Software security assurance of telecommunication systems

Author

Savola, Reijo M.

Author_Institution

VTT Tech. Res. Centre of Finland, Oulu, Finland

fYear

2009

fDate

2-4 April 2009

Firstpage

138

Lastpage

143

Abstract

In order to obtain evidence about the security strength or performance in software products and telecommunication systems we need automated information security analysis, validation, evaluation and testing approaches. Unfortunately, no widely accepted practical approaches are available. Information security testing of software-intensive and telecommunications systems typically relies heavily on the experience of the security professionals. In this study, we argue that security requirements are within the focus of the information security testing process. Information security requirements can be based on iterative risk, threat and vulnerability analyses, and technical and architectural information. We discuss security testing process, security objectives and security requirements from the basis of the experiences of a security testing case study project.

Keywords

formal specification; formal verification; program testing; security of data; systems analysis; telecommunication security; automated information security analysis; information security testing process; iterative process; security requirements; software security assurance; telecommunication system; Automatic testing; Information analysis; Information security; Monitoring; Performance analysis; Risk analysis; Software performance; Software testing; System testing; Wireless application protocol; security assurance; security metrics; security monitoring; security requirements; security testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Multimedia Computing and Systems, 2009. ICMCS '09. International Conference on

Conference_Location

Ouarzazate

Print_ISBN

978-1-4244-3756-6

Electronic_ISBN

978-1-4244-3757-3

Type

conf

DOI

10.1109/MMCS.2009.5256713

Filename

5256713