DFKI and Univention develop secure technology for use of third-party applications in companies
As the use of and dependency on IT solutions grows, IT infrastructure security is becoming central to business survival. Industrial espionage and temporary production outages are just two possible consequences of poorly secured IT solutions. That is why research staff in the Cyber-Physical Systems department at the German Research Center for Artificial Intelligence (DFKI) and developers at the Bremen software provider Univention are creating a security infrastructure based on virtualisation techniques, as part of the “Safer Apps” project. The aim is to enable companies safely to install and run applications from third-party vendors in an existing IT infrastructure and in the cloud, without this posing risks or problems for that IT environment.
The background to the research project launched in early April is a common scenario in business practice: that of a company wishing to add third-party solutions such as groupware or enterprise resource planning systems to its existing IT infrastructure. How can the company ensure that the new third-party applications do not introduce unmet dependencies or even malware that pose a risk to the IT infrastructure in place?
The DFKI-Univention project group is seeking to resolve this question, initially by looking for ways in which those responsible for IT can express their security interests as simply as possible. On that basis, researchers will develop techniques to help continuously to monitor the implications of those decisions for the security of the IT environment as a whole and make any necessary adjustments. The second step is to combine a range of different security mechanisms such as virtualisation techniques like Docker or access control mechanisms like SELinux strategically to satisfy the security interests specified by those in charge of IT.
Ultimately, the project team is to present the prototype of just such a security model in the Univention Corporate Server (UCS) ? a model that will allow the “safe” operation of third-party applications on UCS as the operating system platform. The server operating system UCS with its high-performance infrastructure and identity management system already allows non-experts to easily customise IT infrastructures for their companies. The app centre integrated in UCS currently offers around 70 applications for simple and easy installation, most of which have been packaged for UCS by third-party vendors. To open up the app centre to more software providers in future, the aim is to enable third-party applications to be “isolated” from the existing IT environment. This should avoid any dependency on the operating system platform and undesirable interactions between apps.
The specification language to be developed for formalised description and implementation of security requirements is to be combined with the security model, still to be developed, in UCS. This will allow applications from third-party vendors to be operated sufficient securely in existing IT environments, locally or in the cloud without interfering with each other. In the long-term, isolated applications are to be available to purchase for use with UCS from a shop platform similar to the Google Play Store.
DFKI project contact
Prof. Dr. Dieter Hutter
Deutsches Forschungszentrum für Künstliche Intelligenz (DFKI) - Cyber-Physical Systems
Tel.: +49 (0)421 218-64277
Univention press contact
Tel: +49 (0)421/22232-81
About the German Research Center for Artificial Intelligence (DFKI) and the Cyber Physical Systems research department
The German Research Center for Artificial Intelligence (DFKI) is based in Kaiserslautern, Saarbrücken and Bremen, and has a branch in Osnabrück and a project office in Berlin. It was set up in 1988 and is now the world’s largest research institution in the field of artificial intelligence. The Cyber-Physical Systems research department at the DFKI Bremen site works on the technical development of intelligent networked systems. The research and development team under Prof. Dr. Rolf Drechsler specialises in the safety and correct operation of these increasingly complex systems that are used in everything from smartphones to cars and aeroplanes. Researchers in the team work closely with the computer architecture research group at the University of Bremen.
Univention is a leading provider of open-source products for the operation and management of IT infrastructures. Its core product is the Univention Corporate Server (UCS), a flexible, efficient and successful alternative to server solutions from Microsoft. UCS offers comprehensive active directory functions and an app centre that enables the integration and operation of enterprise applications. UCS allows Web-based IT management and can be used in all sizes of organisation. The product can be operated as a classic server solution or in the cloud, or used for hybrid IT environments. It can be run as part of existing Microsoft infrastructures and supports the simple replacement of Microsoft Windows domains. UCS is also the technical basis for the Open Cloud Alliance, an association of leading hardware and software providers which, together with an ever-growing number of cloud service providers, are seeking to create an open, standardised and secure cloud solution. Univention has a global network of partners and branches in Europe and North America.
Friday, 28 Feb 2014Change of leadership at BAALL: Dr. Serge Autexier follows Professor Bernd Krieg-Brückner
Monday, 16 Dec 2013A look into the future : The intelligent flat for the elderly
Monday, 25 Nov 2013Chances of technology: between hesitation and thirst for knowledge
Thursday, 21 Nov 2013Apply for the Zukunftstag 2014!
Tuesday, 19 Nov 2013Secure computer chips