Transcript FP6 Proposal Analysis

Session 4 (A)
Secure, Dependable and Trusted
Infrastructures:
State-of-the-art and IST Call 1 Objectives
Skopje, FYROM, 15 December 2006
Network and Information Security
An Introduction
• Network and Information Security
– “The ability of a network or an information system to
resist, at a given level of confidence, accidental events or
malicious actions that compromise the availability,
authenticity, integrity and confidentiality of stored and
transmitted data and the related services offered by or
accessible via these networks and systems”
SAFETY = SECURITY + PRIVACY
Source: communication form the Commission “Network and Information Society: Proposal for a European Policy Approach”, COM (2001) 298 final
Network and Information Security
Operative Context
• System landscape has changed and keeps changing
dramatically
“The Walled Fortress”
•
•
•
•
Closed doors, physical isolation
Less organised attacks
Security as protection
Defending data and systems
“The Open Metropolis”
•
•
•
•
Open, unbounded, interconnected
User-targeted focussed attacks
Financial gain
Trust as an enabler
Source: Jacques Bus, “Security Research in the EU FP for RTD”, available at http://wwwes.cs.utwente.nl/safe-nl/meetings/24-6-2005/jacques.pdf
The “New Metropolis” Landscape
Key Features
• Industry: demand for secure SW is much higher than available
security expertise
• Auditors and lawyers: who is accountable and liable for what?
• Users: security segmentation and market definition are
increasingly blurring; “service infrastructure” covers network
infrastructure, perimeter, desktop, server and application
security
• Society: trust becomes a key enabler for service provision and
use
And last but not least
• RTD: new complex scenarios introduce security issues not
addressed by conventional engineering processes
The “New Metropolis” Landscape
Security Technology Overview
• Basic security building blocks are available and ready to use
• Today’s applications can in general be run securely but
– Managing the complexity is the challenge
– Security is subject to restrictions (reduced flexibility and
openness)
• Vulnerable layers: L2 (networks), L7 (internet)
• (Increasingly) security as service
– Part of an overall SOA architecture
• Focus on the user security needs
The “New Metropolis” Landscape
Common Types of New Threats
2nd Q 2006
Source: J. Franco, Panda Software, “Internet Threats: Perception vs. Reality”
Economic Significance of Typical
Security Threats
Source: communication form the Commission “Network and Information Society: Proposal for a European Policy Approach”, COM (2001) 298 final
Attempts at Solutions
Key Action Lines
• Information sharing and policy framework
– Adoption of consistent laws to enable enforcement worldwide
• Intelligence: proper threat assessment
• User-focussed: technology and education to address the
weak link
– Education: promote user awareness
• RTD: develop broad range of technology solutions
Attempts at Solutions
Focus of Current Security Projects and
Initiatives1/2
• Holistic system security
– Interdependency and complexity theory
– System reliability and availability theory
– Cascading theory
– Scenario analysis, simulation and modelling, etc
• Risk management & vulnerability analysis
• Prevention and detection
– Information sharing systems
– Early warning systems
– Intrusion / malware detection and response
• Incident response & recovery
Source: CI2RCO D6, “Report on the Analysis and Evaluation of CIIP R&D programmes. Available at http://www.ci2rco.org/.
Attempts at Solutions
Focus of Current Security Projects and
Initiatives2/2
• Survivability of systems
– HW and firmware security
– Secure and resilient operating systems
– Service continuity & availability
• Policies and legal environment
• Fundamental RTD
– Security architecture and frameworks
– Fundamental protocols
– Fault tolerance
– Standardisation
– Achieving trust and resilience
– Assurance of compound secure components
Source: CI2RCO D6, “Report on the Analysis and Evaluation of CIIP R&D programmes. Available at http://www.ci2rco.org/.
EU FP ICT Security Research
Key Objectives
• Roadmapping of security issues (FP5), leading to FP6
research on
– Dependable, resilient ICT infrastructures
• Security and dependability challenges arising from
complexity, ubiquity and autonomy
• Resilience, self-healing, mobility, dynamic content and
volatile environments
– Management
systems
and
control
of
large-scale
dependable
– Understanding and management of interdependencies
– Proper assessment and evaluation
EU FP6 Security Research
Current R&D Project Portfolio
• A total portfolio of 37 projects
– 11 Integrated Projects
• Biosec, eJustice, Inspired, Prime, Secocq, Seinit, Open TC, Deserec,
Serenity, IRRIIS, 3dface
– 4 Networks of Excellence
• Ecrypt, Fidis, Biosecure, Resist
– 18 Specific Targeted Research Projects
• Digital Passport, Medsi, Positif, Scard, Secure Justice, Secure
Phone, Discreet, Crutial, Hidenets, Humabio, Mds, Mit, Pepers,
ubisec&sense, Antiphish, Fastmatch, Connect, s3ms
– 4 Coordination Actions
• SecurIST, CI2RCO, ESFORS, GRID
€146 m, ~ 500 participants, ~ € 35 m per year funding
EU FP6 Security Research
R&D Project Portfolio Structure
RESILIENT ICT
INFRASTRUCTURES
SEINIT, DESEREC, SERENITY,
UBISEC&SENSE, HIDENETS,
SECURIST, IRRIIS, RESIST,
CRUTIAL, NEDSI, CI2RCO, GRID
BIOMETRICS TO BENEFIT
EU CITIZENS
3DFACE, BIOSEC, BIOSECURE,
MIT, HUMABIO, DIGITAL
PASSPORT, SECUREPHONE
IDENTITY, PRIVACY,
RIGHTS, ASSETS
OPEN-TC, FIDIS, PRIME,
eCRYPT, SECOCQ, eJUSTICE,
INSPIRED, CONNECT,
DISCREET, POSITIF, SCARD,
SECURE-JUSTICE
TRUST IN THE INTERNET
ANTIPHISH, FASTMATCH, MDS,
PEPERS, S3MS, ESFORS
Resilient ICT Infrastructures
FP6 Project Case Study: CRUTIAL
• CRUTIAL: CRitical UTility InfrastructurAL Resilience
• Objectives:
– Identify and describe control system scenarios
– Model interdependent infrastructures taking into account
the multiple dimensions of interdependencies, and
attempting at casting them into new architectural patterns,
resilient to both accidental failures and malicious attacks
• Project Type: Specific Targeted Research Project (STREP)
• URL: http://crutial.cesiricerca.it/default.asp
Biometrics to Benefit EU Citizens
FP6 Project Case Study: HUMABIO
• HUMABIO: HUman Monitoring and Authentication using
Biodynamic Indicators and BehaviOural Analysis
• Objectives:
– Develop a modular, robust, multimodal biometric security
authentication and monitoring system utilizing biodynamic
physiological profile data
– Create the necessary enhanced security framework for the
integration of the biometric authentication system to
controlled and monitored ambient intelligence environments
• Project Type: Specific Targeted Research Project (STREP)
• URL: http://www.humabio-eu.org/objectives.html
Identity, Privacy, Rights, Assets
FP6 Project Case Study: SECOCQ
• SECOCQ: SEcure
Cryptography
COmmunication
based
on
Quantum
• Objectives:
– Specify, design, and validate the feasibility of an open,
Quantum Key Distribution infrastructure dedicated to secure
communication
– Fully develop the basic enabling technology
• Project Type: Integrated Project (IP)
• URL: http://www.secoqc.net/
Biometrics to Benefit EU Citizens
FP6 Project Case Study: ANTIPHISH
• ANTIPHISH:
Prevention
• Objectives:
ANTIcipatory
Learning
for
Reliable
PHISing
– Develop trainable and adaptive filters that are able to detect
variations of previous phishing messages, and also capable
of anticipating new forms of phishing attacks
– Implement this technology at real world settings (filtering of
e-mail traffic online, content filtering at the edge of wireless
networks)
• Project Type: Specific Targeted Research Project (STREP)
• URL: http://www.antiphishresearch.org/
What Lies Ahead?
The Vision
• Ubiquitous systems
– Heterogeneity,
Interoperability,
Complexity
Scalability,
Evolvability,
• New security, dependability and privacy challenges
– Applications utilising shared and co-owned services out of
different domains of control that require to obey separate
security policies and ask for diverse security and dependability
qualities
What Lies Ahead?
Core Concepts
• From dependability
– A system property denoting the trustworthiness of a system that
allows reliance to be justifiably placed on the service it delivers
• Resilience
– Embraces dependability and survivability as it captures the property
and capacity of a system to autonomously tackle, adapt, respond,
recover, self-heal, reconfigure, etc, and be flexible enough to
accommodate & tolerate faults / upsets / disruptions and attacks
• Plasticity
– Embraces the properties and capabilities that would make digital
environments and systems to be able to dynamically adapt and
evolve securing the seamless control and use of data, information,
knowledge, etc
What Lies Ahead?
Driving Technologies
• Miniaturisation and new emerging technologies
– From micro- to nano-scale electronics
– RFIDs, PANs, WSNs,….
• Growing intercommunication and convergence
– Computing, communications and media technologies
– Underpinned by trust and security
• ICT drawing on other sciences and technologies
– Organic systems
• Advanced cognitive and robotics systems
– Systems able to learn and evolve
From the Vision of the Future to FP7 Research
The FP7 Security Research Agenda
Seventh Framework Programme 2007-2013 (FP7)
COOPERATION
Programme
IDEAS
Programme
PEOPLE
Programme
CAPACITIES
Programme
ICT Work
Programme 20072008 (Draft)
Challenge 1 “Pervasive
and Trusted Network and
Service Infrastructures”
1st Call –
24 April 2007
Objective 1.4 “Secure, Dependable and Trusted Infrastructures”
Objective 1.6 New Paradigms and Experimental Facilities
Objective 1.7 Critical Infrastructure Protection
2nd Call
FP7 Security Research
Key Objectives in Call 1
• Security and resilience in network infrastructures
– Scalable, secure
technologies
and
resilient
architectures
and
– Real-time detection and recovery against intrusions,
malfunctions, and failures
• Security and trust in dynamic and reconfigurable service
architectures
– Supporting the secure composition of service coalitions
– Managed operation across several administrative or
business domains
– Flexible business models
FP7 Security Research
Key Objectives in Call 1
• Trusted computing infrastructures
– Interoperability, end-to-end security of data and services
• ID management and privacy enhancing tools
– Configurable, context-dependent, user controlled, trust
policies for ID management
• Underpinning technologies
– Security and dependability in the
infrastructure, SW and service systems
engineering
of
• Trust policies
– For assessing and managing the risks associated with ID
and private data
FP7 Security Research
Key Objectives in Call 1
• And also, Co-ordination and Support Actions (CSAs)
– Longer-term
roadmaps
visions,
metrics,
– Support of standardisation
– IN-CO
– Co-ordination of research projects
benchmarks,
research
FP7 Security Research
Call 1 Details and Funding Schemes
For Further Information1/2
• ICT for Trust and Security
– http://cordis.europa.eu/ist/trust-security/index.html
– ftp://ftp.cordis.europa.eu/pub/ist/docs/trustsecurity/networkhreats-24102006-presentations_en.zip
• IST 2006 – “Secure, Dependable and Trusted Infrastructures”
Session
– http://ec.europa.eu/information_society/istevent/2006/cf/confe
rence-detail.cfm?id=1038
• EPCIP – European Programme for Critical Infrastructure
Protection
– http://ec.europa.eu/justice_home/funding/epcip/funding_epci
p_en.htm
For Further Information2/2
• ENISA – European Network and Information Security Agency
– http://www.enisa.eu.int
– http://www.enisa.eu.int/pages/09_03.htm
• ETRICS 2006 – International Conference on Emerging Trends in
Information and Communication Security
– http://www.etrics.org/
• Responding to the Threat – presentation by G. Pinkney, Symantec
Managed Security Services
– http://www.bcssouthwest.org.uk/presentations/GrahemPinkney.pdf
• The Threat Landscape and Security Trends – presentation by
Jeremy Ward, Symantec
– http://www.bcssouthwest.org.uk/presentations/ThreatLandscape.pdf
THANK YOU!!!
• Raphael Koumeri
– [email protected]
• Angeliki Skamvetsaki
– [email protected]