01.01.2009 – 31.12.2010
(Norwegian University of Science and Technology (NTNU) Trondheim, Department of Telematics, Prof. Peter Herrmann)
Prabhu Shankar Kaliappan, Hartmut König, Sebastian Schmerl, Michael Vogel
The goal of the cooperation between the research groups in Cottbus and Trondheim is to apply model-based collaborative system engineering, the focus of the Trondheim group, to a systematic development of P2P intrusion detection systems, the research area of the Cottbus group. Based on the system engineering approach SPACE of the Trondheim group a methodology for the model-based development of intrusion detection systems shall be developed and proved for its applicability. Model based engineering enables the fast design, generation, and validation of intrusion detection systems and facilitate the design and adaptation of needed protocols and system components. Moreover, the models can be analyzed for security gaps and hardened by adding security mechanisms. In order to prove the feasibility of the methodology a prototype system shall be designed, automatically implemented, and validated. To achieve these goals, a number of tasks have to be performed:
- The collaborative system engineering approach SPACE which currently is dedicated mainly to the design of networked services and its toolset Arctis shall be extended to enable the automated creation and security analysis of communication protocols, in particular P2P protocols.
- A number of protocols have to be designed supporting the interaction of agents in P2P intrusion detection systems and the corresponding Arctis-model building blocks must be developed.
- The example system has to be specified using the model building blocks, checked for design errors by the Arctis inspectors and model checking tools. To cover vulnerabilities and threads of the modeled system, a security analysis has to be performed. The resulting system model must be synthesized and the appropriate code generated by means of the Arctis tools.
- The generated implementation shall be thoroughly validated and improvements for both the intrusion detection protocols and the SPACE-engineering process shall be identified.