Abstract: A computer-implemented method for testing a system, the tested system being a computer program, a hardware system, or an embedded system. In the method, using a static analysis, a first part of an execution structure for the system is examined to see if the system runs corresponding execution paths without errors when the first part of the execution structure is executed. If in the static analysis error-free execution is determined for the first part of the execution structure, the system is examined using a dynamic analysis which leaves out execution paths which correspond to the first part of the execution structure.

Abstract: A method for operating a communications system, in particular a communications system based on software-defined networking, which has at least one network infrastructure component, in particular an SDN switch, and at least one communications device, the network infrastructure component being developed for forwarding data to and/or from the at least one communications device. The method includes the following steps: allocating the communications device to at least one security zone; specifying at least one forwarding rule for forwarding data by the network infrastructure component to and/or from the communications device, the specification of the forwarding rule taking place under consideration of the security zone.

Abstract: A device and method for operating a communications network in a vehicle, or for operating an industrial communications network; a control entity for the communications network, in particular, a software-defined networking controller, determining a countermeasure after detection of an attack; an infrastructure component being configured as a function of the countermeasure, in particular, by setting at least one filtering, blocking or forwarding rule; and at least one data stream from or to at least one other infrastructure component being isolated by the infrastructure component, in a portion of the communications network; or at least one data stream to or from an end node being isolated by the infrastructure component, in a portion of the communications network.

Abstract: A computer-implemented method for selecting a fuzzing method for carrying out fuzzing testing of a predefined program code. The method includes: providing program code metrics that characterize the program code to be tested; applying the program code metrics to a data-based fuzzing selection model for ascertaining performance metrics, associated with the fuzzing methods, for a number of fuzzing methods, the data-based fuzzing selection model being trained to output a performance metric for each of the fuzzing methods; selecting one or multiple fuzzing methods corresponding to the associated performance metrics; carrying out fuzzing testing corresponding to the one or multiple selected fuzzing methods.

Abstract: A computer-implemented method for performing a test for a program code. The method includes the following steps: providing a modified program code, which includes the program code to be tested and at least one code segment, the at least one code segment monitoring an execution sequence of execution segments, and the code segment being developed to induce a program termination when an impermissible execution sequence is detected; performing a fuzz test for the modified program code; signaling a program termination when an impermissible execution sequence is detected.

Abstract: A computer-implemented method for testing a system, the tested system being a computer program, a hardware system, or an embedded system. In the method, using a static analysis, a first part of an execution structure for the system is examined to see if the system runs corresponding execution paths without errors when the first part of the execution structure is executed. If in the static analysis error-free execution is determined for the first part of the execution structure, the system is examined using a dynamic analysis which leaves out execution paths which correspond to the first part of the execution structure.

Abstract: A method for operating a communications system, in particular a communications system based on software-defined networking, which has at least one network infrastructure component, in particular an SDN switch, and at least one communications device, the network infrastructure component being developed for forwarding data to and/or from the at least one communications device. The method includes the following steps: allocating the communications device to at least one security zone; specifying at least one forwarding rule for forwarding data by the network infrastructure component to and/or from the communications device, the specification of the forwarding rule taking place under consideration of the security zone.

Abstract: A device and method for operating a communications network in a vehicle, or for operating an industrial communications network; a control entity for the communications network, in particular, a software-defined networking controller, determining a countermeasure after detection of an attack; an infrastructure component being configured as a function of the countermeasure, in particular, by setting at least one filtering, blocking or forwarding rule; and at least one data stream from or to at least one other infrastructure component being isolated by the infrastructure component, in a portion of the communications network; or at least one data stream to or from an end node being isolated by the infrastructure component, in a portion of the communications network.

Abstract: A method for providing a computer program for a computing unit of an electronic device, in particular a control device of a motor vehicle or of a household appliance, wherein the method includes: evaluation of properties of the electronic device relating to a susceptibility to side channel attacks and/or fault attacks, as a result of which an evaluation result is obtained, selection of at least one influencing parameter that has an influence on the susceptibility of the electronic device to side channel attacks and/or fault attacks, in particular as a function of the evaluation result, use of the at least one influencing parameter to diversify the computer program for the computing unit.

Abstract: A method for excluding a participant from a group of multiple participants, in which certificates are used for an authorized communication of the participants among each other, a withdrawal request being received by one participant of the group, the withdrawal request making an identification of the participant to be excluded possible by the participant to be excluded itself, and the authorized communication being terminated by the participant when it is identifiable as the participant to be excluded based on the withdrawal request, as well as a communication system for carrying it out.

Abstract: A method for protecting a network against a cyberattack, in which for a message in the network first characteristics of a first transmission of the message are determined and an origin of the message in the network is determined by a comparison of the first characteristics with at least one fingerprint of at least one subscriber or a segment of the network or a transmission route. If a manipulation of the message is detected, a point of attack of the cyberattack in the network is detected and localized in particular on the basis of the origin of the message.

Abstract: For communication of a first participant with at least one additional participant in a communication system via multiple protocols, the protocols using at least two different certificate formats, the first participant uses different certificates with the respective certificate formats for the communication via the different protocols, the different certificates being based on a shared public key. The first participant holds a shared associated private key for the different certificates. Provision of the certificates for the first participant includes generating the public key and the associated private key, signing the public key for provision of the first certificate, and signing the public key for provision of the second certificate.

Abstract: A telecommunication network, an authentication node, and a method for commissioning an electronically controllable vehicle component of a telecommunication network. For commissioning, the vehicle component requires a verification of authentication data that are to be acquired. For this purpose, the following is carried out: positioning a mobile data carrier in the authentication node of the traffic network, in particular in a vehicle; reading in authentication data of the mobile data carrier within the authentication node; verifying the read-in authentication data and, if verification is successful: producing a verification signal; triggering a verified commissioning of the component if the verification signal is acquired at the vehicle component or at a control device of the node at which the component is situated.

Abstract: A method for providing a computer program for a computing unit of an electronic device, in particular a control device of a motor vehicle or of a household appliance, wherein the method includes: evaluation of properties of the electronic device relating to a susceptibility to side channel attacks and/or fault attacks, as a result of which an evaluation result is obtained, selection of at least one influencing parameter that has an influence on the susceptibility of the electronic device to side channel attacks and/or fault attacks, in particular as a function of the evaluation result, use of the at least one influencing parameter to diversify the computer program for the computing unit.

Abstract: A method for excluding a participant from a group of multiple participants, in which certificates are used for an authorized communication of the participants among each other, a withdrawal request being received by one participant of the group, the withdrawal request making an identification of the participant to be excluded possible by the participant to be excluded itself, and the authorized communication being terminated by the participant when it is identifiable as the participant to be excluded based on the withdrawal request, as well as a communication system for carrying it out.

Abstract: For communication of a first participant with at least one additional participant in a communication system via multiple protocols, the protocols using at least two different certificate formats, the first participant uses different certificates with the respective certificate formats for the communication via the different protocols, the different certificates being based on a shared public key. The first participant holds a shared associated private key for the different certificates. Provision of the certificates for the first participant includes generating the public key and the associated private key, signing the public key for provision of the first certificate, and signing the public key for provision of the second certificate.