French Version
Project identification
|
Project acronym |
Polux |
|
Thème de l'appel à projets principal
auquel le projet se rattache |
sécurité des systèmes d'information |
|
Thème(s) de l'appel à projets
secondaire(s) auxquels le projet se rattache |
sureté des systèmes informatisés,
justification de la confiance |
|
Type de projet |
projet de recherche sur un domaine commun |
Information systems security has undergone profound mutations in recent years, with the apparition of direct financial gain associated with the capability to defeat the security defenses of said information systems. Spam, phishing and farming attacks target users for direct financial gain, large scale identity theft or in-depth profiling, large-scale denial of service attacks support the previous attacks with the capability to send mail or host transient web servers as well as blackmail and resource theft, and the number of network, system or application vulnerabilities published keeps increasing. Meanwhile, new security tools have appeared to respond to these threats, including high-speed stateful filtering in firewalls, inline intrusion prevention devices, security proxies for application-level filtering, and anomaly detection sensors for network operators to detect denial of service attacks.
Unfortunately, the development of these different tools is totally uncoordinated, and come from a large number of vendors. Even worse, many of these new tools are developed by newcomers to the security field, and they use different configuration logics and languages that bear little resemblance to one another or to the previously proposed formalisms. As a result, ensuring interoperability between these tools is a difficult endeavour. Researchers are facing the same issues, different communities looking at either access control, security protocols or intrusion detection, but with little coordination or fusion between these domains. A few standard formats have been defined over the years, but hey only cover small areas, and they have been very long in the making.
We therefore wish to study this interoperability problem and develop a framework allowing a unified expression of security policies for the entire range of security tools, related to prevention of security issues, detection of threats, and countermeasures. The expression of these security policies will obey precise constraints permitting the verification of the soundness of these policies and the validation of their application to a particular information system, interoperability and negotiation of security policies, and including the management of the security policy as a meta-policy. This formalism and framework will apply to the complete range of security tools covering the three key properties of security, integrity, confidentiality and availability.
The major
scientific impact of the project is the definition of a global formal method
for defining a security policy and applying this policy to the set of security
technologies developed in other ways by the project partners or by outside
entities. The organization of the project is optimized for the successful
satisfaction of this scientific objective. The definition of this formal method
will be decomposed in three parts. First, the project will define a formal
model supporting the definition of a security policy and enabling the
capability to verify appropriate security properties such as integrity,
availability and confidentiality. The project will then define an architecture
including flows between components and message formats to describe the
different components of the model.
It will then develop tools for segmenting and deploying the security
policy on the components.
The
validation of the scientific results of the project will follow
well-established best practices, and in particular rely heavily on
peer-reviewed conference or journal publications, as well as successful
defenses of PhD theses partially or completely financed through the project.
The
technical results of the project will be derived from the scientific results,
aiming at disseminating the results of the project outside of the scientific
community, and including additional vehicles for communication. We are in
particular interested by contributions to various standards groups.
Information
systems security is widely recognized as a difficult issue by organizations of
all types, be it commercial, governmental or educational entities. Conception
and development of secure systems architecture require highly specialized
skills that are in short supply and expensive, since these tasks must be undertaken
by experts in the area, dedicated to the administration of security systems.
This is an important obstacle to the diffusion of secure information systems in
small and medium enterprises (SME). By simplifying the tasks of security policy
expression and deployment over multiple components, the results of the project
will impact all organizations that are reluctant to invest in the deployment of
a security architecture.
Thus, one
of the objectives will be to disseminate the technical results of Polux outside
of the scientific community, and including additional vehicles for
communication. More specifically, the project will develop a software prototype
supporting a methodology to formally express and deploy security policies,
demonstrating the capabilities of the components of the proposed methodology.
This prototype will demonstrate the practicality of the projectÕs results, as
well as the implementation of formats and dictionaries supporting the
definition and validation of practical security policies. This prototype will
serve as a reference implementation for standards work and interoperability
testing.
With
respect to standardization activities, the project will devote its effort
towards formal models, security architecture definition and deployment
techniques.
The natural
candidate for standardization of formal security models is the OASIS
organization, which is already defining models for some particular aspects of
security properties, such as access control. We specifically target the SAML
standard, XACML and the definition of new security profiles for XACML.
With
respect to the architecture, one of our related work is the AAA [Laat et al. 2000] work lead at the Internet Research
Task Force (IRTF). Besides the original documents produced by this group, there
has not been a major release of this architecture for several years. We
envision that our work could provide one such new version dedicated to
security, and could provide the foundation for a new security policy working group
currently being privately discussed in Europe.
With
respect to deployment, natural input from the IETF is the Policy Core
Information Model (PCIM) [Moore et al. 2001, Moore 2003], but also the Common Open Policy
Service (COPS) protocol [Durham et al. 2000], the Intrusion Detection Message
Exchange Format (IDMEF), and the Incident Object Description and Exchange
Format (IODEF). The natural output from the project is new extensions to these
messages and protocols, supporting advanced security policy needs.
In
addition, the technical results will also be evaluated on patents that can
support the standardization efforts.