Nebula Public Library

The knowledge bank of ESA’s R&D programmes

Security as a Service for Ground Data Systems

Programme
GSTP
Programme Reference
G617-062GI
Prime Contractor
CGI Deutschland B.V. & Co. KG
Start Date
End Date
Status
Closed
Country
Germany
Objectives
To demonstrate that standard security controls can be implemented as Security as a Service (SaaS) for mission data systems. This implies in particular:
 
  • Simplification of provision of Security Controls in software solutions without compromising on the security goal.
 
  • Harmonisation of implementation of Security Controls in software solutions (easeof maintenance and operation).
 
  • Ensuring correct and adequate implementation of Security Control in all software solutions (QoS).
 
 
Description
Security and Data Policy are two important architectural concerns for all ground data systems. Awareness of these concerns is increasing within the Agency as programmes such as SSA, Galileo, and GMES evolve and security requirements are more often put forward by the Agency's international partners. It has become evident in the recent past that security controls are becoming more and more necessary in the context of mission data systems in particular when these systems are part of the central processing chain that supports the business processes of a mission or programme. The Security Directives Implementation Project (SDIP) has identified the need for a number of mandatory and standard security controls that require implementation in numerous mission data systems such as authentication, access control, identity management, and encryption.
 
While the awareness and the need for security controls in mission data systems is growing, at the same time the necessary security expertise is not present at all engineering levels when it comes to implement mission data systems. Moreover, in order to address the security aspects adequately, the security concerns must be incorporated appropriately in all steps of software development lifecycle.In general security is often perceived as a cumbersome, complicated, and resource intensive subject. Any reduction of the complexity of the subject and simplification of the security aspects, while not compromising on the security objectives, is therefore much welcomed by all stakeholders. A promising approach towards simplified embracement of security concerns in software solutions is provision of Security as a Service.
To give a simple and understandable analogy, one can compare this concept to the services of a firewall, which provides certain network security controls as aService in a quite transparent manner to the software developers. Similarly other security and data policy concerns at application level such as Confidentiality, Integrity and Authenticity can also be provided as a Service in an easy-to-use andmore transparent way to all software projects.
 
The concept of Security as a Service is gaining more importance in the IT community and is becoming more feasible as Service Oriented Architectures (SOA) and Cloud Computing paradigm take a prominent role in the IT landscapes. Repeated and redundant implementation of the same security controls in different projects increase the amount of resources, maintenance and risk of erroneous implementation. The consolidation of security capabilities, like authentication, authorization, encryption and digital signatures, in form of re-usable and self- contained services, increase the interoperability and maintainability of the software solutions.
 
The most important objective here is however simplification of the security subject. If this objective is achieved, security stops to be a complicated topic and turns to be a common, central and standardized piece of the solution.
 
 
 
 
Application Domain
Generic Technologies
Technology Domain
9 - Mission Operation and Ground Data Systems
Competence Domain
8-Ground Systems and Mission Operations
Keywords
48-Cybersecurity
Initial TRL
TRL 4
Target TRL
TRL 6
Public Document