Current phenomenona like outsourcing, service oriented architectures, cloud computing and also the general penetration of every kind of work process by information technology gave rise to a situation, which was inconceivable a few years ago. At the turn of the millennium central IT-systems, for example information systems in companies or control systems of public infrastructures (energy grid, traffic control systems) were most totally isolated or they've just communicated with other IT-systems in tight, accurately defined boundaries. In the last few years this boundaries became more and more transparent or disappeared completely. Modern IT-systems became versatile, flexible, and highly interconnected, yet fragile constructs.
While a few years ago anti-virus software and firewalls were considered to be sufficient protection against attacks on IT-systems, recently it became apparent, that these measures are obsolete. Complex and adaptive attacks on IT-systems (for example Stuxnet, Duqu or Flame) demonstrated the capability of abuse and industrial espionage and exposed the weakness of current defensive measures.
Taking into account the current threat situation, it emerged in particular that the so far common, strict separation of an IT-security process in the three phases
- Preventive measures against attacks
- Defense against ongoing attacks
- Forensics and post-mortem examination of IT-security incidents
wasn’t sufficient as many possible synergies remained unexploited.
Main FORSEC Objectives
FORSEC aims at transferring the three, up until now always separately considered parts of the process into an integrated, interdisciplinary concept - an integrated security process for highly connected IT-systems. The phase „Preventive measures against attacks “ describes methods for securing IT-systems as well as raising people’s awareness of the safe use of IT-systems. Subprojects in this area are particularly focused on intrusion prevention and reduction of the expected damage.
Defense measures during ongoing attacks can be assigned to the second phase of the cycle „Defense against ongoing attacks “. Topics researched include effective recognition and subsequent defense of and from attacks as well as methods for conviction of the attackers.
Subprojects assigned to the phase "Forensics and post-mortem examination of IT-security incidents" are mostly concerned with methods for the identification of the offenders and recovery of systems and data.
Eight professors from five different Bavarian research institutions are involved in the Bavarian research association FORSEC: four universities with faculties and departments of different scope (Faculty of Economics and Business Administration at University Regensburg, Faculty of Computer Science and Mathematics at University Passau, Faculty of Computer Science at TU Munich, Technical Faculty at FAU University Erlangen-Nürnberg), and - indirectly - the Institute of Applied and Integrated Security (AISEC) at the Fraunhofer Institute in Garching near Munich. The research association is being coordinated by Prof. Dr. Günther Pernul and Prof. Dr. Guido Schryen from the Institute for Information Systems of the University of Regensburg.