The project’s scope is the development of a highly automated, easy to use security solution for European Citizens. The solution will ensure a sufficient and adaptable level of security covering the major risk of computer usage at home including malware, spyware, harmful content and unauthorized internet communication. In order to find an adaptable level of security, European security levels have to be defined. The solution further includes a measuring system which measures the security healthiness of the client in relation to the security levels. Measuring results are reported to trusted authorities. The security solution will increase trusting in computer usage and therefore empowering the European Citizens to a secure use of e-based solutions like e-banking and e-government.

1 Problem Description
A major part of households in the EU use computers for any purpose. Generally, the security risks are countered poorly.
It’s known, that in the chain of e-business services the client computers are often the weakest part. Service providers do not have any possibility to check the security status of the client computer. These facts represent one of the most important reasons for general reluctance against modern electronic business opportunities. In order to increase the acceptance of e-business and e-government, the reliance must be enhanced. A major step in this direction is the raise of home user security and to give the online services a possibility to check the security status of the clients.

2 Goals of the Project
The primary goal of this project is the development of a highly automated, intuitively usable security solution providing an adapted level of computer security to home users. It requires a challenging infrastructure and political definitions. To achieve the goal, a system with at least three components will be built:

2.1 Security Cockpit
State of the art security software for home users is complicated to use. Because most of the European citizens lack the required knowledge, they often decide by guessing. As a consequence, they do not feel comfortable and encounter unforeseen problems.
ISFEC has to bring up a security cockpit which is as easy to use, automate and maintain as possible.
To prevent patronising users, the security cockpit provides a configuration interface for advanced users allowing adjusting security levels or individual settings. The security cockpit is able to measure security parameters of the client where it is installed, in order to create a report of the actual security state of the client.

2.2 Security Standard Interface
To make ISFEC simple to use an adjusted security level must be defined. This level will be varying for each country and interest group. ISFEC will provide an interface to adapt a Security Standard to the security cockpit. The definition of the security standard will be published. Interested groups may define their own security standards and make them available to the security cockpits installed.

2.3 Trusted Security Authority
In order to measure the current security state of home computer systems, the security cockpit acquire the security status of the client where it is installed and, with the permission of its user, sends it to a trusted security authority of his choice. The privacy rights of the user have to be highly maintained. By obtaining information about the current security situation of the home computer, an online service can provide access to their services only when a certain level is reached.

3 Research Areas

3.1 Security Standard Interface for European Citizens
- Researching, evaluating and consolidating descriptions and practical experiences of well known levels of security / content protection
- Defining levels of security by prototype measuring and finding common figures and numbers; learning how to interpret them
- Defining interest groups and interviewing their needs (e.g. banks, companies, consumer’s organisations and so on)
- Consolidating all results mentioned caring European laws and standards.
- Defining the interface to ensure interest groups can easily define a security standard to the requirements

3.2 Security Cockpit
- Finding a highly modest and intuitive usability, that embraces installing, using, maintaining and uninstalling. Experts should be able to switch on complex settings.
- Defining an adapted architecture that separates maintaining from working, kernel from additional modules and security data from security engine
- Finding ways how to measure the security state of a computer and how to report it in an anonymous way
- Finding out how to store context-sensitive security relevant data in a database
- Designing a protocol that allows the exchange of security state information

3.3 Trusted Security Authority
The trusted security authority will receive security state reports of security cockpit clients. The authority should be cascadable in order to have chains or trees of trust. This requires:
- Transcripting political security level definitions to a technical system that works information packages inside this context
- Finding out what and how to aggregate and to present
- Finding out by what mechanisms trusted authorities are to be chained in order not to have dead locks or information lacks and so on
3.4 Overall System Design
- How to adapt the security standard (2.1.3.1) to the most general views of the overall system
- Describing communication paths / protocols how to transport security information from security cockpits to trusted authorities in a secure way
- Proposing maintenance channels that allow to deliver security cockpit updates quick and reliable, updates of security data as well as updates of engines and add-ons
- Defining emergency communication ways
- Defining the needs to the overall PKI and how certificates have to be handled

3.5 Acceptance
- Procedures how to build up end user’s trust
- What are the political and technological preconditions of acceptance in the wide angle
- What platforms are trusted by whom? More specific: does the use of open source software rise acceptance?

3.6 Caring User Activities’ Impact to the Operating System
- What is the architecture of an intelligent observer of OS mutations
- How intelligent can such an observer be, where are the limits and therefore where is the usability’s end of simplicity
- What algorithms help to join user activities and the OS mutations and what are their limitations  

• Design and engineering user interface focusing on high usability 
• Local legal aspects/requirements/habits/acceptance (country-specific)
• Development of malware-scanning engine and plug ins
• Development of firewall/content filter
• Operate and maintain a service including testing
• Distributing the solution, receive home user acceptance
• Data mining, analysis and interpretation for the feedback service
  
  

• Contribution to the proposal
• Software design, implementation and testing for the fully automated, intuitively usable security software including:
  o Scanning engine, firewall, content filter
  o User interface
  o Data mining tool with anonymous and feedback service
• Defining an adapted security level for Europe citizens as home computer user
• Research to ensure the high usability
• Evaluate the requirements for a high user acceptance
  

• Research organisations
• Technical universities
• Public authorities for information security
• Supplier of security software