The aim of the "Secure Space " project, short for "A Secure Space for Collaborative Security Services ", is to develop a software platform for the secure communication and collaboration of autonomous participants across enterprise boundaries in the Internet and to prove its usability by means of applications from the security domain. The collaboration is carried out by providing all participants shared data structures that they can access concurrently in a safe way. The state of the data structures can be changed and observed in near real-time and participants use this mechanism, also called "Space Based Computing ", for communication and coordination.

 

The Secure Space guarantees that only participants belonging to a business process which trust each other can access the shared data structures in one or more "Secure Rooms". Participating organizations are identified by exchangeable identity providers. The Secure Space ,s responsibility is to assign each identity its corresponding role and associated access rights in the space.

 

Use cases comprise collaborative, peer-to-peer spam detection and intrusion detection, and will be implemented as part of an innovative, centralized firewall management in the security domain. But also other applications are enabled through the Secure Space: As an emerging trend, enterprises of the future are turning into so-called "virtual enterprises". In order to stay competitive, enterprises must react quickly, share knowledge, and cooperate. Participants that belong to different and physically dispersed organizations need to collaborate, exchange competencies, and share skills and resources. The problem addressed by the Secure Space also surfaces in so-called cloud computing scenarios. Today, cloud-computing means that one specific operator owns the cloud. The cloud being a monopoly of the cloud operator today can be changed by means of the Secure Space into an open, distributed cloud tomorrow.

 

Firewalls and Unified Threat Management systems are, in today,s enterprise networks, rarely separate devices. Multiple firewalls, virtual private network gateways, intrusion detection sensors, etc. are typically spread among different physical networks which are in turn connected via tunnels. The configuration, system status, and logs of all these devices need to be monitored and managed in a consistent way to be able to provide the required levels of security for the whole network. A simple misconfiguration or inconsistency in the security policies can render other security measures useless. It is therefore a strong requirement for enterprise networks that these security devices are managed centrally, meaning to have one logical place from which everything can be managed and supervised. Using Secure Spaces for exchanging and co-ordinating configuration data and system information cross domain in near real-time, firewalls could be managed from a central instance and apply consistent security policies at different locations.

 

The Secure Space approach opens new market segments not only for security software vendors, but also for developers of collaborative Web 2.0 software in general.

 

The main scientific research objectives and technological goals addressed in the Secure Space project are the following:

 

• Authentication in a space
• Secure space use cases
• Secure collaboration patterns
• Modeling of ACLs in federations
• Model-based Configuration
• Usability
  
• Integration with existing standards and interoperability