Agenda: Workshop on Risk Assessment and Risk-driven Testing - Monday, 15 June 2015

08:30 - 09:15 Registration & welcome

09:15 -10:15 SESSION 1: Risk assessment

09:15 - 10:15, Session 1

Risk Assessment

  • Risk Assessment and Security Testing of Large Scale Networked Systems with RACOMAT

Johannes Viehmann and Frank Werner


  • Combining Security Risk Assessment and Security Testing based on Standards

Juergen Grossman and Fredrik Seehusen

10:15 - 10:45 Coffee Break

10:45 - 12:00 Cont. session 1

10:45 - 12:00, Cont. Session 1

  • Validation of IT Risk Assessment with Markov Logic Networks

Janno von Stülpnagel and Willy Chen


  • CyVar: Extending Var-At-Risk to ICT

Fabrizio Baiardi, Federico Tonelli and Alessandro Bertolini

12:00 - 13:00 lunch break

13:00 - 14:00 Keynote

13:00 - 14:00, Keynote

Keynote Tim Kelly

14:00 - 14:30 SESSION 2: RISK AND DEVELOPMENt

14:00 - 14:30, Session 2

Risk and Development

  • Development of Device- and Service-Profiles for a Safe and Secure Interconnection of Medical Devices in the Integrated Open OR

Alexander Mildner, Armin Janss, Jasmin Dell'Anna-Pudlik, Paul Merz, Klaus Radermacher and Martin Leucker

14:30 - 15:00 Coffee break

15:00 - 16:30 Session 3: Security testing

15:00 - 17:00, Session 3

Security Testing

  • Using CAPEC for Risk-Based Security Testing

Fredrik Seehusen


  • Risk-Driven Vulnerability Testing: Results from eHealth Experiments using Patterns and Model-Based Approach

Alexandre Vernotte, Bruno Legeard, Fabien Peureux, Cornel Botea and Arthur Molar


  • Improving Security Testing With Usage-Based Fuzz Testing

Martin A. Schneider, Steffen Herbold, Marc-Florian Wendland and Jens Grabowski

17:00 - end of workshop