Description of the Solution. The ability to guarantee that a given network packet has passed through certain nodes and in a given order is one of the most powerful mechanisms to ensure that the services in a network are working as expected and to make them resilient against attacks and provide trust to users. It also allows attesting the service or monitored behaviour in case of legal problems or regulations. OPoT technology solves the lack of verification of the correct order of nodes on the path. 5 xxxxx://xxxxxx.xxx/IurmanJ/kernel_ipv6_ioam E2E Slice Mgmt KPIs report Mgmt Domain (edge,core,«) Mgmt Domain (transport,«) Trust Manager Trust Manager Enforce/ monitor PoT Enforce/ monitor PoT Security Orchestrator
Description of the Solution. This enabler brings together the notions of trust, reputation and fault management. We propose to transpose the notion of reputation, generally linked to security aspects, to score the effort made by an SDN domain to manage faults of non-intentional nature. The goal of this section is to propose an online reputation framework for multi-domain SDN environments composed of heterogeneous domains cooperating in an end-to-end service. This framework objectively quantifies in real-time the effort made by each SDN domain to manage faults.
Description of the Solution. The solution is to propose a static evaluation of the different components if possible (if they have descriptors, source code). For each component, adapted metric should be defined and could be measured automatically or manually. These metrics would be combined for defining trustworthiness properties exposed by the components. This approach was already followed for VNF and a Java application. The solution in INSPIRE-5Gplus would reuse an existing work and would complete it for different other kinds of component.
Description of the Solution. To provide a solution to this problem, a Trust Manager mechanism will be implemented, designed as a Smart Contract, which will calculate the trust and reliability of a cloud infrastructure, or the services deployed on it, based on multiple values for both the infrastructure and the services. Different types of Trust Manager can be offered (with different Smart Contracts for each of them), depending on the element the trust is being calculated. The information from which trust is calculated is listed below: x Attestation of VMs, hypervisors, and network traffic as well as the information coming from the entities dynamically deployed to enforce security policies, such as detections, decisions and reactions. This input will come from multiple monitoring services, deployed throughout the infrastructure, which will offer the information both in real-time and by storing it in a historic. x System Model/topology of the infrastructure, as well as Manifests and VNFs software execution evidence. x Audits from Remote Verifiers. Remote Verifiers are entities in charge of performing analysis of the services or the underlying infrastructure. The number of present Remote Verifiers is variable, as there may be several, each focused on a specific aspect of security and/or to have second opinions on certain fields. Concerning Remote Verifiers reports, a series of Smart Contracts are defined, which determine the way the attestations are performed, therefore making those attestations auditable. The remote verifiers obtained reports, using the defined smart contracts, are supported by the blockchain infrastructure, providing traceability and auditing. x The Security policies and SSLAs defined on the environment, to ensure their compliance. With all this information, Smart Contracts are defined, whose output includes the trust value (score obtained in a quantitative way) of VNFs and services or the VIM, as well as the SLA and SSLA compliance (if applicable) and the Security Policies verification. For trust calculation, a set of weight algorithms or conditions will be used, together with a Fuzzy Trust Evaluator, which will use weights and fuzzy logic (among others) to calculate it. Since the trust score is calculated as a Smart Contract, the process and hence the score obtained is auditable and provides non-repudiation, as values are added to the blockchain. In this way, all the process and the events that occur are also recorded and stored in the blockchain.
Description of the Solution. The concept of RAGs provides a new framework that captures simultaneously the topology of a system, the vulnerabilities, the accessibility between the components, their external exposure, and the way all these elements may evolve over the time. Thus, RAGs provide a framework for fine qualitative and quantitative risk assessment approaches to assess the impact of the exploitation of the vulnerabilities and their exposition surface throughout the nodes of the graph; to compute risk indicator metrics; and to observe their evolution over several time periods. More precisely, the system is represented as a directional graph in which a node can be either be an asset-vulnerability pair or an access point. An arc in the RAG means that the exploitation of a vulnerability of the source node exposes the target node to the exploitation of its vulnerability. A path corresponds to a potential violation of a node. A potentiality function and an accessibility function are also introduced in the model. The former evaluates the likelihood of each attack at each time slot. On the other hand, the accessibility function gives the ratio of time the system assets are accessible from each other at each time slot. The accessibility and potentiality functions are used to evaluate, respectively, the nodes and the arcs at each time slot (see Figure 16). RAGs could be used as an input to determine the best strategies to secure a system. Given a set of available countermeasures associated with the vulnerabilities (ranging from firmware updates or patches to VNF deployments), several optimization models have been developed to solve security- issue optimization problems [35], e.g., where to place countermeasures a priori to mitigate the risk of a chain of exploits.
Description of the Solution. The Solution is a security solution which filters the content of emails as specified in the Description Solution. Access to the Solution is subject to the compatibility of the Customer's infrastructure with the specifications of the Solution. The technical support provided by Vade is set forth in the SLA.
Description of the Solution. For the sake of simplicity, in this section, we focus on one property to attest, namely the property “layer binding”. In a virtualized infrastructure, layer binding refers to the fact of proving that a virtualized infrastructure is running on a designated hardware, i.e., a VM (V1) is running on top of hypervisor (H1) which is running on a compute node (C1). The family of Remote Attestation protocols that enables “layer binding” property is called Deep Attestation. Our solution of deep attestation protocol takes the advantages of both single channel and multi-channel implementations while overcoming the limitations. In a 5G network, it can be used by a mobile network operator to check that a VNF has been instantiated on top of - or migrated to – a legitimated hardware infrastructure (i.e., compute node). The RA enabler is composed of three components: RA server, RA Agent T1 and RA Agent T2 as shown in Figure 1. Figure 1 RA components
(a) check if a target is RA compliant and so can perform a RA (CheckRA), (b) push required software on the RA target and make the necessary setup, (c) clean up a target from RA software (endRA), (d) return back the active RA targets (Running RA Request, RRARequest) and (e) run a RA on a target and verify the result (RARequest, RAVerify). To ensure all these operations, RA server component controls a set of RA Agent T1 and RA Agent T2 components. The RA Agents are responsible for data collection from infrastructure and the secure computation and delivery of an attestation result. Hereafter, we give the details of our deep attestation protocol. In Figure 2, we provide an overview of our protocol. In this context, we consider TPM – and vTPM - as a Root of Trust (RoT) - and a virtualized Root of Trust (vRoT). We give further details about the implementation in the following sections. The intuition of our protocol is as follows: The hypervisor will securely append to its attestation a list of public keys, corresponding to the VMs physically hosted on the same device. These are public attestation keys. The vTPMs will use the corresponding private keys to sign the authenticated quotes established for the VMs, thus providing linkage. The protocol steps are: Figure 2 [RA enabler] Deep attestation protocol overview
1. The RA Agent T1 located in the hypervisor will establish a secure TLS channel with the remote attestation server (RA Server)
2. The RA Agent T1 exchanges with the TPM to compute the attestation of the hypervisor. This opera...
Description of the Solution. In the context of INSPIRE-5Gplus, the RCA enabler relies on machine learning algorithms to identify the most probable cause(s) of detected anomalies based on the knowledge of similar observed ones. Figure 4 shows the high-level architecture of the implemented enabler.
Description of the Solution. The proposed manifest is modular and follows the 5G infrastructure component throughout its life cycle, as depicted in Figure 7. During the manufacturing phase, the Component Provider builds the component by using the building blocks provided by software editors, hardware manufacturers or Service Providers. The Component Provider provides a first version of the manifest based on the description of features and preliminary usage recommendations. Then, the Validator tests the component, evaluates risks and compliance to applicable requirements. Based on its observations, it can add properties or describe controls or requirements, called usage constraints that need to be enforced by the Slice Provider (SP) to guarantee normal functioning or avoid exploitation of a known vulnerability. At the end of these steps, the manifest contains the description of a class of Component.
Description of the Solution. The self-modelling algorithm depends on the network resources to be modelled. Table 4 shows some examples of the resources to be modelled in softwarized infrastructure. This self-modelling algorithm receives as input the network descriptor coming from the SDN controller. It creates the network dependency based on each network element (nodes and links) found in the network descriptor based on the following steps:
1. Identifies the type of network element (node or link)
2. Instantiates its corresponding template according to the type of element (GN for nodes or GL for links)
3. Instantiates the dependency sub-graph of that network element
4. Appends the instantiated dependency graphs to the network dependency graph following the topological connections interpreted from the SDN controller Figure 8 Example of network dependency graph (Q=3 nodes and P=2 links) Figure 8 shows a very brief example on how the Network Dependency Graph is built for a network topology composed of two hosts connected through a OVS open switch. Table 6 Types of resources considered per layer Firstly, the network dependency graph in the shape of DAG is generated by the self-modelling algorithm and is then filled with the observations gathered from the following network components as shown in Figure 9: - CPU load on network nodes - state of switches’ ports, - state of SDN controller’s ports, - state of hosts’ network cards, - state of the SDN controller application, - state of the OpenFlow client applications running on switches, of VNFs on hosts if any - state of the video streaming application running on the clients and on server Figure 9 Transformation of the network topology into a machine-readable format The scenario of the demonstration is shown in Figure 10. A new client demands the video content to the streaming server (1) [52], which starts sending it. However, for this content to reach the client, the SDN controller must install the necessary flows on the switches (2). The GUI monitors the current network topology provided by the SDN controller in a periodic basis and it classifies the network elements (3) into different nodes (hosts, switches, and controllers) and links. Figure 10 Implementation of the self-healing framework The workflow of the testbed for a streaming oriented scenario shown in Figure 9 is as follows: A new client arrives and demands the content to the streaming server (1), which starts sending the content. The SDN controller installs the necessary flows on th...
