The project Osiris will conceive and implement a secure working environment for distributed computing centers (DCC) allowing controlled access from remote personal computers. Such an environment will integrate several security services, namely authentication, authorization, communication with privacy and integrity over unsecure media, and auditing. Target DCCs are university's networks of computers and electronic office environments. Goals
The project comprises three main goals that are complementary to the implementation of an effective security in a DCC open to the external world:
- Secure administration of a DCC composed by UNIX machines, - Design of a security architecture for an electronic office environment, and - Control of remote ISDN connections to the above mentioned systems in order to allow interactions from and to the outside world.
All these goals contribute to eliminate or drastically reduce the probability of successful attacks to a DCC, either by inside or outside users, that could maliciously interfere with the work of the DCC legitimous users. Besides limiting the probability of attacks, the DCC overall security will be reinforced with auditing mechanisms and policies allowing supervision, registry and later analysis of actions considered critical to the management of the DCC.
The project will present practical solutions for implementing security in open distributed systems through the congregation of several independent technological solutions, either standard or resulting from recent research. The ensuing secure environment should be ergonomic and easy to integrate with the working environment of target users. The effectiveness of the secure environment will be demonstrated in two different target systems: a computer center of the Technical University of Lisbon (IST/UTL) and the Elenix office automation product, built and commercialized by SMD S.A., a Portuguese software company.
The university's computer center will be used to implement secure administration of a DCC supported by UNIX machines allowing remote interactions with the outside world. Security policies to be implemented should impose a tight control due to the high technical skills of the academic community.
Elenix, on the contrary, will be used to validate all project goals. Elenix will constitute the starting point for designing a security architecture suitable for office automation systems, exploring solutions that could enhance and make evolve the existing product for a community of users less aggressive than the academic one. Since Elenix uses a client-server architecture and servers run in a DCC of UNIX machines, overall security on Elenix also depends on a secure administration of the underlying DCC. We expect, thus, to learn from the experience gained from managing the university's computer center and use this knowledge to also manage in a secure way Elenix's DCC.
This project combines fundamental research with implementation and experimentation. Results are expected in the area of security mechanisms and policies for open distributed systems supported by UNIX machines.
Research will be organized in the following related tasks:
- Implementation of security policies in a DCC of UNIX machines in order to reenforce access control, privacy and integrity of sensitive information flowing in the underlying network (passwords, e-mail messages, etc.), as well as auditing of critical actions to the overall management of the DCC.
- Introduction of firewalls to control interactions between a DCC and remote machines. Such control will mainly deny useless or dangerous interactions and both filter and audit allowed interactions.
- Design and implementation of Elenix's security architecture in order to improve the security and functionality of the existing system regarding authentication, privacy and integrity of stored and circulating information, digital signature of documents and auditing of critical actions.
- An additional task focuses on integration of separate implementations and dissemination of resulting expertise.
Check out the Overview Slides in PDF.
Sponsoring bodies: FCT
Coordinator: Paulo Guedes
Partners: INESC-ID, SMD Informática S.A.