Main Points and Common Goals
Today's IT infrastructures are composed of numerous software and hardware components whose coordination creates the actual core functionality. An important goal in the conception and further development of these heterogeneous structures is their verifiable and continuous security. Nowadays SMCs are also already using - if not dependent on - complex IT infrastructures. This complexity demands an exact consideration of security functionalities and the examination of conformance with the desired characteristics.
The VISA project's framework should implement a comprehensive starting point for the planning and testing of IT infrastructures. Through the combination of modeling and formal description of infrastructures as well as the evaluation of infrastructures in virtual realms using various, defined criteria, it will become possible for SMCs to estimate the costs and characteristics of the IT investment.
The VISA framework will realize a partially automated evaluation cycle where infrastructure models will first be created at an abstract level. In order to accomplish this, typical scenarios for SMC based IT infrastructures will be identified. From these scenarios typical infrastructure components will be recognized. An important step in the evaluation cycle is the models' transition into practical, executable systems that can be used for experiments. These systems are completely virtualized in VISA; via a “library” of virtualized components, the infrastructure is recreated. Experiments in this virtualized infrastructure are derived from the model and described with standardized input vectors.
Using various procedures, the models created will be analyzed. For this the security requirements for the models will first be identified and described exactly. Such requirements come from catalogues of protection and detailed threat analyses. In the next step, it is possible to analyze whether the security as well as functional requirements for the infrastructure can be fulfilled in a corresponding implementation.
VISA's project results should enable SMCs to use their IT infrastructures in an essentially more simple and flexible way that has so far only been possible for large businesses. Modeling and evaluation using virtual realms and formal analyses especially improve the areas of security management for IT infrastructures, compliance analyses for regulatory requirements (for example Basel II), and the evaluation of infrastructures' implementation as well as their components.
Through the modeling framework that will be developed in VISA, IT systems security will be able to be tested modularly as well as together more easily and efficiently. This would be an important step in the direction of end to end security, which is an essential concept in IT landscapes. In Germany SMCs are vulnerable to more and more industrial espionage from abroad, which VISA could help to hinder by compensating for current gaps in security.
A further advantage of comprehensive IT infrastructure planning via the VISA framework is the tailor-made, simplified use of security applications based on virtual security appliances (VSAs). Through the extensive emulation of IT infrastructures, parameters relevant for businesses as well as VSA integration points can already be identified transparently and tested in use in the virtual realm. VSAs tested in this way can then be implemented without changing the existing infrastructure.
One of the main hurdles for SMC's use of IT infrastructures in general – and for infrastructures relevant to security in specific – is the lack of their own know-how and availability of specialists. To ensure the successful realization of such infrastructures, a use and presentation made appropriate for the target groups by way of graphic user interfaces are essential. This will minimize misuse as well as create a proper presentation transparency, in turn leading to trust in the functionalities relevant for security. Thus, the realization of graphic interfaces for the VISA simulation tools, the VSAs and the management tools is main goal of this project.
Scientific and Technical Goals
When it comes to resources and know-how, SMCs, as a target group, must receive better and appropriate methods to package their IT security. So far the IT security market has addressed too few of these target groups, which has resulted in an unavailability of needs-specific and financially feasible solutions. To achieve a higher level of autonomy in the configuration as well as in the operation of SMCs' IT infrastructure, modular, tested solutions and systems are essential. A greater amount of flexibility can and has been achieved through the virtualization of computers and services. However, there are no solutions that create network and infrastructures for businesses virtually. Further, there are only virtual appliances that can offer certain applications or services, such as mail-security services, firewall services, etc. on time. A combination of various security functionalities and services is not offered.
From the perspective of flexibility as well as costs (investment in hard- and software), VSAs based on open source (including the applications and operating systems) are important. Moreover, their use in businesses would require no know-how, since state of the art technologies can be incorporated in SMCs' IT. Another essential aspect is the improved verification in the sense of compliance. The work necessary for the verification of security components, respectively the entire IT security infrastructure, is reduced considerably, since security assessment and compliance tests for VSAs are readily available. Through the increasing complexity, the verification of conformance becomes easier.
With this background, Project VISA will establish possibilities to model SMCs' IT infrastructures for virtualization. Using this as a basis, the project will conceptualize needs-appropriate VSAs that will be employed as an integral part of SMCs. This should be accomplished through the simulation and emulation of complex network and service topologies. To enable a needs-appropriate use for SMCs, a graphic interface should be developed to support the modeling as well as to visualize and use the VSA.
Here the scientific challenge lies in the appropriate modeling of network topology and the abstraction using virtualization technologies. An important question is whether the IT infrastructures interact in the same way modularly and in doing so drastically reduce the complexity without sacrificing security. A further goal emerges from this aspect: The validation of the methods and recommendations for VSAs via standardized methods like ISO 27001 and BSI-basic protection. A further scientific goal is to explore in how far virtualized IT security building blocks and services can be derived from concepts like Iaas, Paas and Saas.
VISA creates a framework enabling the testing of VSAs in recreated, practice-oriented scenarios. In this respect, the consortium sees the following technical challenges, respectively goals:
- The development and grouping of various VSA modules covering different areas of IT security.
- An automated and dynamic environment enabling experimental testing of various network topologies and the use of VSAs.
- Models that control the simulation of the network topologies.
- At the end of the project, every VSA must be available as a virtual image and be able to be configured in accordance with the original model by using the deployment system.
- A model, respectively system is necessary to control the deployment.
- A library of virtual images is necessary to build the possible scenarios.