Objective
The project aims to develop and verify, by means of trials in real environments, mechanisms which will ensure the required integrity of inter-domain access to TMN based management systems. Access in this context includes both inter-TMN access and User to TMN access. Constituent objectives are:
to propose a policy and techniques to guarantee the integrity for communication and information in an inter-domain, multi-provider management environment including user access to management
to select the appropriate mechanisms from the emerging standards to support inter-TMN security with open interfaces and to design and construct these mechanisms within scenario environments
to validate the proposals and mechanisms by two trials involving TMN domains in National Hosts, connected networks and real users with managed applications and network components.
to disseminate results to a wide audience and to influence the ongoing standards process by contributions to standardisation bodies.
Specification of security policies for TMN interactions.
Specification of a security architecture for both research and commercial TMN platforms.
Specification of trial scenarios involving tele-medicine applications over ATM connections.
Contribution to ETSI NA4 (security policies and security architecture) for the standardisation of TMN security.
Establishment of close collaboration with ACTS MISA project including a common trial scenario.
Proposal for collaboration with the newly created EURESCOM P710 project on TMN security.
Expected Impact
In the Global Information Infrastructure there will be a multiplicity of network providers, service providers, value added service providers as well as sophisticated users, all with their own management systems. To ensure that these management systems can inter-operate in a way that respects the rights and responsibilities of all the actors concerned, an inter-domain integrity policy is required.
TRUMPET proposes solutions which mediate the requirements of external users, network operators and service providers needs for access to each others management systems whilst respecting system integrity, confidentiality and means of auditing contractual negotiations.
Main contributions to the programme objectives:
Main deliverables
Integrity of inter-domain access to TMN based management systems.
Contribution to the programme
The project's solutions mediate the requirements of external users, network operators and service providers, whilst respecting system integrity, confidentiality and the means of auditing contractual negotiations.
Technical Approach
An overall concept and integrity policy has been established for inter-domain TMN taking into account work done in RACE projects, regulatory policies and the results from standardisation bodies (ITU-T, ISO and ETSI) and forums (EURESCOM, ATM, OSI & NM Forums).
The approach taken adopts a comprehensive method of risk assessment to identify the security objectives of all actors engaged in inter-TMN interactions, and to translate those objectives into security requirements by analysing the assets constituting the management systems and the impact on the concerned assets of such security breaches. In parallel to those objectives of commercial security, the objectives imposed to the various actors by their legal and regulatory environment have to be considered which may lead to some technical restrictions for the use of some counter measures; the countermeasures themselves may likely introduce new specific threats and finally the cost-effectiveness of those countermeasures has to be evaluated. The retained counter measures, associated with some requirements on the mechanisms to realise them, have to be grouped into consistent sets which constitute a set of security policies.
The architectural design for the security of management applications is based on the following standards:
X.509: Authentication Framework (public key certification)
X.741: Objects and Attributes for Access Control
X.812: Access Control Framework
GULS: Generic Upper Layer Security for OSI
The security architecture implemented in TRUMPET is designed to secure the management interactions between two management entities (manager-agent) belonging to different domains and communicating across a single X interface.
Integration of security services with the TMN communication capabilities strongly depends on the openness of the management platform. If the internals of the protocol stack can be accessed, security can be added at for example the application, presentation or transport layers. If not, as is the case with most commercial platforms, all security must be added on top of the service interface provided by the stack, and is limited by the functionality provided by this interface.
The security architecture deals with the accessibility issue by proposing security architectures for both research and commercial platforms. However it is not possible to fully implement all security services on a commercial management platform for which the internals of the OSI stack are not accessible.
With respect to the inter-domain management applications, security for most parts is viewed as parts of the platform. Interfacing between the applications and the security services need to be defined, particularly for authentication and access control, but the internals of the security architecture should be transparent to these applications.
Use of TTPs is anticipated at least for authentication (certification of public keys, and distribution of public key certificates), which means that TTPs are necessary components of the infrastructure.
Common interests between TRUMPET, MISA and PROSPECT have been identified. MISA and PROSPECT could provide TMN platforms with a set of management applications, while TRUMPET could provide the security components for these management applications.
Summary of Trial
Trial environments will use National Hosts and other networks in Norway, the UK and Switzerland. Real users and applications are involved:
Norway: Internet-based tele-medicine application interconnecting hospitals that has the objective of providing higher quality connections than the Internet using connections through the Norwegian Academic Network - Uninett. Management requirements are to provide bandwidth on demand and maintain QoS and to ensure integrity of the management data transfers.
Switzerland: Web-based medical tele-education application, where hospitals require higher-performance and high-quality connections than the Internet through bandwidth-on-demand services. Use of the Swiss National Host and EXPERT test-bed is proposed to deliver the higher quality connections. Access control, authentication, and integrity of the communications is envisaged.
UK: A web-based network pricing application is proposed for use by UK end-users, where business customers require high-performance connections for their own "Intranet" usage of the application. Trial connections are to be provided through Scottish Telecom's ATM access network using interconnection between Scottish Telecom and other UK licensed operators in partnership with ST - e.g. COLT.
These three trials have common characteristics in that the applications all require high performance connections over and above what is available over today's Internet. This commonality results in all trials requiring flexible/dynamic bandwidth management that delivers secure bandwidth on demand for the end-user applications.
Key Issues
Integrity requirements and solutions for inter-domain TMN communications
Demonstrations of solutions in real environments
Fields of science (EuroSciVoc)
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
- natural sciences computer and information sciences computer security access control
- humanities arts architectural design
- natural sciences computer and information sciences internet transport layer
- natural sciences computer and information sciences computer security cryptography
You need to log in or register to use this function
Programme(s)
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
Topic(s)
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Call for proposal
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
Data not available
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
Funding Scheme
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
Coordinator
06560 Sophia Antipolis
France
The total costs incurred by this organisation to participate in the project, including direct and indirect costs. This amount is a subset of the overall project budget.