loading
Papers

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Ernő Jeges ; Balázs Berkes ; Gergely Eberhardt and Balázs Kiss

Affiliation: SEARCH-LAB Security Evaluation Analysis and Research Laboratory, Hungary

ISBN: 978-989-758-000-0

Keyword(s): Security Evaluation Methodology, Security Testing, Security Objectives, Threat Modelling, Case Study, Embedded Systems Security.

Abstract: Even software engineers tend to forget about the fact that the burden of the security incidents we experience today stem from defects in the code – actually bugs – committed by them. Constrained by resources, many software vendors ignore security entirely until they face an incident, or are tackling security just by focusing on the options they think to be the cheapest – which usually means post-incident patching and automatic updates. Security, however, should be applied holistically, and should be interwoven into the entire product development lifecycle. Eliminating security problems is challenging, however; while engineers have to be vigilant and find every single bug in the code to make a product secure, an attacker only has to find a single remaining vulnerability to exploit it and take control of the entire system. This is why security evaluation is so different from functional testing, and why it needs to be performed by a well-prepared security expert. In this paper we will ta ckle the challenge of security testing, and introduce our methodology for evaluating the security of IT products – MEFORMA was specifically created as a framework for commercial security evaluations, and has already been proven in more than 50 projects over twelve years. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.208.159.25

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Jeges, E.; Berkes, B.; Kiss, B. and Eberhardt, G. (2014). MEFORMA Security Evaluation Methodology - A Case Study.In Proceedings of the 4th International Conference on Pervasive and Embedded Computing and Communication Systems - Volume 1: MeSeCCS, (PECCS 2014) ISBN 978-989-758-000-0, pages 267-274. DOI: 10.5220/0004919902670274

@conference{meseccs14,
author={Ernő Jeges. and Balázs Berkes. and Balázs Kiss. and Gergely Eberhardt.},
title={MEFORMA Security Evaluation Methodology - A Case Study},
booktitle={Proceedings of the 4th International Conference on Pervasive and Embedded Computing and Communication Systems - Volume 1: MeSeCCS, (PECCS 2014)},
year={2014},
pages={267-274},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004919902670274},
isbn={978-989-758-000-0},
}

TY - CONF

JO - Proceedings of the 4th International Conference on Pervasive and Embedded Computing and Communication Systems - Volume 1: MeSeCCS, (PECCS 2014)
TI - MEFORMA Security Evaluation Methodology - A Case Study
SN - 978-989-758-000-0
AU - Jeges, E.
AU - Berkes, B.
AU - Kiss, B.
AU - Eberhardt, G.
PY - 2014
SP - 267
EP - 274
DO - 10.5220/0004919902670274

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.