Finished Project

BUGYO

BUGYO received the Celtic Excellence Award on February 2008

Building security assurance in open infrastructures

Project Coordinator Project Consortium
Bertrand Marquet
Alcatel
France
e-mail: bertrand.marquet (at) alcatel.fr
Alcatel CIT, FR Karlstad University, SE
EADS-DCS, FR OnePutt Solutions, SE
ENST, FR TeliaSonera, SE
Oppida, FR Acotec, ES
TELINDUS, LU Telefonica, ES
Public Research Center HENRI Tudor, LU

This is a “Celtic” project;

Project Key Information

Start date

End date Budget (total) Effort (total) Project-ID
June 2005 June 2007 6.2 MEuro 47.1 PY CP2-002

Abstract
Open systems such as telecommunications infrastructures are massively distributed. They are composed of highly connected sets of managed products. There is no general way to measure the confidence operators and end customers can have in the security of the infrastructure, in end-to-end security services and in the security of end-to-end services above those architectures.This project aims to define a security framework to measure, document and maintain the security assurance level of services based on telecommunication system.

The security framework will provide guidelines and methods, as well as software applications, to assess the overall confidence that can be obtained. The framework will be based on a specific middleware, developed using technologies such as mobile agents, to collect information within infrastructures in a non-disturbing and non-intrusive way. Information will be collected by applications such as vulnerability automatic research engine, protocol security analyzer, and will include configuration management information (linked to databases of certified configuration) to automate security testing.

The project will deliver a system security cockpit, built using the security framework, to help equipment manufacturers, networks architects, and operators reach and maintain a certain level of security assurance. The cockpit could show certified components/configurations within the architecture, identify assurance domains and be an assistant to remotely and automatically launch specific tests on equipment to augment/verify the security quality assurance level (automated, remote non-intrusive audits), etc. Applications of this security cockpit will address interaction and integration into Network Management Systems (NMS) and interfaces to Operation Support Systems (OSS).

Focus areas
Framework providing means for measuring security assurance of telecoms infrastructure and services

Expected outcome
  • System security assurance framework including
    – methodologies, best practices, tools and certification cockpit
  • System Security Cockpit as interface for operator and service provider
    – to obtain and maintain a security assurance level for a specified service

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.