Software security assurance of telecommunication systems

International Conference on Multimedia Computing and Systems -Proceedings

Volumn , Issue , 2009, Pages 138-143

  Savola, Reijo M ^a  

^a VTT TECHNICAL RESEARCH CENTRE OF FINLAND   (Finland)

Author keywords

Security assurance; Security metrics; Security monitoring; Security requirements; Security testing

Indexed keywords

SECURITY ASSURANCE; SECURITY METRICS; SECURITY MONITORING; SECURITY REQUIREMENTS; SECURITY TESTING;

COMPUTER SCIENCE; COMPUTER SOFTWARE; MULTIMEDIA SYSTEMS; SECURITY SYSTEMS; TELECOMMUNICATION; TELECOMMUNICATION SYSTEMS;

NETWORK SECURITY;

EID: 70449686292     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/MMCS.2009.5256713     Document Type: Conference Paper

References (27)

1. R. Savola, and J. Röning, "Towards security evaluation based on evidence information collection and impact analysis", Supplemental Proceedings of the 2006 International Conference on Dependable Systems and Networks (DSN), Workshop on Empirical Evaluation of Dependability and Security (WEEDS), Philadelphia, PA, June 25-28, 2006, pp. 113-118.
2. R. Savola, "Towards Requirement Driven Evaluation of Information Security", Proceedings of the International Seminar on Dependable Requirements Engineering of Computerised Systems at Nuclear Power Plants, Institute for Energy Technology, OECD Halden Reactor Project, Nov. 27-29, 2006, Halden, Norway.
3. P. T. Devanbu and S. Stubblebine, "Security and Software Engineering: A Roadmap", Proc. 22nd Int. Conference of Software Engineering (ICSE), Limerick, Ireland, 2000.
4. D. Firesmith, "Specifying Reusable Security Requirements", Journal of Object Technology, Vol. 3, No. 1, Jan/Feb 2004, pp. 61-75.
5. R. Savola, "Towards Requirement and Modeling Driven Security Evaluation", Proc. Int. Conference on Systems and Networks Communications (ICSNC) 2006, Nov. 1-3, 2006, Tahiti, French Polynesia.
6. S. Katzke, "Security metrics", Proceedings of the Workshop on Information Security System Scoring and Ranking, Williamsburg, VA, May 21-23, 2001.
7. A. Sademies and R. Savola, "A survey of security metrics use in some Finnish organizations", Proceedings of the 2005 IT Governance International Conference, Auckl and, New Zealand, November 14-16, 2005, pp. 91-98.
8. International Organization for Standardization, "ISO/IEC 17799", Information Technology - Code of Practice for Information Security Management 2005.
9. International Organization for Standardization, "ISO/IEC 27001", Information Security Management Systems - Requirements, 2005.
10. International Organization for Standardization, "ISO/IEC 15408", Common Criteria for Information Technology Security Evaluation, 2005.
11. International Organization for Standardization, "ISO/IEC 18028", IT Network Security - Network Security Management, 2005.
12. AusCERT, "Information Security Standards", 2002.
13. K. Höne, and J. H. P. Eloff, "Information security policy - what do international information security standards say?", Computers & Security, Vol. 21, Issue 5, pp. 402-409.
14. SourceForge.net, OpenGGSN project, 2003, http://sourceforge.net/projects/ ggsn/.
15. NetHawk, NetHawk RNC/Iub simulator, 2006, https://www.nethawk.fi/ products/nethawk-simulators/nethawk-rnciub-simulator/.
16. Codenomicon, Codenomicon IPv4 test tools, 2006, http://www.codenomicon. com/prodducts/internet/ipv4.
17. Codenomicon, Codenomicon GTP test tools, 2006, http://www.codenomicon. com/products/telecommunications/gtp.
18. NetHawk, NetHawk EAST® GSM testing, 2006, https://www.nethawk.fi/ products/nethawk-simulators/nethawk-east-gsm/.
19. NetHawk, NetHawk M5 analyser, 2006, https://www.nethawk.fi/products/ nethawk-analyser/nethawk-m5/.
20. E. Tikkala, M. Rapeli, K. Karppinen and H. Honkanen, "Security Testing OpenGGSN: a Case Study", Proceedings of the 6th Annual Security Conference, Las Vegaas, April 11-12, 2007.
21. FlawFinder. Web reference: http://www.dwheeler.com/flawfinder/.
22. RATS. Web reference: http://www.securesoftware.com/
23. Valgrind. Web reference: http://valgrind.org/.
24. R. Savola and K. Karppinen, "Practical Security Testing of Telecommunications Software - A Case Study", Proceedings of the 3rd Advanced International Conference on Telecommunications (AICT 2007), Morne, Mauritius, May 13-19, 2007.
25. M. Schumacher, and U. Roedig, "Security engineering with patterns", Proceedings of Pattern Languages of Programs, Monticello, IL, September 11-15, 2001.
26. B. Schneier, Secrets and Lies: Digital Security in a Networked World, John Wiley & Sons, New York, 2000.
27. Coverity, Inc., "Coverity's Kernel Code Quality Study", 2004, http://lwn.net/Articles/115530/