Compositional Risk Assessment and Security Testing of Networked Systems

The European society increasingly depends on ICT systems, in particular ICT systems within critical infrastructures such as telecommunication services, public health services, banking services and power supply. At the same time such systems become increasingly heterogeneous and complex, both with respect to their underlying technology and infrastructure and with respect to their social, economic and legal context. Furthermore, heterogeneous networked service and computing environments cross organisational and geographical borders, posing security challenges that need to be addressed from a broad perspective. For organisations, enterprises and service providers to continuously ensure a sufficient level of protection of complex networked systems, a thorough understanding of security risks is required. However, the nature of such systems makes security assessment very challenging. First, assessing the security of such large, complex networked systems in their entirety is infeasible. Second, security assessment is usually performed either at a high-level (e.g. by risk assessment) or at a technical low-level (e.g. by security testing) with few methods to combine the levels and make use of them complementary. The RASEN project addresses these challenges by, on the one hand, developing support for systematic composition of security assessment results, allowing global security assessments to be derived from assessments of smaller parts of the system. On the other hand, RASEN will develop support for systematically combining high-level security risk assessment with low-level security testing, such that risk assessment can be used to derive security test cases and security test results can be used to verify or updating the risk assessment.
The expected result of RASEN is an approach to security assessment that consists of methods and techniques to support the following. Compositional security assessment: How the security assessment can be broken down into smaller parts and systematically composed to obtain the global assessment. Risk-based security testing: How to derivative security test cases from security risk assessment results. Test-based security risk assessment: How to verify and update of the security risk assessment based on security test results. Legal security risk assessment: How to assess and understand compliance with legal norms related to information security. Continuous security assessment: How reuse results from previous security assessments and to rapidly update the security risk assessment based on passive testing (also called monitoring). Additionally, RASEN will deliver a toolbox that integrates the RASEN tool portfolio consisting of a security risk assessment tool and a security testing tool, as well as tools to make transformations between the two. All the results will be evaluated and validated in relevant use cases derived from the domains of healthcare, finance and the IT industry.