e-Security development

Project director: Dr. Zoltán László assistant professor, BME IIT

As one of the most rapidly developing disciplines these days, information technology plays a significant role in both the operations of society and the economy, and in managing their operating efficiencies. The continuous, exponential growth of computing/storage capacity of hardware, and the drastic increase in network bandwidth enable the solving problems that once seemed to be insurmountable, due to technical limitations. However, it can be inferred that there is more to information technology on its current technical, technological level than what is exploited by creating and operating complex, highly complicated systems affecting society and economics (e.g. e-government, distribution, intelligent transport and logistics, meteorology, simulation and animation, process-, organization and decision support systems, just to name a few). This situation has been confirmed outside Hungary as well. International studies show that only a small percentage of complex IT projects can be considered successful, and the exaggerated expectations towards the sector have decreased over the last decade. This is mostly due to the fact that the security and quality of an IT system is often insufficient, and protection tools and techniques are cumbersome and difficult to manage. System downtimes result in a lack of essential functionalities and data loss, while security holes make users vulnerable. There is not sufficient support available for secure operation, connection points linking different systems are missing, and simple modifications in the application field can only be realised through complex development in the implementation field.

The more IT systems dominate every aspect of life, the more IT security comes to the forefront. International standards and regulations are created to classify systems and to certify compliance with requirements (e.g. Common Criteria), with Hungary acknowledging the efforts and aiming to employ these initiatives (e.g. MIBÉTS). Alongside the technical level approaches, organisational level approaches are becoming increasingly (COBIT, BS7799) accepted. A similar tendency can be experienced in terms of quality and quality assurance, where alongside the ISO there is an increasing demand for CMM based certifications.

The ultimate goal of the program is for BME (IT)2 create a laboratory where IT security & quality auditing and authentication activities can be performed, evolving – by the end of the project – into a certification laboratory. Being a supplier-independent university organisational unit, BME (IT)2 provides an ideal framework for such a laboratory. The numerous research topics include: analysis of new threats, verification and validation techniques, secure payment protocols, audit methodologies and computer based support thereof, determining quality attributes of (software) products, processes, and resources, and the related metrics and measurement techniques.

The laboratory must support the dissemination of Hungarian IT security audits. Thus the laboratory can significantly contribute to the evolution of a Hungarian evaluation schema, and also prepare Hungarian IT products to meet internationally accepted certified auditing. This activity, on the other hand, reduces the costs of Hungarian enterprises aiming to get a certificate valid only in Hungary, since it will be available for a favourable price; moreover, the thorough preparation involved can save significant costs when acquiring international certifications. Software quality has both a product and a process view. The aim of creating and operating such a laboratory is to provide a realisable tool and service in both product and process-based quality control and quality assurance.

In all four programs, research and development is supporting technology and application developments providing specific products and services promising economic benefits. Developments are implemented within the scopes of application projects initiated based on the innovation requirements of consortium partners and other users of the IT market.