ObjectSecurity Home Products Services News+Events Customers+Partners Industries Contact
OpenPMF 2.0 Model Driven Security Management
Industries Middleware for secure service platforms for telecoms
Telecoms service platforms provide an open and standard interface to functions of an underlying network infrastructure, for example to a 3G mobile network. They can be used not only by the network operator, but also by 3 rd party service providers, to implement telecommunications services. This raises several security issues for all involved parties. The network operator for example is concerned about the correct function of its network, and wants to open only a specific set of functions to others. The service provider e.g. wants to bill the customers, and the user demands a protection of privacy. Regulatory requirements, for example for data protection or legal access, also need to be considered.

Products
Services
Success stories
Presentation

Currently the enforcement of adequate security policies in service platforms is hard, since the platforms do not provide the necessary functionality. Secure services can be implemented in very different ways. For example it is possible to implement security enforcement functionality in the application itself. This is a very common approach, but has many practical disadvantages, from a greater burden to the application developer who now has to take care of the security functions, in addition to the business logic, to non standard management of security policies.

A better solution is inheriting most of the core security functionality, authentication, protection, access control and auditing from an already secure service platform. Instead of implementing the security enforcement and management functionality now the deployer has mainly to define a security policy. This greatly decreases the development time and costs for the applications based on the secure platform, since during the development security has to be considered to a much smaller extend. Completely ignoring security issues at this stage and relying on the platform’s security features will not be possible for the forseeable future, as there are too many different security policies to enforce. A secure platform also decreases the costs for operating the applications and services by standardised central management of security policies and users.

The vision of secure service platforms is not new. For example in the past there were some attempts to secure TINA and Parlay. Service platforms also contain a certain level of security functionality, for example for authentication. But this is mainly targeted at user management, not for protection from a determined attacker. For example the user is authenticated in a simple manner, e.g. with username and password, and a service session is started, but the whole protection is not protected cryptographically. So an attacker can easily hijack the session or directly access all objects associated with the session.

To solve this complex problem, we have developed a service platform prototype based on ObjectSecurity's technology framework (OpenPMF, SecureMiddleware/MICO, and ObjectWall) together with T-Systems Deutsche Telekom and other project partners:

 

 



      

Copyright (c) 2000-2008 ObjectSecurity - all rights reserved - copyright & terms of use - site map overview - webmaster