D4.3 Vicinity Security Services
This deliverable explains the general view on cybernetic security and security goals that need to be achieved by a VICINITY system in line with security requirements and security design in D1.5 and D1.6 deliverables of the VICINITY project. Alternative definitions of what needs to be considered in regard to cyber security: we conclude that ISO/IEC 27000:2016 should be used.
The deliverable identifies following measures that are implemented into the VICINITY system and should provide reasonable protection of data that are transferred across the system:
- Authentication mechanism;
- Frontend with policy definition capabilities;
- Service and functionality for policy enforcement;
- IDS/IPS measures in platform as a service (cloud) provider;
- Strong firewall rules on all VICINITY servers;
- TDE on all core databases and slated hash password storage;
- Principle of least privilege whenever a component is deployed;
- Usage of valid certificates for all secure communication channels;
- No non-secure communication;
- Logging and audit trails collection
- Data access contracts - consents.
This deliverable focuses on the technical aspects of the defence in depth model. The Administrative aspects (training of staff, social engineering, local legislation) and physical aspects (security of the building housing the core servers) of the VICINITY security will be implemented by Pilot site demonstration teams, VICINITY Cloud, VICINITY Client infrastructure and VICINITY value-added service implementation and maintenance team. Moreover, security in IoT environment brings challenges that can't be fully addressed, some of which are discussed in the last chapter of this document.