Project Overview

CoMiFin logo

The ICT CoMiFin project is a 2.5 year project that is strategically targeting the EU technological and institutional lag in financial infrastructure protection (FIP). Specifically, CoMiFin aims to provide “an infrastructure level monitoring, notification and mitigation” middleware as an essential element of FIP. CoMiFin aims at supporting business continuity of a financial actor on top of an unmanaged network of managed financial infrastructures under all foreseeable failure scenarios including the operational failures and deliberate breaches. This is a non-trivial task requiring a holistic and cooperative approach across multiple elements of a financial infrastructure, such as disparate financial and telco networks, various middleware platforms, and other interconnecting components.

Partner List
Elsag Datamat (Coordinator) (ED), IT
Technische Universität Darmstadt (TUD), DE
Waterford Institute of Technology (WIT), IE
Ministry of Economics and Finance of Italy (MEF), IT
OptXware (OPT), HU
KreditTilsynet (KRD), NO
University of Modena (UoM), IT
Consorzio Interuniversitario Nazionale per l’Informatica (CINI), IT

Project Implementation

As part of the CoMiFin project, the TSSG is primarily bringing expertise in the security domain. This includes privacy, trust management and distributed security systems. Financial actors join the CoMiFin infrastructure by signing a basic agreement. With this agreement, each actor can clearly define which resources (i.e, the CoMiFin nodes introduced above) it is willing to provide to the CoMiFin participants, and the conditions under which the resource sharing will occur. In addition, the basic agreement provides the CoMiFin participants with a set of basic services .

Key Objectives

From a communication infrastructure point of view, signing the basic agreements implies the construction of a connectivity overlay network (actually forming a graph with some connectivity degree k) that connects, on top of the Internet, all the resources the CoMiFin participants agree to share. The choice of an Internet k-connected overlay is done to maximize the availability of the overall system leveraging on the Internet business continuity (IP reconfigurability) and the k connectivity of the overlay.

After joining the CoMiFin infrastructure, more secure and trusted agreements can be signed by subsets of CoMiFin participants. These interest-based agreements are used to allow CoMiFin participants to subscribe to Semantic Rooms (SR); that is, virtual spaces where participants can share interest-based events and information at the highest level of security and trust. Interest-based events and information include faults notification, service interruptions, service updates, power blackouts, communication faults, virus and worm attacks, and so on. The interest-based agreements describe the quality of the services, the data formats, and any security aspects related to the sharing of interest-based events and information.

The TSSG are involved in a number of different aspects of the CoMiFin project, mainly in the security domain, this includes, privacy, anonymisation, access control, architecture design, as well as the design and implementation of trust management components. When a CoMiFin partner observes an event of interest, it is expected to inform other partners in its SR. CoMiFin Nodes will incorporate a peer-to-peer trust management system; events will be filtered based on static rules and dynamic sender trust information, thereby facilitating real-time decision-making on the relevance and threat level of events .

Project Achievements

Refereed Academic Papers


K. Sullivan, J. Clarke and B. P. Mulcahy. Trust-terms ontology for defining security requirements and metrics. In Proceedings of the Fourth European Con-

ference on Software Architecture (ECSA ’10 ACM), Pages 175-180, Copenhagen,

Denmark, August 2010.


R. Baldoni, G. Lodi, G. Chockler, E. Dekel, B. P. Mulcahy, G. Martufi. A

Contract-Based Event Driven Model For Collaborative Security In Financial Information Systems. In Proceedings of 12th International Conference on Enterprise Information Systems (ICEIS). Pages 147-152, Madeira, Portugal, June



G. Lodi, R. Baldoni, H. Elshaafi, B. P. Mulcahy, G. Csert ́n and L. G ̈nczy. Trust

 Management in Monitoring Financial Critical Information Infrastructures. The

2nd International Conference on Mobile Lightweight Wireless Systems (MOBI-

LIGHT). Pages 427-439, Barcelona, Spain, May 2010.


H. Elshaafi, J. McGibney, B. P. Mulcahy, and D. Botvich. Enhancement of Critical Financial Infrastructure Protection Using Trust Management. Submitted for

publication, 2011.


Non-Refereed Academic Papers

            R. Baldoni, G. Chockler, E. Dekel, G. Lodi, G. Martufi, B. Mulcahy. “A      Contract-Based Event Driven Model For Collaborative Security In Financial   Information Systems”. Technical report – MIDLAB 4/2010 – 2010


Public Deliverables

see perforce: //repository/projects/CoMiFin-ICT-SEC-2007-225407/



see perforce: //repository/projects/CoMiFin-ICT-SEC-2007-225407/



General Publicity (e.g. links to press coverage)

An article introducing CoMiFin to the European research community was accepted for publication in the European CIIP Newsletter (ECN), Volume 5, Number 2 (August/September 2009).  The full article is available online


miscellaneous news items can be found here:




Barry Mulcahy