- 1. Identification and formal specification of S&D requirements at the level of individual services, communication protocols, middleware, and devices ;
- 2. Identification and specification of the solutions meeting the above requirements. Those solution are integrated as S&D patterns into the SERENITY framework.
User requirements and use cases derived from the scenario definitions will drive the identification of requirements, such as authentication, confidentiality, non-repudiation, but also availability, privacy and other more complex application specific requirements. Further, adequate S&D solutions will be identified and accurately specified. Work on the Network and Devices level will address existing S&D solutions such as security protocols (e.g. SSL/TLS), particular hardware security mechanisms or more complex ones for services, for example addressing security in Web Services.
Combinations of solutions will be developed and analyzed whenever atomic ones are not adequate due to some special requirements (e.g. legal or privacy requirements).
Finally, all validated S&D solutions are made available to the SERENITY framework by describing them as security patterns using the SERENITY security pattern specification language developed in the pattern management integration activity.
Tools for the analysis, verification and validation of S&D solutions in the context of mobile devices and dynamic systems will be developed and applied to the identified solutions. For suitable cases, static validation tools will be prepared for integration into the framework.
Associated WP
