Presentation is loading. Please wait.

Presentation is loading. Please wait.

DESEREC, an ICT for Trust and Security project DESEREC: Dependability and Security by Enhanced Reconfigurability.

Similar presentations


Presentation on theme: "DESEREC, an ICT for Trust and Security project DESEREC: Dependability and Security by Enhanced Reconfigurability."— Presentation transcript:

1 DESEREC, an ICT for Trust and Security project DESEREC: Dependability and Security by Enhanced Reconfigurability

2 2 DESEREC, an ICT for Trust and Security project Overview The fast growth of highly interconnected Communications and Information Systems (CIS), and the use of them to carry out critical activities, has open an important issue regarding the resilience, reliability and security of these CISs. This strong interdependence increases the consequences of accidents, failures, attacks and implies high vulnerabilities. Current approaches to protect such infrastructures are scattered into separate scientific fields, such us detection, modelling, simulation, redundancy & reconfiguration. Interesting research projects are Polyander, SecPol and POSITIF Information representation standards and working groups: WBEM, PCIM, SAML, XACML, IPSP Simulations standards and working groups: EUROSIS, SCS, NS-2, OPNET, etc. Intrusion and incident detection: CIDF, CISL, IDMEF DESEREC proposes a joint step forward to improve the CISs supporting those critical services. Following this approach, DESEREC proposes to respond efficiently to: Attacks from the outside Intrinsic failures Misbehaviour or malicious internal use

3 3 DESEREC, an ICT for Trust and Security project Objective To define a framework to increase the dependability of existing and new networked Information Systems by means of an architecture based on the following modules: Modelling & simulation:  DESEREC devises and develops innovative approaches and tools to design, model, simulate, and plan critical infrastructures to improve their resilience Fast reconfiguration with priority to critical activities  DESEREC provides a framework to respond in a quick and appropriate way to a large range of incidents to mitigate the threats to the dependability and thwarts the problem Incident detection and quick containment  DESEREC integrates various detection mechanisms to ensure fast detection of severe incidents and avoid any impact propagation

4 4 DESEREC, an ICT for Trust and Security project Today scenario malicious internal use Attack from the outside Specific detection, reaction, monitoring and reconfiguration processes by device, service or application ….. Attacks Detection & Reaction Attacks Detection & Reaction Attacks Monitoring/ Reconfiguration Attacks Monitoring/ Reconfiguration Internal use Detection & Reaction Internal use Detection & Reaction Internal use Monitoring/ Reconfiguration Internal use Monitoring/ Reconfiguration Intrinsic failures Failures Detection & Reaction Failures Detection & Reaction Failures Monitoring/ Reconfiguration Failures Monitoring/ Reconfiguration

5 5 DESEREC, an ICT for Trust and Security project Modelling Simulation Planning and Validation Decision Module Deployment & Reconfiguration Event Monitoring Serious Incident Detection Translator Fast Cicatrisation DESEREC objective malicious internal use Attack from the outside Common framework to model, reconfigure and detect attacks, malicious internal use or internal failures. Intrinsic failures

6 6 DESEREC, an ICT for Trust and Security project Objectives First objective - prevent keep every incident local Second objective - react sustain or quickly resume the critical applications Third objective – plan reallocate optimally the resources to recover the full range of services

7 7 DESEREC, an ICT for Trust and Security project Objectives DESEREC includes three response loops working on 3 different answering times: A few seconds to locally respond to a severe and well-characterized incident and to launch emergency curative procedure to avoid escalation process or dramatic damage. Some minutes to detect very complex problem and to readjust the system Some hours to build a new configuration optimized to resist to a new situation and validated through modelling and simulation

8 8 DESEREC, an ICT for Trust and Security project A multi-level response infrastructure Incident Incident still present Incident cleared, OK No critical impact, OK A critical service has stopped Emergency configuration applied Counter- measures 1s Scope shaping 10s Select an existing configuration or build an emergency one 2 min hours delay Detection Containment Reconfiguration Modelling Configuration is optimal, OK Reconfiguration Run simulation Optimal configuration applied

9 9 DESEREC, an ICT for Trust and Security project Project architecture WP1 - General architecture, requirements WP8 - Integration, validation and demonstrations WP2 – Operational Planning Modelling, Simulation WP2 – Operational Planning Modelling, Simulation WP3 – Deployment, Hot Reconfiguration WP3 – Deployment, Hot Reconfiguration WP4 – Intrusion and Incident Detection, Response WP4 – Intrusion and Incident Detection, Response WP 0,5,6 Management, Training, Dissemination WP 0,5,6 Management, Training, Dissemination

10 10 DESEREC, an ICT for Trust and Security project WP1: Horizontal processes Ensure that the DESEREC approach addresses the requirements and needs of a representative user community Collection of user cases from different organisations:  Users requirements concerning dependability, resilience and security  Description of the user’s requirements in an analytical way  Collection of the basic information for the definition of the system architecture. Modelling Simulation Planning and Validation Decision Module Deployment & Reconfiguration Event Monitoring Serious Incident Detection Translator Fast Cicatrisation Entities information and requirements

11 11 DESEREC, an ICT for Trust and Security project WP2: Operational Planning Deals with models of information systems, their intended behaviour (policies), and risks (foreseen faults and attacks also unforeseen failures) Checks the expected behaviour of the system when configured in a specific way and it is subject to specific inputs and faults To create the needed tools to manage information and scenarios needed to configure the target system and react to faults and attacks Modelling Simulation Planning and Validation Decision Module Deployment & Reconfiguration Event Monitoring Serious Incident Detection Translator Fast Cicatrisation Modelling Simulation Planning and Validation Decision Module Deployment & Reconfiguration Event Monitoring Serious Incident Detection Translator Fast Cicatrisation

12 12 DESEREC, an ICT for Trust and Security project WP3: Deployment and hot reaction Provide mechanisms to ensure the setup and deployment of an operational planning and its hot adaptation following the detection of abnormal events (incident, failure, misbehaviour) on the system Define and design an efficient toolbox for the day-to-day management of complex system Modelling Simulation Planning and Validation Decision Module Deployment & Reconfiguration Event Monitoring Serious Incident Detection Translator Fast Cicatrisation

13 13 DESEREC, an ICT for Trust and Security project WP4: Fast cicatrisation Provide the basic conceptual and technical tools for implementing incident detection and fast reaction. Questions to be resolved:  How do we know an incident affecting a system’s dependability is underway?  How do we detect it?  Once an incident has been detected, what can we do to avoid or minimize it? Modelling Simulation Planning and Validation Decision Module Deployment & Reconfiguration Event Monitoring Serious Incident Detection Translator Fast Cicatrisation

14 14 DESEREC, an ICT for Trust and Security project WP5: Dissemination and exploitation Coordination of the collection of research and technical results coming out from the other work packages, and reaching the maximum number of potential end-users in the European ICT community in order to promote their widespread adoption Organization of two DESEREC dissemination workshops and the submission of technical papers to international conferences and scientific journals Preparation of training material for the user community.

15 15 DESEREC, an ICT for Trust and Security project WP6: Training Professional Training to staff involved in the project development, implementing the demonstrations, and potential users of the tools and methodologies from outside the consortium Training workshops foreseen during the project duration:  Workshop on “The Concepts and Requirements for Increasing Dependability and Security of Information Systems”  Workshop on “The Mechanisms used for Increasing Dependability through Enhanced Reconfiguration”  Workshop on “The Results and Applications of DESEREC”  Workshop on “Architecture, Modelling and Tools for Increasing Dependability and Security of Information Systems”

16 16 DESEREC, an ICT for Trust and Security project WP8: Integration, Validation and Demonstration Design of a test and validation model for the general architecture reflecting the combinations of solutions proposed in DESEREC The coordination of the integration of contributions from other work packages in this model Validation of the solutions with verification tools and expert tests Design, development and calibration of test and validation systems Demonstration of the DESEREC results to the users community. Modelling Simulation Planning and Validation Decision Module Deployment & Reconfiguration Event Monitoring Serious Incident Detection Translator Fast Cicatrisation

17 17 DESEREC, an ICT for Trust and Security project Test-bed scenarios Based on the establishment of three typical cases of critical infrastructure provided through 2 partners: OTE, a telecommunication operator in Greece RENFE-Operadora, the national railway operator in Spain

18 18 DESEREC, an ICT for Trust and Security project Partners University of Murcia IEIIT/CNR Canadian Resedarch Center


Download ppt "DESEREC, an ICT for Trust and Security project DESEREC: Dependability and Security by Enhanced Reconfigurability."

Similar presentations


Ads by Google