DFKI and Univention develop secure technology for third-party applications in Univention Corporate Server.
Research staff in the Cyber-Physical Systems department at the German Research Center for Artificial Intelligence (DFKI) and Univention have started to create a security infrastructure based on virtualisation techniques, as part of the “Safer Apps” project. Our aim is to enable companies to safely install and run applications from third-party vendors such as groupware or ERP systems in an existing IT infrastructure and in the cloud without the posing risks or problems for that IT environment.
How can the company ensure that the new third-party applications do not introduce unmet dependencies or even malware that pose a risk to the IT infrastructure in place?
To solve this ubiquitous problem, the “Safer Apps” project team seeks to resolve this question, initially by looking for ways in which those responsible for IT can express their security interests as simply as possible. On that basis, researchers will develop techniques to help continuously to monitor the implications of those decisions for the security of the IT environment as a whole and make any necessary adjustments. The second step is to combine a range of different security mechanisms such as virtualisation techniques like Docker or access control mechanisms like SELinux strategically to satisfy the security interests specified by those in charge of IT.
The goal is to present the prototype of just such a security model in Univention Corporate Server (UCS) ‑ a model that will allow the “safe” operation of third-party applications on UCS as the operating system platform.