2. State of the art and requirements analysis

Objectives

• Perform a state of the art analysis of methods for network security and resiliency
• Conduct a vulnerabilities analysis of both single domain and multiple domain networks
• Perform requirement analysis for an integrated network security framework

Description

In the framework of WP2 state of the art will be prepared related to infrastructures for interoperating heterogeneous networks. Aspects such as: resilient and secure end-to-end data transmission, protection of the networks elements and complexity of cooperation between heterogeneous networks will be faced. This work package will also address issues related to vulnerabilities that can be identified at the border of two different domains. Additionally WP2 will provide complete (i.e. from different points of view) analysis of requirements for infrastructure aiming to ensure interoperability and security of heterogeneous networks.

Results of WP2 will be used by WP3 (specification) and WP4 (design and development).

Task 2.1: State of the art analysis

This activity aims at analysing existing techniques, algorithms, and methods to ensure security and resiliency of IP-based network infrastructures. We will identify current security solutions (state of the art) in order to be able to propose and develop an innovative framework for security and resiliency of heterogeneous networks. Different types of network architectures (ad-hoc, mesh, ring, bus etc.) and technologies (WLAN, satellite, WiMAX, UMTS etc.) can be used in heterogeneous networks. Each network architecture, technology or combination of both has its own features (e.g. bandwidth, range, signal transmission, delays). Those features will be analysed in relation to the application of specific methods and policies to secure interoperating heterogeneous networks. Such analysis will also include a study of threat models as well as the prioritization of those which will eventually be used by project partners to design and develop appropriate defence strategies. Based on the outcomes of the state of the art analysis recommendations for network architectures and technologies suitable to secure heterogeneous networks and infrastructures will be provided.

Task 2.2: Vulnerabilities analysis

This activity will identify and classify vulnerabilities of networks as well as of “network of networks”. In particular, emphasis will be devoted to the so-called interconnections vulnerabilities due to existing interconnection among telecom providers. This activity will define also an ontology-based approach that can be used to better understand relationships between different kinds of vulnerabilities. Ontologies provide formal specification of concepts and their interrelationships, and prove to be extremely useful to describe and analyse complex elements, such as vulnerabilities and exposures deriving from the interconnection of different networks, systems and tools. The heterogeneity of communication networks and systems represents a significant aspect which prompts the adoption of an ontology-based approach to the description of security vulnerabilities and their interdependencies. Therefore, ontologies will be used to both depict relationships between different vulnerabilities and describe exposures associated with interconnected heterogeneous infrastructures.

The aim of this task is to realise a European vulnerability database similar to the National Vulnerability Database (NVD) provided by NIST (National Institute of Standards and Technology). NVD is a comprehensive cyber security vulnerability database that integrates all publicly available U.S. Government vulnerability resources and provides references to industry resources. It is based on and synchronized with the CVE (Common Vulnerabilities and Exposures) vulnerability naming standard.

Task 2.3: Requirement analysis for secure transmission of data across heterogeneous networks and infrastructures

In Task 2.3 data, information and processes will be gathered from results of Task 2.1 and Task 2.2, as well as from questionnaires and talks with members of INTERSECTION Group of Experts and the other partners. Based on this data a formal list of user requirements and actors (people or machines) connected to the system will be developed by adopting for e.g. Volere or RUP (Rational Unified Process) methodology which includes e.g. project constrains, design constrains, functional requirements, non-functional requirements, project issues. A revised version of the list of user requirements will be produced in case the stated requirements prove to be unclear, incomplete, ambiguous, or contradictory. Based on the refined list of user requirements functional blocks of the framework for security and resiliency of heterogeneous networks infrastructures will be identified and described. Furthermore, this task will include the definition of an effective threat model which will drive INTERSECTION researchers to design and develop the security framework by anticipating specific attacks and implementing countermeasures in advance.