Evaluation of the CORAL Approach for Risk-driven Security Testing based on an Industrial Case Study

Gencer Erdogan, Ketil Stølen, Jan Øyvind Aagedal

2016

Abstract

The CORAL approach is a model-based method to security testing employing risk assessment to help security testers select and design test cases based on the available risk picture. In this paper we present experiences from using CORAL in an industrial case. The results indicate that CORAL supports security testers in producing risk models that are valid and threat scenarios that are directly testable. This, in turn, helps testers to select and design test cases according to the most severe security risks posed on the system under test.

Paper Citation

in Harvard Style

Erdogan G., Stølen K. and Aagedal J. (2016). Evaluation of the CORAL Approach for Risk-driven Security Testing based on an Industrial Case Study . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 219-226. DOI: 10.5220/0005650902190226

in Bibtex Style

@conference{icissp16,
author={Gencer Erdogan and Ketil Stølen and Jan Øyvind Aagedal},
title={Evaluation of the CORAL Approach for Risk-driven Security Testing based on an Industrial Case Study},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={219-226},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005650902190226},
isbn={978-989-758-167-0},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Evaluation of the CORAL Approach for Risk-driven Security Testing based on an Industrial Case Study
SN - 978-989-758-167-0
AU - Erdogan G.
AU - Stølen K.
AU - Aagedal J.
PY - 2016
SP - 219
EP - 226
DO - 10.5220/0005650902190226