKUS, Germany
Presented during RISK2013 – 1st International Workshop on Risk Assessment and Risk-driven Testing, November 12, Istanbul, Turkey, preprint
Abstract
This paper introduces RISKTest, a trace management platform on the basis of Eclipse that supports the creation and documentation of cross-tool relations during test development and test execution. RISKTest is dedicated to risk-based security testing. Thus, we concentrate on the management of traces between the artifacts from risk assessment and testing and the definitions of services that automatically analyze the related artifacts for security and testing related aspects. RISKTest has been developed in the DIAMONDS project and evaluated within the project’s case studies.
Download article
Online Model-Based Behavioral Fuzzing
Martin Schneider, Fraunhofer FOKUS, Germany
Juergen Grossmann, Fraunhofer FOKUS, Germany
Ina Schieferdecker, Fraunhofer FOKUS, Germany
Andrej Pietschker, Giesecke & Devrient GmbH, Munich, Germany
Presented at IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops (ICSTW), March 2013
Abstract
The present paper presents an approach to make the test execution for behavioral fuzz testing more efficient by generating test cases at runtime instead of before execution, focusing on interesting regions of a message sequence based on a previously conducted risk analysis and reducing the test space by integrating already retrieved test results in the test generation process.
Download article
Towards Integration of Compositional Risk Analysis Using Monte Carlo Simulation and Security Testing
Johannes Viehmann , Fraunhofer FOKUS, Germany
Presented during RISK2013 – 1st International Workshop on Risk Assessment and Risk-driven Testing, November 12, Istanbul, Turkey, preprint
Abstract
This short paper describes ongoing efforts to combine concepts of security risk analysis with security testing into a single process. Using risk analysis artefact composition and Monte Carlo simulation to calculate likelihood values, the method described here is intended to become applicable for complex large
scale systems with dynamically changing probability values.