Anagrafe della ricerca

POSITIF will develop a framework and tools for policy-based protection of networked systems and applications. A multi-level policy language will be used to describe the desired security policy (high-level requirements and/or detailed controls) while a system language will be used to describe the target system (interconnection topology, functional and security capabilities). A checker will evaluate if the desired policy can be implemented on the target system and will measure the achieved security level. Configurations for the security elements will then be automatically generated and deployed through the network. A monitor will use the security policy for proactive intrusion detection (an intrusion is anything that doesn't comply with the policy) in addition to standard reactive intrusion detection (check against attack patterns). The framework will be usable by any producer of a specific security block or tool because open standard-based languages, interfaces and protocols will be used for policy and system description, configuration instructions and deployment, threat monitoring (e.g. XML, SNMP, IPSP, SAML, IDXP, IDMEF). The framework will be complemented by a suite of security tools (both industrial-grade and open-source) that match the specification and will thus be directly usable within the framework. They will include high-speed (up to 10 Gbps) firewall, VPN and IDS that target the current challenges (wired/wireless protocols, IPv4/IPv6 networks, encrypted protocols, protocols on non-standard ports, XML-based application protocols, multimedia content, ...) and a lightweight security module (for workstations and mobile devices) to protect them against network attacks, make them part of the security system and permit secure download of new configurations. To get user requirements and for development test, the project includes three test beds: a metropolitan research environment, a geographic government network and a wired/wireless phone and ISP operator.