Towards a Unified Penetration Testing Taxonomy

Hudic, Aleksandar; Zechner, Lorenz; Islam, Shareeful; Krieg, Christian; Weippl, Edgar; Winkler, Severin; Hable, Richard

doi:10.1109/socialcom-passat.2012.65

Cited by 7 publications

(6 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Complementary, our approach helps to elicit and prove such conformity prior to the test phase. As stated in [24], security oriented testing is a challenging topic. Our method provides means to deploy a security-test bench driven by models.…”

Section: B Approach Positioningmentioning

confidence: 99%

Timed-Model-Based Method for Security Analysis and Testing of Smart Grid Systems

Pedroza

Gall

Gaston

et al. 2016

2016 IEEE 19th International Symposium on Real-Time Distributed Computing (ISORC)

View full text Add to dashboard Cite

The progressive integration of software-based components into the electricity grid has given raise to what is known as Smart Grids. As long as Smart Grids gain on connectivity and automation, new concerns on their safety and security have arisen. It is agreed that non-negligible risks and enlarged impact due to misbehaviors and intrusions exist [1]. Following a model driven paradigm, a method is proposed to reinforce the security of these complex widely distributed systems. The method guides system re-engineering and is based upon timed models. It encompasses reverse engineering, symbolic, and testing techniques to model, analyze, and deploy attack testing. In early stages of the method, a reference timed model to support security analyses is designed via reverse engineering and symbolic execution. During latter stages, the nominal models are enriched so as to specify attack scenarios which are symbolically executed to prove the ability of the system to detect attacker intrusions. In final stages, the attack scenarios are used to specify test cases which are later deployed to test the system. The method and main outcomes are presented relying upon a Smart Grid subsystem analyzed in the scope of a joint academy-industry project 1. 1 This research has been partially funded by the projects SESAM Grids and S3P categorized as "investments for the future".

show abstract

Section: B Approach Positioningmentioning

confidence: 99%

Timed-Model-Based Method for Security Analysis and Testing of Smart Grid Systems

Pedroza

Gall

Gaston

et al. 2016

2016 IEEE 19th International Symposium on Real-Time Distributed Computing (ISORC)

View full text Add to dashboard Cite

show abstract

“…In addition, social engineering can be included to determine the human weaknesses that may provide access to assets [5], [6], [7], [8], [9]. Overviews of penetration testing methods are provided in [10], [11], [12].…”

Section: Related Work a Penetration Testingmentioning

confidence: 99%

“…, m 2 the failure probability p F i and store it in the vector p F . The function computes (8) by exploiting (12) to get p i = 1 1+e…”

Section: Updates Of Elo Ratingsmentioning

confidence: 99%

“…Note that if f E is not known we have m 2 = n. In contrast to the updates above, we cannot derive an observation based estimate, since r i ∈ {0, 1}. So, instead of performing a linear interpolation, we update δ i by calculating the difference between the expected probability p, computed with (12), and the observed result. We then add this value to the previous estimate, as in classic Elo models.…”

Section: Updates Of Elo Ratingsmentioning

confidence: 99%

“…. , r m2 of each observation are generated with (12), with δ true i and β j as inputs. The probability that an observation is incomplete is determined by p I .…”

Section: Simulationmentioning

confidence: 99%

See 2 more Smart Citations

Quantitative penetration testing with item response theory

Arnold

Pietersy

Stoelinga

2013

2013 9th International Conference on Information Assurance and Security (IAS)

View full text Add to dashboard Cite

Abstract-Existing penetration testing approaches assess the vulnerability of a system by determining whether certain attack paths are possible in practice. Thus, penetration testing has so far been used as a qualitative research method. To enable quantitative approaches to security risk management, including decision support based on the cost-effectiveness of countermeasures, one needs quantitative measures of the feasibility of an attack. Also, when physical or social attack steps are involved, the binary view on whether a vulnerability is present or not is insufficient, and one needs some viability metric. When penetration tests are performed anyway, it is very easy for the testers to keep track of, for example, the time they spend on each attack step. Therefore, this paper proposes the concept of quantitative penetration testing to determine the difficulty rather than the possibility of attacks based on such measurements. We do this by step-wise updates of expected time and probability of success for all steps in an attack scenario. In addition, we show how the skill of the testers can be included to improve the accuracy of the metrics, based on the framework of Item Response Theory (Elo ratings). We prove the feasibility of the approach by means of simulations, and discuss application possibilities.

show abstract

A Risk Management Framework for Penetration Testing of Global Banking & Finance Networks VoIP Protocols

Malhotra

2014

SSRN Journal

View full text Add to dashboard Cite

Towards a Unified Penetration Testing Taxonomy

Cited by 7 publications

References 5 publications

Timed-Model-Based Method for Security Analysis and Testing of Smart Grid Systems

Timed-Model-Based Method for Security Analysis and Testing of Smart Grid Systems

Quantitative penetration testing with item response theory

A Risk Management Framework for Penetration Testing of Global Banking & Finance Networks VoIP Protocols

Contact Info

Product

Resources

About