“Safer Apps” research project for SMEs launched
As the use of and dependency on IT solutions grows, IT infrastructure security is becoming central to business survival. Industrial espionage and temporary production outages are just two possible consequences of poorly secured IT solutions. That is why research staff in the Cyber-Physical Systems department at the German Research Center for Artificial Intelligence (DFKI) and developers at the Bremen software provider Univention are creating a security infrastructure based on virtualisation techniques, as part of the “Safer Apps” project. The aim is to enable companies safely to install and run applications from third-party vendors in an existing IT infrastructure and in the cloud, without this posing risks or problems for that IT environment.
Bremen, 26 May 2015. The background to the research project launched in early April is a common scenario in business practice: that of a company wishing to add third-party solutions such as groupware or enterprise resource planning systems to its existing IT infrastructure. How can the company ensure that the new third-party applications do not introduce unmet dependencies or even malware that pose a risk to the IT infrastructure in place?
The DFKI-Univention project group is seeking to resolve this question, initially by looking for ways in which those responsible for IT can express their security interests as simply as possible. On that basis, researchers will develop techniques to help continuously to monitor the implications of those decisions for the security of the IT environment as a whole and make any necessary adjustments. The second step is to combine a range of different security mechanisms such as virtualisation techniques like Docker or access control mechanisms like SELinux strategically to satisfy the security interests specified by those in charge of IT.
Ultimately, the project team is to present the prototype of just such a security model in the Univention Corporate Server (UCS) ‑ a model that will allow the “safe” operation of third-party applications on UCS as the operating system platform. The server operating system UCS with its high-performance infrastructure and identity management system already allows non-experts to easily customise IT infrastructures for their companies. The app centre integrated in UCS currently offers around 70 applications for simple and easy installation, most of which have been packaged for UCS by third-party vendors. To open up the app centre to more software providers in future, the aim is to enable third-party applications to be “isolated” from the existing IT environment. This should avoid any dependency on the operating system platform and undesirable interactions between apps.
The specification language to be developed for formalised description and implementation of security requirements is to be combined with the security model, still to be developed, in UCS. This will allow applications from third-party vendors to be operated sufficient securely in existing IT environments, locally or in the cloud without interfering with each other. In the long-term, isolated applications are to be available to purchase for use with UCS from a shop platform similar to the Google Play Store.