Administrative Security Requirements

Ziel

An IBC network accentuates the need for a common language for information security, partly because of the increase in the number of actors, many of them not familiar at all with security. This brings with it a need to set up a methodology to integrate and manage the complexity of the many and varied functional security requirements.

The project had the aim of building up this methodology, setting a conceptual framework for integrating user (provider, customer and third party) needs, liabilities and obligations. This conceptual framework was to be used to issue Administrative Security Requirements in the form of security sub-profiles, application by application, using functionality classes and quality levels.
A methodology was designed to integrate and manage the complexity of the many and varied functional security requirements for an integrated broadband communications (IBC) network. A conceptual framework was set up for integrating user (ie provider, customer and third party) needs, liabilities and obligations. The methodology was developed giving a general framework for administrative security requirements encompassing the security needs of users, service suppliers and network providers, and giving to specifiers and implementers a statement of the problems and requirements that the services should address in a complete, systematic and coherent form in the context of multiple service domains consistent with an IBC environment. Information security in a network has to aim to protect the assets and meet the requirements of different actors (eg users, third party service providers, carriers, regulatory authorities). While domains of liability and responsibility can be identified which underlie security specifications, in some cases interests can be contradictory. Suppliers of services and technology have to cope with all the constraints and yet meet these varied requirements. The project delivered an overview of the methodology and its specifications, framework, steps, issues and inputs for common functional specifications (CFS).
Technical Approach

A methodology was to be developed giving a general framework for Administrative Security Requirements encompassing the security needs of users, service suppliers and network providers, and giving to specifiers and implementers a statement of the problems and requirements that the services should address in a complete, systematic and coherent form in the context of multiple service domains consistent with an IBC environment.

Requirements were to be defined in conformance with functionality classes of ITSEC and security sub-profiles based on available or draft standards.

The methodology was to be validated for effectiveness across several application types and tools were to be produced to assist users of the methodology. A reference manual would be produced which included security elements, guide-lines and practical recommendations on using the methodology and tools. An awareness programme on methodology was to be developed, including computer-assisted training, conferences and training seminars.

The partners intended to create an automated database of threats to be used for each profile (application) and to modify an existing method for risk analysis. In setting up the methodology the partners intended to use SADT methodology and to develop the related semi-automated tools to ensure coherence. The methodology and tools were to be validated on other RACE and Telematics projects.

Key Issues

Information security in a network has to aim to protect the assets and meet the requirements of different actors : users, third-party service providers, carriers, regulatory authorities, etc. While domains of liability and responsibility can be identified which underlie security specifications, in some cases interests can be contradictory. Suppliers of services and technology have to cope with all the constraints and yet meet these varied requirements.

Expected Impact

The results of the project contributed to sensitising the RACE Community to the complexity of supplying security in a multi-domain multi-service environment.

Wissenschaftliches Gebiet (EuroSciVoc)

CORDIS klassifiziert Projekte mit EuroSciVoc, einer mehrsprachigen Taxonomie der Wissenschaftsbereiche, durch einen halbautomatischen Prozess, der auf Verfahren der Verarbeitung natürlicher Sprache beruht. Siehe: Das European Science Vocabulary.

• Naturwissenschaften Informatik und Informationswissenschaften Datenbank

Programm/Programme

Mehrjährige Finanzierungsprogramme, in denen die Prioritäten der EU für Forschung und Innovation festgelegt sind.

• FP3-RACE 2 - Specific research and technological development programme (EEC) in the field of communication technologies, 1990-1994

Thema/Themen

Aufforderungen zur Einreichung von Vorschlägen sind nach Themen gegliedert. Ein Thema definiert einen bestimmten Bereich oder ein Gebiet, zu dem Vorschläge eingereicht werden können. Die Beschreibung eines Themas umfasst seinen spezifischen Umfang und die erwarteten Auswirkungen des finanzierten Projekts.

• T.777 - Administrative security requirements
• T.888 - Secure protocols
• PL6 - Project line 6 - Information security

Aufforderung zur Vorschlagseinreichung

Verfahren zur Aufforderung zur Einreichung von Projektvorschlägen mit dem Ziel, eine EU-Finanzierung zu erhalten.

Finanzierungsplan

Finanzierungsregelung (oder „Art der Maßnahme“) innerhalb eines Programms mit gemeinsamen Merkmalen. Sieht folgendes vor: den Umfang der finanzierten Maßnahmen, den Erstattungssatz, spezifische Bewertungskriterien für die Finanzierung und die Verwendung vereinfachter Kostenformen wie Pauschalbeträge.

Daten nicht verfügbar

Koordinator

Beteiligte (3)