SECURity at the network EDge

Protection of mobile devices from Internet threats is usually achieved by installing appropriate tools (e.g. anti-virus, personal firewall, parental control) on each device. However, this poses several issues: it requires privileged access on the device, appropriate protection tools may not exist on all the platforms or their capabilities may vary greatly across the different devices, and tools may consume too many resources.This results in ineffective or inconsistent protection for the users that will experience wide variation in security when using different devices and/or networks (for example, typically WiFi access inside a corporate network is protected by a border firewall while this is not the case for a 3G network).
The SECURED project proposes an innovative architecture to achieve protection from Internet threats by offloading execution of security applications into a programmable device at the edge of the network such as a home gateway or an enterprise router.This architecture creates a trusted and virtualized execution environment allowing different actors (e.g. single users, corporate ICT managers, network providers) to install on-demand and execute multiple security applications on the network edge device to protect the traffic of a specific user. This approach reduces the load onto the mobile devices, guaranteeing enforcement of user-specific and device-independent security policies, and uniform protection across different devices and networks.Transition mechanisms are also defined to support legacy network devices and deploy this new technology incrementally. The proposed architecture will be validated in corporate and individual environments, considering various network settings (e.g. 3G/4G, WiFi, xDSL, corporate LAN).
The project targets citizens, network providers, and companies. The latter will be able to enforce a company-wide security policy not only when the employee is connected to the corporate network but also when she is on the move (e.g. home network, 3G connection, airport WiFi).
SECURED will produce concrete results in the form of open specifications and sample open-source implementations for (A) creation of trusted network security applications, (B) policy-based security configuration, with support for hierarchical and multi-source policies, and (C) security marketplace to trade applications and exchange best-practice policies (useful to encourage adoption by non-skilled individuals or companies).
A uniform security environment will be created, independent of the user device and network connection, offering also protection for Internet-of-Things environments, where nodes typically have limited computational and communication capabilities (e.g. home appliances, sensor networks, or distributed critical infrastructures).In summary, the project will empower mobile users with better Internet security and enable different business models for network service providers and security application developers.