| |
| |
SOFTWARE SECURITY CERTIFICATION |
| Module designed and coordinated by Professor Ernesto Damiani, University of Milan, Department of Information Technologies. |
|
 |
Dates & Location:
2 days - September 22-23, 2009, Sophia-Antipolis (French Riviera)
Who should attend?
IT developers and architects, Security/IT managers, Systems and Network
administrators, researchers and academics
What will you learn?
This module will start by reviewing past solutions to create a standard for
security certifications.
Then the module will focus on the problem of certifying IT products at an international level. Finally, this module will focus on discussing the application of security certifications to OSS scenario and on setting up a virtual certification facility for OSS in various applications scenarios, such as DRM, telecommunication and embedded systems.
This module covers 3 main issues:
- How to create a standard for security certifications
- The new environment and challenges of IT products certification at an
international level,
- Next security certification approaches and cases: application to OSS
scenario from there setting up of virtual certification facility for OSS in
DRM, telecommunications and embedded systems scenarios.
Key topics:
Certification techniques - Common Criteria - VSE - Open Source Software
Presentation:
The stringent requirements in terms of software security of mission critical platforms such as digital rights management, telecommunication and automotive raised the need for some form of security certification based on rigorous in-depth system analysis conducted by independent, and internationally recognized organizations. This analysis is aimed at assessing the security level of software so that each organization can choose the software product that best meets its security requirements. Even though security certifications have their application still restricted to a small part of potential target systems, their diffusion is increasing and it is likely that in a near future they will become a prerequisite for many other industries.
Program
DAY 1: September 22nd, 2009
9.30 am - 10.00 am
Module presentation: introduction
Prof.
Ernesto Damiani
Full Professor at Department of Information Technology,
Università degli Studi di Milano
10.00 am - 11.00 am
Introduction to formal methods for software certification: the role of formal methods
Dieter Hutter
Principal Researcher,
German Research Center for Artificial Intelligence
11.30 am - 12.30 am
VSE: Formal methods meet industrial needs
Werner Stephan
Researcher,
German Research Center for Artificial Intelligence
2.00 pm - 4.00 pm
Correct Design: An introduction to formal methods
Luis Barbosa
Associate Professor at Departamento de Informática,
Universidade do Minho
4.30 pm - 5.30 pm
Introduction to test base certification on open source platforms
Module presentation: introduction
Claudio Ardagna
Assistant Professor at Department of Information Technology,
Università degli Studi di Milano
DAY 2: September 23rd, 2009
9.30 am - 10.00 am
Module presentation: introduction
Prof.
Ernesto Damiani
Full Professor at Department of Information Technology,
Università degli Studi di Milano
10.00 am - 11.00 am
State of the art of the software certification techniques
Volkmar Lotz
Research Program Manager for Security and Trust, SAP Research
11.30 am - 12.30 am
Assurance policies for large scale software platforms
Massimo Banzi
Telecom Italia
2.00 pm - 3.00 pm
Testing of security-critical products based on CC/FIPS standards
Jan de Meer
Head of Embedded Systems Engineering,
Smart Space Lab
3.30 pm - 5.00 pm
Case studies: IFSA, CCR-EAL
Chair Prof.
Ernesto Damiani
Full Professor at Department of Information Technology,
Università degli Studi di Milano
5.00 pm - 5.30 pm
Discussion and lessons learned
Chair Prof.
Ernesto Damiani
Full Professor at Department of Information Technology,
Università degli Studi di Milano
