Oct. 01, 2010 to June 30, 2013
DIAMONDS will enable efficient and automated security testing methods of industrial relevance for highly secure systems in multiple domains (incl. e.g. banking, transport or telecommunication). As pointed out by the Software Engineering Institute, US, 2009: "The security of a software-intensive system is directly related to the quality of its software”. In particular, over 90% of software security incidents are caused by attackers exploiting known software defects. DIAMONDS addresses this increasing need for systematic security testing methods by developing techniques and tools that can efficiently be used to secure networked applications in different domains.
DIAMONDS will leverage systematic, model-based testing and monitoring approaches for security testing to enable highly secure systems by early testing and test automation. Advanced model-based security testing methods will allow the early identification of design vulnerabilities and efficient system/test design targeting security aspects.
DIAMONDS will introduce four main innovations in the field of security testing methods and technologies:
- Advanced model-based security testing methods that combine different techniques to obtain improved results applicable to multi-domain security.
- Development of autonomous testing techniques based on automatic monitoring techniques to improve resilience of dynamically evolving systems.
- Pre-standardization work on multi-domain security test methodologies and test patterns allowing DIAMONDS to offer interoperable security test techniques and tools.
- Open source platform for security test tool integration to provide a common platform, which provides the user a single user interface towards various test tools, as well as a single reporting interface to have concise report from the various tools.
These innovations aim at building a pre-standard for model-based security testing targeting heterogeneous and distributed systems and services and represent the enabling technology necessary for the introduction of formal security testing in industry.
The four main results of DIAMONDS will be:
- Security Fault Models
- Risk-driven Security Test Methology
- Model-based Security Test Methodology
- Security Test Patterns Catalogue
- Codenomicom, Finland
- Conformiq, Finland
- Dornier Consulting, Germany
- Ericsson, Finland
- FSCOM, France
- Gemalto, France
- Get IT, France
- Giesecke & Devrient, Germany
- Grenoble INP, France
- itrust, Luxemburg
- Metso, Finland
- Montimage, France
- Norse Solutions, Norway
- Secure Business Applications, Austria
- SINTEF, Norway
- Smartesting, France
- Testing Technologies, Germany
- Thales, France
- TU Graz, Austria
- University Oulu, Finland
- VTT, Finland