|
SECURITY CERTIFICATIONS OF SOFTWARE SYSTEMS
Module designed and coordinated by Professor Ernesto Damiani, University of Milan |
|
|
|
|
The stringent requirements in terms of software security of mission critical platforms such as digital rights management, telecommunication and automotive raised the need for some form of security certification based on rigorous in-depth system analysis conducted by independent, and internationally recognized organizations. This analysis is aimed at assessing the security level of software so that each organization can choose the software product that best meets its security requirements. Even though security certifications have their application still restricted to a small part of potential target systems, their diffusion is increasing and it is likely that in a near future they will become a prerequisite for many other industries.
Who should attend:
IT developers and architects, Security/IT managers, C and Java developers, researchers and academics
What you will learn:
This module will start by reviewing test-based and verification-based solutions to create a standard for security certifications.
Then the module will focus on the problem of certifying an IT products at an international level. Finally, this module will focus on discussing the application of security certifications to OSS scenario and on setting up a virtual certification facility for OSS in various applications scenarios, such as DRM, telecommunication and embedded systems.
This module covers 3 main issues:
- How to choose among the techniques and standards for security certifications
- The new environment and challenges of IT products certification at an international level
- Next security certification approaches and cases : application to OSS scenario from there setting up of virtual certification facility for OSS in DRM, telecommunications and embedded systems scenarios.
Key topics:
Certification techniques - Common Criteria - VSE - Open Source Software
SEPT. 18
9.00 am – 9.30 am
Module presentation: introduction
Prof. Ernesto Damiani, Full Professor at Department of Information Technology, Università degli Studi di Milano
9.30 am -11.00 am
State of the art of the software certification techniques
Volkmar Lotz, Research Program Manager for Security and Trust, SAP Research
11.30 am – 1.00 pm
Introduction to formal methods for software certification: the role of formal methods
Dieter Hutter, Principal Researcher, German Research Center for Artificial Intelligence
2.30 pm – 4.00 pm
VSE: Formal methods meet industrial needs
Roland Vogt, Researcher, German Research Center for Artificial Intelligence
4.30 pm – 6.00 pm
Introduction to test base certification on open source platforms
Prof. Ernesto Damiani, Full Professor at Department of Information Technology, Università degli Studi di Milano
6.00 pm – 6.30 pm
Discussion and lessons learned
Chair Prof. Ernesto Damiani, Full Professor at Department of Information Technology, Università degli Studi di Milano
SEPT. 19
9.00 am – 9.30 am
Module presentation: introduction
Prof. Ernesto Damiani, Full Professor at Department of Information Technology, Università degli Studi di Milano
9.30 am – 11.00 am
Formal methods and open source certification
Luis Barbosa, Associate Professor at Departamento de Informática, Universidade do Minho
11.30 am – 1.00 pm
Test base software certification
Jan de Meer, Head of Embedded Systems Engineering, Smart Space Lab
2.30 pm – 4.30 pm
Case studies: IFSA, CCR-EAL
Chair Prof. Ernesto Damiani, Full Professor at Department of Information Technology, Università degli Studi di Milano
5.00 pm – 5.30 pm
Discussion and lessons learned
Chair Prof. Ernesto Damiani, Full Professor at Department of Information Technology, Università degli Studi di Milano
|