PoSecCo · Policy and Security Configuration Management

Future Internet (FI) applications will see dynamic compositions of services providing a broad diversity of functions, starting with business functionality down to infrastructure services. Their progress crucially depends on the service providers' ability to deal with two interdependent challenges: (1) to achieve, maintain and prove compliance with security requirements stemming from internal needs, 3rd party demands and international regulations and (2) to cost-efficiently manage policies and security configuration in operating conditions.The deficiencies of current processes and tools force service providers to trade off profitability against security and compliance. Major causes are (1) ignorance or manual resolution of policy and configuration dependencies, caused by distinct terminologies and languages of security domains, and the complexity of large-scale distributed systems, (2) constant evolution of requirements and regulations as well as service compositions and configurations, and (3) the number of stakeholders involved in security management and requirement definition.PoSecCo overcomes this by establishing a traceable and sustainable link between high-level requirements and low-level configuration settings. Operations will be supported by self-managed features and decision support systems. Substantial improvements are expected in the areas of policy modeling and conflict detection across architectural layers, decision support for policy refinement processes, policy and configuration change management including validation, remediation and audit support, and security management processes in FI application scenarios. PoSecCo addresses the economic viability of the chosen approach by assessing cost and organizational benefits of an improved policy and configuration management.PoSecCo continues other EC projects, especially DESEREC, POSITIF, and MASTER, and adopts existing industry-standards for change management and audit to ensure its impact.