Verified IT Framework Project (VERIT)

Speaker: Prof. Dr. Karl W. Neunast
Specification and verification of distributed embedded IT systems

The declarative specification and functional description of a system with clear semantics allows the system development by the testing (or verification) to check if the implemented system does exactly what it should.

• Penetration Testing in IT systems: Black or white box testing, identification of local or remote vulnerabilities of IT systems and, where applicable, the possibility to utilize them. Also testing for known or unknow vulnerabilities aiming their identification. For the first time the identified vulnerabilities are evaluated to address the priority of damage.
• Vulnerability analysis is an examination method to test if the security features implemented within an IT system can fend off the threats considered in the operational environment. Both are direct attacks to examine the security features implemented as well as indirect attacks on the bypass.
• Verification is the process which will ensure that a system behaves exactly under all circumstances, according to a given specification. All verification methods require an appropriate formalization of the specification and the system. The goal is the optimization of verification procedures.
• Risk management deals with the identification, evaluation, management and monitoring of risks of the desired behavior of a system. The risk management process requires the clear specification of the desired system behavior, knowledge about threats and vulnerabilities of the system and appropriate measures for risk management.