BUGYO2: Building security assurance in open infrastructures, and beyond.
The Project BUGYO 2 proposal has been discussed within the CELTIC program, and is classified within the domains of Security and Service applications. Project BUGYO 2 has been awarded the CELTIC Label in the Call-5 evaluation. This is, in addition, the second stage of project BUGYO, which has been considered one of the most outstanding projects of Call 1 and 2.
In order to be able to meet the challenges and carry out the proposed investigation tasks, four activities must be represented in the consortium:
The above figure covers the four areas required
- Telecom: This dimension will ensure that opinions on telecommunications are included in the project and will focus on guiding the project towards actual results, in line with the users’ final requirements.
- Security: This dimension represents the experience necessary and the understanding of the security issues that must be dealt with, as well as the confidence that can be transmitted to the end users of telecommunications services. Here is where Nextel S.A.’s participation gains higher importance as a widely-recognized company in the security sector.
- Technology and Solutions: a telecommunications infrastructure comprises a wide-ranging set of diverse technologies and solutions. This is a relevant dimension for the consortium in order to translate confidence in the infrastructure’s security into confidence in the nodes.
- Methodologies and Process: Security is often thought of as a process – not a technology – particularly when dealing with security assurance; the dimension of Methodologies and Processes is decisive in achieving the definitive confidence of the end user.
Project BUGYO demonstrated the use and viability of an infrastructure, with the object of gaining confidence in telecommunications-oriented service security.
Project BUGYO 2 will go further yet, to address advanced concepts and tools to allow adapting to the evolution and ubiquity of telecommunication infrastructures. This extension will involve both multi-operator (fixed and mobile) environments and service providers.
BUGYO 2 will contribute towards improved telecommunication infrastructure protection, the introduction of means of comparison for infrastructure interconnection assurance levels and the provision of improved risk models resulting from dependence on other infrastructures.
BUGYO2 will provide the means to:
- Improve BUGYO system’s operating approach, which covers issues such as self-development of metrics (in correlation with normalization and certification), metrics patterns, evaluation guidelines, help models (tools, guides…).
- Compare and share information securely between the different operators, including normalization and standardization of assurance measures.
- Transition towards a dynamic system, considering the ubiquity and evolution of telecommunication infrastructures.
The BUGYO 2 consortium is comprised by several major and smaller companies, research institutes and universities, located in various European countries, such as Spain, France, Luxembourg, Finland and Sweden. The expertise and skills contributed by each of the partners are complementary and cannot be found within a single European nation.
The blend of major corporations, small companies, research laboratories and universities offers several advantages, as major companies are required to enable the definition and acceptance of industry standards. Research laboratories and universities are essential as they offer advanced and elementary knowledge, and encourage dissemination and leverage through their network; and the smallest companies and SMEs are experts within their specific operating area.
The de facto establishment of standards in this arena requires the support of a consortium because, under this figure, none of the participating institutions are capable of making it on their own. On the other hand, there are technical challenges to be met in order to achieve a practical development of the technology. The expertise and skills contributed by each of the partners of project BUGYO 2 are complementary and will be helpful in reaching a solution to these technical challenges.
The efforts needed to meet Project BUGYO2’s objectives are too great for each individual company or institute on its own. Thus, international cooperation is called for in order to afford the required insight and strategic vision. Likewise, domestic requirements shall be considered to honor national innovation policies and strategies. The expertise and skills contributed by each of the partners are complementary and cover the skills required to meet the project’s objectives. Therefore, trans-European cooperation between companies from diverse business sectors is a pre-requisite for the proper implementation of the project.
BUGYO2 is intended to extend the work carried out in BUGYO. In BUGYO, two of the main hypotheses were conceived on the basis of the system observed: an autonomous (mono-domain) system and characterized through its fixed service infrastructure. Although this task pertains to traditional telecommunications operators, in this phase 2, we would like to face the issue of security assurance in the ubiquitous and advanced multi-domain architectures of the telecommunications operators.
This major objective may be subdivided into four secondary objectives:
- Objective 1: To provide the necessary means to improve BUGYO system’s operating approach, which covers issues such as self-development of metrics, metrics patterns, evaluation guidelines, help models…
- Objective 2: To compare and share information securely between the different operators, including the normalization and standardization of assurance measures: Interoperability.
- Objective 3: Dynamics and mobility: considering the evolution of telecommunication infrastructures, to migrate towards a dynamic model that allows decision making in real time.
- Objective 4: To demonstrate the progress of the project on a large scale by means of a multi-domain (several operators) testing bench.