Assessing the Usefulness of Testing for Validating the Correctness of Security Risk Models Based on an Industrial Case Study

Erdogan, Gencer; Seehusen, Fredrik; Stølen, Ketil; Aagedal, Jan Øyvind

Erdogan, Gencer; Seehusen, Fredrik; Stølen, Ketil; Aagedal, Jan Øyvind

Research report

Åpne

SINTEF+A26187.pdf (598.7Kb)

Permanent lenke

http://hdl.handle.net/11250/2432276

Utgivelsesdato

2014

Metadata

Vis full innførsel

Samlinger

Publikasjoner fra CRIStin - SINTEF AS [3096]
SINTEF Digital [1420]

Sammendrag

We present the results of an evaluation in which the objective was to assess how useful testing is for validating and gaining confidence in the correctness of security risk models. The evaluation is based on a case study where the target system analyzed was a web-based application. The evaluation suggests that the testing was useful in the sense that it yielded new information which resulted in an update of the security risk model after testing. Oppdragsgiver: Norwegian Research Council

Utgiver

SINTEF

Serie

SINTEF Rapport;