Skip to main content

Policy-based security tools and framework

Objective

POSITIF will develop a framework and tools for policy-based protection of networked systems and applications. A multi-level policy language will be used to describe the desired security policy (high-level requirements and/or detailed controls) while a system language will be used to describe the target system (interconnection topology, functional and security capabilities). A checker will evaluate if the desired policy can be implemented on the target system and will measure the achieved security level.

Configurations for the security elements will then be automatically generated and deployed through the network. A monitor will use the security policy for proactive intrusion detection (an intrusion is anything that doesn't comply with the policy) in addition to standard reactive intrusion detection (check against attack patterns). The framework will be usable by any producer of a specific security block or tool because open standard-based languages, interfaces and protocols will be used for policy and system description, configuration instructions and deployment, threat monitoring (e.g. XML, SNMP, IPSP, SAML, IDXP, IDMEF). The framework will be complemented by a suite of security tools (both industrial-grade and open-source) that match the specification and will thus be directly usable within the framework.

They will include high-speed (up to 10 Gbps) firewall, VPN and IDS that target the current challenges (wired/wireless protocols, IPv4/IPv6 networks, encrypted protocols, protocols on non-standard ports, XML-based application protocols, multimedia content, ...) and a lightweight security module (for workstations and mobile devices) to protect them against network attacks, make them part of the security system and permit secure download of new configurations. To get user requirements and for development test, the project includes three test beds: a metropolitan research environment, a geographic government network and a wired/wireless phone and ISP operator.

Funding Scheme

STREP - Specific Targeted Research Project

Coordinator

POLITECNICO DI TORINO
Address
Corso Duca Degli Abruzzi 24
10129 Torino
Italy

Participants (8)

BULL SAS
France
Address
68 Rue Jean Jaures
78340 Les Clayes Sous Bois
MINISTERO DELLA GIUSTIZIA
Italy
Address
Via Arenula 70
00186 Roma
POLITECHNIKA WROCLAWSKA
Poland
Address
Wybrzeze Wyspianskiego 27
50370 Wroclaw
PRESECURE CONSULTING GMBH
Germany
Address
Beelertstiege 2
Muenster
ST. PETERSBURG INSTITUTE FOR INFORMATICS AND AUTOMATION OF THE RUSSIAN ACADEMY OF SCIENCE
Russia
Address
14Th Line, 39
199178 St. Petersburg
STIFTUNG SECURE INFORMATION AND COMMUNICATIONS TECHNOLOGIES - SIC
Austria
Address
Inffeldgasse 16A
8010 Graz
UNIVERSIDAD DE MURCIA
Spain
Address
Avenida Teniente Flomesta S/n - Edificio Convalecencia
30003 Murcia
VODAFONE OMNITEL N.V.
Italy
Address
Via Jervis 13
10015 Ivrea