The development of the Information Society in the past few years, has made both people and organizations undergo a profound transformation process which is affecting the way we interact. As a result, e-business, competitiveness enhancement through the provision of on-line services, accessibility for collaboration, both internally and externally, and concepts such as “virtual company networks”, have become high-priority objectives not only for private entities but also for public institutions.
Nevertheless, the adoption of these new paradigms and technologies, have made way for new risks and threats particularly due to the rise of information sharing, both inside and outside companies.
According to the objectives of the ‘Avanza’ Plan, such as to create a favorable environment towards the development of the Information Society, it is required to provide services and solutions developed for electronic and telematic networks with security and reliability. In turn, Multipol proposes resolving security issues between independently administered domains.
The new threats, infrequent or unknown to date, which companies face, can be summarized as follows:
- The appearance of unreliable services, networks and data sources that may represent an obstacle through that same network of service providers.
- The information systems of companies and public institutions become more and more sensitive and vulnerable to this type of threats, reaching critical levels.
- The possibility of fraud, as a result of identity theft, credential forgery, etc.
- The unpredictable and distributed nature of the attacks, added to the anonymity favored by public access media and to the legal void which is often seen in this sector.
Traditional security mechanisms – most of which are centralized and hierarchic – are not suitable against these threats, and continue to be an obstacle when it comes to leveraging on the benefits contributed by the new forms of interaction between companies.
Multipol proposes investigating a new generation of solutions to substantially improve security management, and network security itself, to face such threats.
Multipol will evaluate security issues between independently administrated domains. The main objectives of Multipol’s proposed solution are:
- To provide an integrated application system to soundly manage security issues between independently administrated domains.
- To apply the existing results in runtime, when users access the resources.
- To use trend-setting mechanisms based on semantic technologies to compare the security policies of interacting domains.
- To consider all of the existing environments, not only SOA applications and Web services, but also other traditional applications, as well as network devices.
- To develop experimental applications prepared for various sectors: security infrastructures for buildings and companies, as well as the telecommunications field. This will enable validating project results on a wide scale and promoting their use in several vertical sectors.
- To evaluate the possibility of applying emerging security standards to a wider set of real situations than generally considered.
Finally, as a crucial objective and an added value, the project intends to achieve a high level of synergy between partners with diverse experiences and varying degrees of specialization. This will additionally benefit the sharing of concepts and architectures between different sectors.
Consequently, the project is expected to consolidate European industry competitiveness in the treated sectors: Multipol’s capacity to execute and deploy powerful and flexible security mechanisms effectively and simultaneously is an increasingly important requirement for companies performing in these sectors.
Multipol’s proposal was presented at the Second Call of the ITEA 2 (Information Technology for European Advancement 2, http://www.itea-office.org) (Security policy in multi-domain environments) program, which was prepared by a French, German and Spanish consortium. At the Steering Committee meeting held for this program on October 9, 2007, Multipol was favorably evaluated, obtaining the ITEA seal awarded by this institution.
ITEA 2 is one of the cluster programs in which Spain participates with diverse goals: to encourage the creation of platforms, and to promote the use of methodologies to develop both software-intensive systems and global security management systems.
Program ITEA 2’s general mechanisms indicate that grants awarded to perform the work committed in their budgets shall be requested from the corresponding authorized national entities, in this case the Ministry of Industry, Tourism and Trade, through program AVANZA I+D. Therefore, this memory describes the work proposed by the Spanish partners included in Multipol.
Five Spanish companies have participated in this ITEA-2 proposal: Atos Origin (leader of the Spanish consortium), European Software Institute, AnswareTech, Nextel S.A. and Innovalia Association.
At domestic level, the INES technological platform has contributed its seal to this proposal, considering that it develops high-interest topics for its Strategic Agenda.
Multipol is a pioneering project focusing on security policy investigation within multi-domain environments.
From a technological viewpoint, the main innovating result is the creation of a set or modular suite comprised by software modules to implement tight access control between independently administrated domains; that is, those that possess separate and independent security policies.
With an innovating integrated, modular architecture, the Multipol project intends to offer companies the possibility of developing an access control policy for the entire information system, with a quick return on investment. The Multipol suite will enable organizations to gradually implement their security policies in line with their priorities and investing power through time, while remaining open to further developments.
Among the new features offered by the Multipol suite the following are worth noting:
- Multi-domain security policy support
- Innovative – but pragmatic – security policy models
- Ontology of the security policy
- Automatic policy refining, comparison and composition of policies
- Security level negotiation in heterogeneous environments
In summary, the Multipol suite is intended to cover all critical issues faced by a network economy. Both users and organizations will be capable of implementing an integrated and consistent security policy, from their internal systems to their corporate portals – all of this through a manageable, usable, consistent and secure solution.
- Description of the project within the “I+D+i” section of Nextel S.A.’s Website.
- Mention of the I+D+i projects in the press release associated to Nextel’s 20th Anniversary
- Presentation delivered during the “Nextel Day” (December, 2008), within the “I+D+i” section
- Press Release on the Multipol project
- Mention of the Multipol project in Nextel’s press release
- Video shown at the 2009 Innovalia Convention