Highly Secure Office Information Systems

Ziel

This project addressed the area of security and integrity in office systems in order to make substantial and innovative proposals to deal with the needs of future office systems. The objectives of the project were to:
-study the current nature of security threats and examine state-of-the-art countermeasures in office information systems
-develop a security model for an office information system, with particular emphasis on the banking environment
-produce guidelines for implementing standards for secure office information systems, again emphasising banking
-specify the requirements for a key-management centre and end-user security facilities.

MARS produced a comprehensive description of possible threats and risk-analysis methods and the ways and means of implementing appropriate safeguards. Two security models were developed and guidelines produced.
The security models comprise a workstations model and a communication model. Based on a component/countermeasures matrix with eight different levels of security, the workstation security model supports the implementation of security measures by analysing the workstation into its component parts and determining the countermeasures needed. The communication model supports the design and the tests by providing a medium through which the results of the design can be expressed.
Together with the models, the guidelines promote the implementation of security in office automation systems by supplying precisely defined recommendations in the areas of access control, workstations, encryption and auditing.
In the last phase of the project work was directed towards applying the models and recommendations to an existing office application requiring a high level of security in order to define requirements and design specifications. The security system was specified around an ISO/OSI architecture that clearly specifies the components and protocol layers. End-User Security Facilities (EUSFs) protect both the application interfacing to the user and the transport layer in the communications system by using the services provided by a Key-Management Centre (KMC).
The key-management facilities have been based on a three-level hierarchy using symmetrical keys for confidentiality and data integrity. Asymmetrical keys have been specified for authentication, non-repudiation and key management. A security officer appointed in each branch should handle the local security management, and personal chipcards would be used in the identification process.
The EUSFs are viewed as integrated parts of the workstations and the front-end processors and would consist of hardware in a cryptobox as well as software running on the processor. Based on public keys, the system design anticipates for the future by allowing users registered by the KMC to set up secure communications by the automatic exchange of secret keys.
Exploitation
The requirements and design specifications, together with the enhanced ability to specify and design secure systems, will have a very positive impact on the reliability of future secure office systems. The project has clearly shown the importance of well-defined and standardised security facilities and has demonstrated how these can be integrated into the systems themselves. The results from the project support the development of secure office systems from European manufacturers, and provides input for further standardisation in the area.

Wissenschaftliches Gebiet (EuroSciVoc)

CORDIS klassifiziert Projekte mit EuroSciVoc, einer mehrsprachigen Taxonomie der Wissenschaftsbereiche, durch einen halbautomatischen Prozess, der auf Verfahren der Verarbeitung natürlicher Sprache beruht. Siehe: Das European Science Vocabulary.

• Technik und Technologie Elektrotechnik, Elektronik, Informationstechnik Elektrotechnik Steuerungssysteme
• Naturwissenschaften Informatik und Informationswissenschaften Computersicherheit Zugangskontrolle
• Naturwissenschaften Informatik und Informationswissenschaften Internet Transportschicht
• Naturwissenschaften Informatik und Informationswissenschaften Computersicherheit Kryptografie
• Sozialwissenschaften Soziologie industrielle Beziehungen Automatisierung

Programm/Programme

Mehrjährige Finanzierungsprogramme, in denen die Prioritäten der EU für Forschung und Innovation festgelegt sind.

• FP1-ESPRIT 1 - European programme (EEC) for research and development in information technologies (ESPRIT), 1984-1988

Thema/Themen

Aufforderungen zur Einreichung von Vorschlägen sind nach Themen gegliedert. Ein Thema definiert einen bestimmten Bereich oder ein Gebiet, zu dem Vorschläge eingereicht werden können. Die Beschreibung eines Themas umfasst seinen spezifischen Umfang und die erwarteten Auswirkungen des finanzierten Projekts.

Aufforderung zur Vorschlagseinreichung

Verfahren zur Aufforderung zur Einreichung von Projektvorschlägen mit dem Ziel, eine EU-Finanzierung zu erhalten.

Finanzierungsplan

Finanzierungsregelung (oder „Art der Maßnahme“) innerhalb eines Programms mit gemeinsamen Merkmalen. Sieht folgendes vor: den Umfang der finanzierten Maßnahmen, den Erstattungssatz, spezifische Bewertungskriterien für die Finanzierung und die Verwendung vereinfachter Kostenformen wie Pauschalbeträge.

Daten nicht verfügbar

Koordinator

Beteiligte (6)