SECURED: SECURity at the network EDge

Description

The SECURED architecture created a trusted and virtualized execution environment allowing different actors (e.g. single users, corporate ICT managers, network providers) to install on-demand and execute multiple security applications on the network edge device to protect the traffic of a specific user. This approach reduced the load onto the mobile devices, guaranteeing enforcement of user-specific and device-independent security policies, and uniform protection across different devices and networks.

Transition mechanisms were also defined to support legacy network devices and deploy this new technology incrementally. The proposed architecture was validated in corporate and individual environments, considering various network settings (e.g. 3G/4G, WiFi, xDSL, corporate LAN).The project targeted citizens, network providers, and companies. The latter is able to enforce a company-wide security policy not only when the employee is connected to the corporate network but also when she is on the move (e.g. home network, 3G connection, airport WiFi).

SECURED produced results in the form of open specifications and sample open-source implementations for:

  • creation of trusted network security applications
  • policy-based security configuration, with support for hierarchical and multi-source policies
  • security marketplace to trade applications and exchange best-practice policies (useful to encourage adoption by non-skilled individuals or companies).

A uniform security environment was created, independent of the user device and network connection, offering also protection for Internet-of-Things environments, where nodes typically have limited computational and communication capabilities (e.g. home appliances, sensor networks, or distributed critical infrastructures). In summary, the project results can empower mobile users with better Internet security and enable different business models for network service providers and security application developers.

Funding