Title :
Software security assurance of telecommunication systems
Author :
Savola, Reijo M.
Author_Institution :
VTT Tech. Res. Centre of Finland, Oulu, Finland
Abstract :
In order to obtain evidence about the security strength or performance in software products and telecommunication systems we need automated information security analysis, validation, evaluation and testing approaches. Unfortunately, no widely accepted practical approaches are available. Information security testing of software-intensive and telecommunications systems typically relies heavily on the experience of the security professionals. In this study, we argue that security requirements are within the focus of the information security testing process. Information security requirements can be based on iterative risk, threat and vulnerability analyses, and technical and architectural information. We discuss security testing process, security objectives and security requirements from the basis of the experiences of a security testing case study project.
Keywords :
formal specification; formal verification; program testing; security of data; systems analysis; telecommunication security; automated information security analysis; information security testing process; iterative process; security requirements; software security assurance; telecommunication system; Automatic testing; Information analysis; Information security; Monitoring; Performance analysis; Risk analysis; Software performance; Software testing; System testing; Wireless application protocol; security assurance; security metrics; security monitoring; security requirements; security testing;
Conference_Titel :
Multimedia Computing and Systems, 2009. ICMCS '09. International Conference on
Conference_Location :
Ouarzazate
Print_ISBN :
978-1-4244-3756-6
Electronic_ISBN :
978-1-4244-3757-3
DOI :
10.1109/MMCS.2009.5256713
