Ziel
An IBC network accentuates the need for a common language for information security, partly because of the increase in the number of actors, many of them not familiar at all with security. This brings with it a need to set up a methodology to integrate and manage the complexity of the many and varied functional security requirements.
The project had the aim of building up this methodology, setting a conceptual framework for integrating user (provider, customer and third party) needs, liabilities and obligations. This conceptual framework was to be used to issue Administrative Security Requirements in the form of security sub-profiles, application by application, using functionality classes and quality levels.
A methodology was designed to integrate and manage the complexity of the many and varied functional security requirements for an integrated broadband communications (IBC) network. A conceptual framework was set up for integrating user (ie provider, customer and third party) needs, liabilities and obligations. The methodology was developed giving a general framework for administrative security requirements encompassing the security needs of users, service suppliers and network providers, and giving to specifiers and implementers a statement of the problems and requirements that the services should address in a complete, systematic and coherent form in the context of multiple service domains consistent with an IBC environment. Information security in a network has to aim to protect the assets and meet the requirements of different actors (eg users, third party service providers, carriers, regulatory authorities). While domains of liability and responsibility can be identified which underlie security specifications, in some cases interests can be contradictory. Suppliers of services and technology have to cope with all the constraints and yet meet these varied requirements. The project delivered an overview of the methodology and its specifications, framework, steps, issues and inputs for common functional specifications (CFS).
Technical Approach
A methodology was to be developed giving a general framework for Administrative Security Requirements encompassing the security needs of users, service suppliers and network providers, and giving to specifiers and implementers a statement of the problems and requirements that the services should address in a complete, systematic and coherent form in the context of multiple service domains consistent with an IBC environment.
Requirements were to be defined in conformance with functionality classes of ITSEC and security sub-profiles based on available or draft standards.
The methodology was to be validated for effectiveness across several application types and tools were to be produced to assist users of the methodology. A reference manual would be produced which included security elements, guide-lines and practical recommendations on using the methodology and tools. An awareness programme on methodology was to be developed, including computer-assisted training, conferences and training seminars.
The partners intended to create an automated database of threats to be used for each profile (application) and to modify an existing method for risk analysis. In setting up the methodology the partners intended to use SADT methodology and to develop the related semi-automated tools to ensure coherence. The methodology and tools were to be validated on other RACE and Telematics projects.
Key Issues
Information security in a network has to aim to protect the assets and meet the requirements of different actors : users, third-party service providers, carriers, regulatory authorities, etc. While domains of liability and responsibility can be identified which underlie security specifications, in some cases interests can be contradictory. Suppliers of services and technology have to cope with all the constraints and yet meet these varied requirements.
Expected Impact
The results of the project contributed to sensitising the RACE Community to the complexity of supplying security in a multi-domain multi-service environment.
Wissenschaftliches Gebiet
Programm/Programme
Thema/Themen
Aufforderung zur Vorschlagseinreichung
Data not availableFinanzierungsplan
Data not availableKoordinator
75009 Paris
Frankreich