Partners
| PRESENSE Technologies GmbH |
| Group Theoretical Foundations of Computer Science of the University of Hamburg |
The Herold project aims at a design and an implementation of a distributed management system for controlling distributed network security components. Based on formal foundations, the system shall be dependable, efficient, and ready to be adopted in industrial settings.
Human network administrators think about securing their network in terms of an abstract, network-global policy. Such a policy is executed by network security components that are distributed within the network and require a local configuration. Hence, executing a global policy requires a "localisation" of the global policy to local configurations. Localisations are complex and error-prone tasks and, therefore, if done manually, pose a threat to network security. Moreover, localisations are repetitive and time-consuming, which draw them economically unattractive.
The approach of Herold is to capture all components of a network within a single model that (i) allows to define security policies on an abstract, network-global level and (ii) allows to automatically derive a local configuration for a network security component (based on its location within the network).
The Herold project has a runtime of two years and started in summer 2009. It is supported by the BMBF (the federal ministry of education and research) (grant numbers 01BS0901, 01BS0903). The project partners can be reached at info@herold-security.de.
|
| PRESENSE Technologies GmbH |
|
| Group Theoretical Foundations of Computer Science of the University of Hamburg |
