Administrative Security Requirements

Obiettivo

An IBC network accentuates the need for a common language for information security, partly because of the increase in the number of actors, many of them not familiar at all with security. This brings with it a need to set up a methodology to integrate and manage the complexity of the many and varied functional security requirements.

The project had the aim of building up this methodology, setting a conceptual framework for integrating user (provider, customer and third party) needs, liabilities and obligations. This conceptual framework was to be used to issue Administrative Security Requirements in the form of security sub-profiles, application by application, using functionality classes and quality levels.
A methodology was designed to integrate and manage the complexity of the many and varied functional security requirements for an integrated broadband communications (IBC) network. A conceptual framework was set up for integrating user (ie provider, customer and third party) needs, liabilities and obligations. The methodology was developed giving a general framework for administrative security requirements encompassing the security needs of users, service suppliers and network providers, and giving to specifiers and implementers a statement of the problems and requirements that the services should address in a complete, systematic and coherent form in the context of multiple service domains consistent with an IBC environment. Information security in a network has to aim to protect the assets and meet the requirements of different actors (eg users, third party service providers, carriers, regulatory authorities). While domains of liability and responsibility can be identified which underlie security specifications, in some cases interests can be contradictory. Suppliers of services and technology have to cope with all the constraints and yet meet these varied requirements. The project delivered an overview of the methodology and its specifications, framework, steps, issues and inputs for common functional specifications (CFS).
Technical Approach

A methodology was to be developed giving a general framework for Administrative Security Requirements encompassing the security needs of users, service suppliers and network providers, and giving to specifiers and implementers a statement of the problems and requirements that the services should address in a complete, systematic and coherent form in the context of multiple service domains consistent with an IBC environment.

Requirements were to be defined in conformance with functionality classes of ITSEC and security sub-profiles based on available or draft standards.

The methodology was to be validated for effectiveness across several application types and tools were to be produced to assist users of the methodology. A reference manual would be produced which included security elements, guide-lines and practical recommendations on using the methodology and tools. An awareness programme on methodology was to be developed, including computer-assisted training, conferences and training seminars.

The partners intended to create an automated database of threats to be used for each profile (application) and to modify an existing method for risk analysis. In setting up the methodology the partners intended to use SADT methodology and to develop the related semi-automated tools to ensure coherence. The methodology and tools were to be validated on other RACE and Telematics projects.

Key Issues

Information security in a network has to aim to protect the assets and meet the requirements of different actors : users, third-party service providers, carriers, regulatory authorities, etc. While domains of liability and responsibility can be identified which underlie security specifications, in some cases interests can be contradictory. Suppliers of services and technology have to cope with all the constraints and yet meet these varied requirements.

Expected Impact

The results of the project contributed to sensitising the RACE Community to the complexity of supplying security in a multi-domain multi-service environment.

Campo scientifico (EuroSciVoc)

CORDIS classifica i progetti con EuroSciVoc, una tassonomia multilingue dei campi scientifici, attraverso un processo semi-automatico basato su tecniche NLP. Cfr.: Il Vocabolario Scientifico Europeo.

• scienze naturali informatica e scienze dell'informazione basi di dati

Programma(i)

Programmi di finanziamento pluriennali che definiscono le priorità dell’UE in materia di ricerca e innovazione.

• FP3-RACE 2 - Specific research and technological development programme (EEC) in the field of communication technologies, 1990-1994

Argomento(i)

Gli inviti a presentare proposte sono suddivisi per argomenti. Un argomento definisce un’area o un tema specifico per il quale i candidati possono presentare proposte. La descrizione di un argomento comprende il suo ambito specifico e l’impatto previsto del progetto finanziato.

• T.777 - Administrative security requirements
• T.888 - Secure protocols
• PL6 - Project line 6 - Information security

Invito a presentare proposte

Procedura per invitare i candidati a presentare proposte di progetti, con l’obiettivo di ricevere finanziamenti dall’UE.

Meccanismo di finanziamento

Meccanismo di finanziamento (o «Tipo di azione») all’interno di un programma con caratteristiche comuni. Specifica: l’ambito di ciò che viene finanziato; il tasso di rimborso; i criteri di valutazione specifici per qualificarsi per il finanziamento; l’uso di forme semplificate di costi come gli importi forfettari.

Dati non disponibili

Coordinatore

Partecipanti (3)