Administrative Security Requirements

Objetivo

An IBC network accentuates the need for a common language for information security, partly because of the increase in the number of actors, many of them not familiar at all with security. This brings with it a need to set up a methodology to integrate and manage the complexity of the many and varied functional security requirements.

The project had the aim of building up this methodology, setting a conceptual framework for integrating user (provider, customer and third party) needs, liabilities and obligations. This conceptual framework was to be used to issue Administrative Security Requirements in the form of security sub-profiles, application by application, using functionality classes and quality levels.
A methodology was designed to integrate and manage the complexity of the many and varied functional security requirements for an integrated broadband communications (IBC) network. A conceptual framework was set up for integrating user (ie provider, customer and third party) needs, liabilities and obligations. The methodology was developed giving a general framework for administrative security requirements encompassing the security needs of users, service suppliers and network providers, and giving to specifiers and implementers a statement of the problems and requirements that the services should address in a complete, systematic and coherent form in the context of multiple service domains consistent with an IBC environment. Information security in a network has to aim to protect the assets and meet the requirements of different actors (eg users, third party service providers, carriers, regulatory authorities). While domains of liability and responsibility can be identified which underlie security specifications, in some cases interests can be contradictory. Suppliers of services and technology have to cope with all the constraints and yet meet these varied requirements. The project delivered an overview of the methodology and its specifications, framework, steps, issues and inputs for common functional specifications (CFS).
Technical Approach

A methodology was to be developed giving a general framework for Administrative Security Requirements encompassing the security needs of users, service suppliers and network providers, and giving to specifiers and implementers a statement of the problems and requirements that the services should address in a complete, systematic and coherent form in the context of multiple service domains consistent with an IBC environment.

Requirements were to be defined in conformance with functionality classes of ITSEC and security sub-profiles based on available or draft standards.

The methodology was to be validated for effectiveness across several application types and tools were to be produced to assist users of the methodology. A reference manual would be produced which included security elements, guide-lines and practical recommendations on using the methodology and tools. An awareness programme on methodology was to be developed, including computer-assisted training, conferences and training seminars.

The partners intended to create an automated database of threats to be used for each profile (application) and to modify an existing method for risk analysis. In setting up the methodology the partners intended to use SADT methodology and to develop the related semi-automated tools to ensure coherence. The methodology and tools were to be validated on other RACE and Telematics projects.

Key Issues

Information security in a network has to aim to protect the assets and meet the requirements of different actors : users, third-party service providers, carriers, regulatory authorities, etc. While domains of liability and responsibility can be identified which underlie security specifications, in some cases interests can be contradictory. Suppliers of services and technology have to cope with all the constraints and yet meet these varied requirements.

Expected Impact

The results of the project contributed to sensitising the RACE Community to the complexity of supplying security in a multi-domain multi-service environment.

Ámbito científico (EuroSciVoc)

CORDIS clasifica los proyectos con EuroSciVoc, una taxonomía plurilingüe de ámbitos científicos, mediante un proceso semiautomático basado en técnicas de procesamiento del lenguaje natural. Véas: El vocabulario científico europeo..

• ciencias naturales informática y ciencias de la información base de datos

Programa(s)

Programas de financiación plurianuales que definen las prioridades de la UE en materia de investigación e innovación.

• FP3-RACE 2 - Specific research and technological development programme (EEC) in the field of communication technologies, 1990-1994

Tema(s)

Las convocatorias de propuestas se dividen en temas. Un tema define una materia o área específica para la que los solicitantes pueden presentar propuestas. La descripción de un tema comprende su alcance específico y la repercusión prevista del proyecto financiado.

• T.777 - Administrative security requirements
• T.888 - Secure protocols
• PL6 - Project line 6 - Information security

Convocatoria de propuestas

Procedimiento para invitar a los solicitantes a presentar propuestas de proyectos con el objetivo de obtener financiación de la UE.

Régimen de financiación

Régimen de financiación (o «Tipo de acción») dentro de un programa con características comunes. Especifica: el alcance de lo que se financia; el porcentaje de reembolso; los criterios específicos de evaluación para optar a la financiación; y el uso de formas simplificadas de costes como los importes a tanto alzado.

Datos no disponibles

Coordinador

Participantes (3)