| Smart University Home > Programs > Software Security Certification |
|
Software Engineering |
2 Days |
Educational |
|
Software Security Certification |
|
Presentation
The stringent requirements in terms of software security of mission critical platforms such as digital rights management, telecommunication and automotive raised the need for some form of security certification based on rigorous indepth system analysis conducted by independent, and internationally recognized organizations. This analysis is aimed at assessing the security level of software so that each organization can choose the software product that best meets its security requirements. Even though security certifications have their application still restricted to a small part of potential target systems, their diffusion is increasing and it is likely that in a near future they will become a prerequisite for many other industries.
Training's objectives
This module will start by reviewing past solutions to create a standard for security certifications.
Then the training will focus on the problem of certifying IT products at an international level. Finally, this module will focus on discussing the application of security certifications to OSS scenario and on setting up a virtual certification facility for OSS in various applications scenarios, such as DRM, telecommunication and embedded systems.
This module covers 3 main issues:
- How to create a standard for security certifications,
- The new environment and challenges of IT products certification at an international level,
- Next security certification approaches and cases: application to OSS scenario from there setting up of virtual certification facility for OSS in DRM, telecommunications and embedded systems scenarios.
Who should attend?
IT developers and architects, Security/IT managers, Systems and Network administrators, researchers and academics.
Key topics
Certification techniques - Common Criteria - VSE - Open Source Software.
Program
DAY 1
Module presentation: introduction
by Prof. Ernesto Damiani Full Professor at Department of Information Technology, Università degli Studi di Milano
9.00 - 11.00 am
Introduction to formal methods for software certification: the role of formal methods
by Dieter Hutter, Principal Researcher, German Research Center for Artificial Intelligence
11.30 - 12.30 am
VSE: Formal methods meet industrial needs
by Werner Stephan, Researcher, German Research Center for Artificial Intelligence
2.00 - 4.00 pm
Correct Design: an introduction to formal methods
by Luis Barbosa, Associate Professor at Departamento de Informática, Universidade do Minho
4.30 - 5.30 pm
Assurance policies for large scale software platforms
by Massimo Banzi, Telecom Italia |
|
DAY 2
9.00 - 10.00 am
Module presentation: introduction
by Prof. Ernesto Damiani, Full Professor at Department of Information Technology, Università degli Studi di Milano
10.00 - 11.00 am
State of the art of the software certification techniques
by Volkmar Lotz, Research Program Manager for Security and Trust, SAP Research
11.30 - 12.30 am
Introduction to test base certification on open source platforms
by Claudio Ardagna, Assistant Professor at Department of Information Technology, Università degli Studi di Milano
2.00 - 3.00 pm
Testing of securitycritical products based on CC/FIPS standards
by Jan de Meer, Head of Embedded Systems Engineering, Smart Space Lab
3.30 - 5.00 pm
Case studies: IFSA, CCR-EAL
by Chair Prof. Ernesto Damiani, Università degli Studi di Milano
5.00 - 5.30 pm
Discussion and lessons learnedby Chair Prof. Ernesto Damiani, Università degli Studi di Milano |
|
|
|
|
|
Module designed and coordinated by 
