1 / 28

Network and Information Security An Introduction

Session 4 (A) Secure, Dependable and Trusted Infrastructures: State-of-the-art and IST Call 1 Objectives Skopje, FYROM, 15 December 2006. Network and Information Security An Introduction. Network and Information Security

harley
Télécharger la présentation

Network and Information Security An Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Session 4 (A)Secure, Dependable and Trusted Infrastructures: State-of-the-art and IST Call 1 ObjectivesSkopje, FYROM, 15 December 2006

  2. Network and Information Security An Introduction • Network and Information Security • “The ability of a network or an information system to resist, at a given level of confidence, accidental events or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored and transmitted data and the related services offered by or accessible via these networks and systems” SAFETY = SECURITY + PRIVACY Source: communication form the Commission “Network and Information Society: Proposal for a European Policy Approach”, COM (2001) 298 final

  3. Network and Information Security Operative Context • System landscape has changed and keeps changing dramatically “The Walled Fortress” “The Open Metropolis” • Closed doors, physical isolation • Less organised attacks • Security as protection • Defending data and systems • Open, unbounded, interconnected • User-targeted focussed attacks • Financial gain • Trust as an enabler Source: Jacques Bus, “Security Research in the EU FP for RTD”, available at http://wwwes.cs.utwente.nl/safe-nl/meetings/24-6-2005/jacques.pdf

  4. The “New Metropolis” LandscapeKey Features • Industry: demand for secure SW is much higher than available security expertise • Auditors and lawyers: who is accountable and liable for what? • Users: security segmentation and market definition are increasingly blurring; “service infrastructure” covers network infrastructure, perimeter, desktop, server and applicationsecurity • Society: trust becomes a key enabler for service provision and use And last but not least • RTD: new complex scenarios introduce security issues not addressed by conventional engineering processes

  5. The “New Metropolis” LandscapeSecurityTechnology Overview • Basic security building blocks are available and ready to use • Today’s applications can in general be run securely but • Managing the complexity is the challenge • Security is subject to restrictions (reduced flexibility and openness) • Vulnerable layers: L2 (networks), L7 (internet) • (Increasingly) security as service • Part of an overall SOA architecture • Focus on the user security needs

  6. The “New Metropolis” LandscapeCommon Types of New Threats 2nd Q 2006 Source: J. Franco, Panda Software, “Internet Threats: Perception vs. Reality”

  7. Economic Significance ofTypical Security Threats Source: communication form the Commission “Network and Information Society: Proposal for a European Policy Approach”, COM (2001) 298 final

  8. Attempts at SolutionsKey Action Lines • Information sharing and policy framework • Adoption of consistent laws to enable enforcement world-wide • Intelligence: proper threat assessment • User-focussed: technology and education to address the weak link • Education: promote user awareness • RTD: develop broad range of technology solutions

  9. Attempts at SolutionsFocus of Current Security Projects and Initiatives1/2 • Holistic system security • Interdependency and complexity theory • System reliability and availability theory • Cascading theory • Scenario analysis, simulation and modelling, etc • Risk management & vulnerability analysis • Prevention and detection • Information sharing systems • Early warning systems • Intrusion / malware detection and response • Incident response & recovery Source: CI2RCO D6, “Report on the Analysis and Evaluation of CIIP R&D programmes. Available at http://www.ci2rco.org/.

  10. Attempts at SolutionsFocus of Current Security Projects and Initiatives2/2 • Survivability of systems • HW and firmware security • Secure and resilient operating systems • Service continuity & availability • Policies and legal environment • Fundamental RTD • Security architecture and frameworks • Fundamental protocols • Fault tolerance • Standardisation • Achieving trust and resilience • Assurance of compound secure components Source: CI2RCO D6, “Report on the Analysis and Evaluation of CIIP R&D programmes. Available at http://www.ci2rco.org/.

  11. EU FP ICT Security Research Key Objectives • Roadmapping of security issues (FP5), leading to FP6 research on • Dependable, resilient ICT infrastructures • Security and dependability challenges arising from complexity, ubiquity and autonomy • Resilience, self-healing, mobility, dynamic content and volatile environments • Management and control of large-scale dependable systems • Understanding and management of interdependencies • Proper assessment and evaluation

  12. EU FP6 Security Research Current R&D Project Portfolio • A total portfolio of 37 projects • 11 Integrated Projects • Biosec, eJustice, Inspired, Prime, Secocq, Seinit, Open TC, Deserec, Serenity, IRRIIS, 3dface • 4 Networks of Excellence • Ecrypt, Fidis, Biosecure, Resist • 18 Specific Targeted Research Projects • Digital Passport, Medsi, Positif, Scard, Secure Justice, Secure Phone, Discreet, Crutial, Hidenets, Humabio, Mds, Mit, Pepers, ubisec&sense, Antiphish, Fastmatch, Connect, s3ms • 4 Coordination Actions • SecurIST, CI2RCO, ESFORS, GRID €146 m, ~500 participants, ~€35 m per year funding

  13. RESILIENT ICT INFRASTRUCTURES SEINIT, DESEREC, SERENITY, UBISEC&SENSE, HIDENETS, SECURIST, IRRIIS, RESIST, CRUTIAL, NEDSI, CI2RCO, GRID IDENTITY, PRIVACY, RIGHTS, ASSETS OPEN-TC, FIDIS, PRIME, eCRYPT, SECOCQ, eJUSTICE, INSPIRED, CONNECT, DISCREET, POSITIF, SCARD, SECURE-JUSTICE BIOMETRICS TO BENEFIT EU CITIZENS 3DFACE, BIOSEC, BIOSECURE, MIT, HUMABIO, DIGITAL PASSPORT, SECUREPHONE TRUST IN THE INTERNET ANTIPHISH, FASTMATCH, MDS, PEPERS, S3MS, ESFORS EU FP6 Security Research R&D Project Portfolio Structure

  14. Resilient ICT InfrastructuresFP6 Project Case Study: CRUTIAL • CRUTIAL: CRitical UTility InfrastructurAL Resilience • Objectives: • Identify and describe control system scenarios • Model interdependent infrastructures taking into account the multiple dimensions of interdependencies, and attempting at casting them into new architectural patterns, resilient to both accidental failures and malicious attacks • Project Type: Specific Targeted Research Project (STREP) • URL: http://crutial.cesiricerca.it/default.asp

  15. Biometrics to Benefit EU Citizens FP6 Project Case Study: HUMABIO • HUMABIO: HUman Monitoring and Authentication using Biodynamic Indicators and BehaviOural Analysis • Objectives: • Develop a modular, robust, multimodal biometric security authentication and monitoring system utilizing biodynamic physiological profile data • Create the necessary enhanced security framework for the integration of the biometric authentication system to controlled and monitored ambient intelligence environments • Project Type: Specific Targeted Research Project (STREP) • URL: http://www.humabio-eu.org/objectives.html

  16. Identity, Privacy, Rights, Assets FP6 Project Case Study: SECOCQ • SECOCQ: SEcure COmmunication based on Quantum Cryptography • Objectives: • Specify, design, and validate the feasibility of an open, Quantum Key Distribution infrastructure dedicated to secure communication • Fully develop the basic enabling technology • Project Type: Integrated Project (IP) • URL: http://www.secoqc.net/

  17. Biometrics to Benefit EU Citizens FP6 Project Case Study: ANTIPHISH • ANTIPHISH: ANTIcipatory Learning for Reliable PHISing Prevention • Objectives: • Develop trainable and adaptive filters that are able to detect variations of previous phishing messages, and also capable of anticipating new forms of phishing attacks • Implement this technology at real world settings (filtering of e-mail traffic online, content filtering at the edge of wireless networks) • Project Type: Specific Targeted Research Project (STREP) • URL: http://www.antiphishresearch.org/

  18. What Lies Ahead?The Vision • Ubiquitous systems • Heterogeneity, Interoperability, Scalability, Evolvability, Complexity • New security, dependability and privacy challenges • Applications utilising shared and co-owned services out of different domains of control that require to obey separate security policies and ask for diverse security and dependability qualities

  19. What Lies Ahead?Core Concepts • From dependability • A system property denoting the trustworthiness of a system that allows reliance to be justifiably placed on the service it delivers • Resilience • Embraces dependability and survivability as it captures the property and capacity of a system to autonomously tackle, adapt, respond, recover, self-heal, reconfigure, etc, and be flexible enough to accommodate & tolerate faults / upsets / disruptions and attacks • Plasticity • Embraces the properties and capabilities that would make digital environments and systems to be able to dynamically adapt and evolve securing the seamless control and use of data, information, knowledge, etc

  20. What Lies Ahead?Driving Technologies • Miniaturisation and new emerging technologies • From micro- to nano-scale electronics • RFIDs, PANs, WSNs,…. • Growing intercommunication and convergence • Computing, communications and media technologies • Underpinned by trust and security • ICT drawing on other sciences and technologies • Organic systems • Advanced cognitive and robotics systems • Systems able to learn and evolve

  21. Seventh Framework Programme 2007-2013 (FP7) COOPERATION Programme IDEAS Programme PEOPLE Programme CAPACITIES Programme From the Vision of the Future to FP7 ResearchThe FP7 Security Research Agenda ICT Work Programme 2007-2008 (Draft) 1st Call – 24 April 2007 2nd Call Challenge 1 “Pervasive and Trusted Network and Service Infrastructures” Objective 1.4 “Secure, Dependable and Trusted Infrastructures” Objective 1.6New Paradigms and Experimental FacilitiesObjective 1.7Critical Infrastructure Protection

  22. FP7 Security ResearchKey Objectives in Call 1 • Security and resilience in network infrastructures • Scalable, secure and resilient architectures and technologies • Real-time detection and recovery against intrusions, malfunctions, and failures • Security and trust in dynamic and reconfigurable service architectures • Supporting the secure composition of service coalitions • Managed operation across several administrative or business domains • Flexible business models

  23. FP7 Security ResearchKey Objectives in Call 1 • Trusted computing infrastructures • Interoperability, end-to-end security of data and services • ID management and privacy enhancing tools • Configurable, context-dependent, user controlled, trust policies for ID management • Underpinning technologies • Security and dependability in the engineering of infrastructure, SW and service systems • Trust policies • For assessing and managing the risks associated with ID and private data

  24. FP7 Security ResearchKey Objectives in Call 1 • And also, Co-ordination and Support Actions (CSAs) • Longer-term visions, metrics, benchmarks, research roadmaps • Support of standardisation • IN-CO • Co-ordination of research projects

  25. FP7 Security ResearchCall 1 Details and Funding Schemes

  26. For Further Information1/2 • ICT for Trust and Security • http://cordis.europa.eu/ist/trust-security/index.html • ftp://ftp.cordis.europa.eu/pub/ist/docs/trust-security/networkhreats-24102006-presentations_en.zip • IST 2006 – “Secure, Dependable and Trusted Infrastructures” Session • http://ec.europa.eu/information_society/istevent/2006/cf/conference-detail.cfm?id=1038 • EPCIP – European Programme for Critical Infrastructure Protection • http://ec.europa.eu/justice_home/funding/epcip/funding_epcip_en.htm

  27. For Further Information2/2 • ENISA – European Network and Information Security Agency • http://www.enisa.eu.int • http://www.enisa.eu.int/pages/09_03.htm • ETRICS 2006 – International Conference on Emerging Trends in Information and Communication Security • http://www.etrics.org/ • Responding to the Threat – presentation by G. Pinkney, Symantec Managed Security Services • http://www.bcs-southwest.org.uk/presentations/GrahemPinkney.pdf • The Threat Landscape and Security Trends – presentation by Jeremy Ward, Symantec • http://www.bcs-southwest.org.uk/presentations/ThreatLandscape.pdf

  28. THANK YOU!!! • Raphael Koumeri • planet@skypro.be • Angeliki Skamvetsaki • askam@planet.gr

More Related