A security testing process supported by an ontology environment : a conceptual proposal

Abstract

Information security is a critical issue in the context of complex and interconnected nowadays IT Systems. Innovative testing approaches are demanded to verify whether the main security characteristics are provided in the systems. The conceptual formalization level required by security test processes can be supplied by semantic technologies. STEPONE is the Security TEst Process supported by ONtology Environment; its foundations come from largely accepted testing processes and security testing standards. The STPO (Security Testing Process Ontology) formalizes and makes explicit the main concepts of the domain. We present a conceptual characterization of STEP-ONE and describe a usage scenario to illustrate how the proposal can be applied. The main contributions are the conceptual process and the ontology. Our proposal is meant to be applied for the evaluation of IT systems with respect to security characteristics as well as to make systematic the security testing activities