POSITIF

Tasks

• WP1 Project management
• WP2 Platform testing environment
• WP3 Policy and network infrastructure description languages
• WP4 Transformation of policies
• WP5 Installation of configurations for network devices
• WP6 Proactive safety monitor
• WP7 Advanced safety modules
• WP8 Framework definition, integration and testing
• WP9 Dissemination of knowledge.

WCSS participated in the development and implementation of a platform for proactive security monitoring solutions for network infrastructure. The solution enabled connection of various types of intruder detection mechanisms and monitoring of operating systems, through cooperation with appropriate scanning tools. WCSS managed the implementation of task 9.

The platform includes tools that enable the system administrator to efficiently manage the infrastructure and define and install appropriate security policies on network devices.

Platform description
An overview of the POSITIF platform is shown in the figure below:

The platform requires two descriptions on entry:

1. Description of the security policy: description of the network security requirements at multiple levels.
2. Description of all network elements: includes security capabilities for each node.

The format of both descriptions, policy and network, was established in the project.

A component of the platform is the security controller, a module that answers the question of whether a given network meets security requirements. In addition, the module provides a measure of the current security level that can be achieved using the security policy provided to it for the described network.

Once the network meets the desired security requirements, all its components must be configured. This task is not easy if the components come from multiple vendors or differ on the hardware/software level. The POSITIF platform includes a configuration generator, i.e. a tool that generates the configuration for the various network elements: firewalls, switches, routers, hubs.

The proactive security monitor constantly checks the network for behaviours that violate the implemented security policy. The monitor not only collects events collected by sensors, but also compares the monitored data with the policy. This mode of operation allows you to identify an attack with a previously unknown pattern. The monitor works in two ways: it uses standard threats and vulnerabilities of the system and the required policy. If an event is monitored, an alarm will be output with the appropriate priority. In addition, semi-automatic or automatic actions can be taken. If a security breach is detected, an updated security policy will be implemented either in the entire system or in parts of it. The monitor also checks whether the policy is correct by launching test attacks on part or all of the network and verifying the results of the attacks.

Partners: Politecnico di Torino (Italy), WCSS Politechnika Wrocławska (Poland), Stiftung Secure Information and Communication Technologies (Austria), Bull SA (France), Saint Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (Russian Federation), Ministero della Giustizia (Italy), Universidad de Murcia (Spain), PRESECURE Consulting GmbH (Germany), Vodafone Omnitel N.V. (Italy).