- 1: epSOS Home.
- 2: About epSOS.
- 3: Project Structure & Results.
- 3.1: Work Package 1.1.
- 3.2: Work Package 1.2.
- 3.3: Work Package 1.3.
- 3.4: Work Package 2.1.
- 3.5: Work Package 3.1.
- 3.6: Work Package 3.2 .
- 3.7: Work Package 3.3.
- 3.8: Work Package 3.4.
- 3.9: Work Package 3.5.
- 3.10: Work Package 3.6.
- 3.11: Work Package 3.7.
- 3.12: Work Package 3.8.
- 3.13: Work Packages 3.9 and 3.10.
- 3.14: Work Package 4.1.
- 3.15: Work Package 4.2.
- 3.16: Work Package 4.3.
- 3.17: Work Package 4.4.
- 3.18: Work Package 5.1.
- 3.19: Work Package 5.2.
- 3.20: Work Package 5.3 .
- 4: epSOS Countries.
- 5: Large Scale Pilot.
- 6: FAQ.
- 7: News & Events.
- 8: Press section.
- 9: Links & Collaborations.
- 10: Download Area.
- 11: Glossary.
Work Package Output
1. A document defining epSOS Security Services Specifications
2. A Security Services Specifications Editors Handbook
Deliverables
D3.7.2: Final Security Services Specification Definition
Work Package 3.7: Security Services
Work Package Description
Without adequate security systems in place, none of the epSOS services can be used in real-life environments. A security policy is therefore needed to create a secure operational environment for the service deployment. The goal of WP 3.7 is the definition of a security system on the basis of functional service requirements and taking into account the existing level of security implemented in each Member State.
WP 3.7 will select, from different options and on the basis of an option analysis, an appropriate and reliable security system to be integrated into the system architecture.
Each presented option will also include information on the costs of implementation and maintenance compared with the level of security. The proposal will be reported to the Project Steering Board (PSB) for final approval.
Generally, computer security can be characterized as the protection of:
- Confidentiality: information is accessible only to authorized users
- Integrity: accuracy and completeness of information and processing methods
- Availability: authorized users have access to information and associated assets when required
- Accountability/Liability: each communication and each data transaction can be tracked back to a certain originator in a traceable chain of activities.
The epSOS security policy should help to ensure and enforce the above. It should also provide means of proof and essential checks which give users trust in the information given.
However, these objectives can be further divided and applied to concrete actors, which leads to derived security objectives. The most relevant derived security objectives for the epSOS Large Scale Pilot (LSP) are:
- Entity Authenticity: an actor is who he/she claims to be
- Originator Authenticity: the source of data is as claimed
- Access Control: access to information is restricted to authorised actors/entities
- Non-repudiation of origin: the data Originator cannot deny having the data
- Non-repudiation of delivery: the data Consumer cannot deny having received the data.
Aside from giving technical recommendations, it is also a task of WP 3.7 to set up an epSOS Security Audit Policy. Each National epSOS Portal (NCP) has to pass through this security audit, which has to be conducted yearly to ensure that the provisions of the Security Policy are respected. An epSOS security audit group made up of experts will coordinate the audit procedure and decide if a partner fulfils the epSOS security requirements. The security audit must have been completed by all partners before the start of the epSOS pilot servic