secuRe desIGn and deplOyment of trUsthwoRthy cOntinUum computing 6G Services

Trustworthy time-critical continuum computing services, including future end-to-end 6G services (e.g. real-time holographic and mixed-reality applications, hyperconnected and beyond Industry 4.0 processes), have recently gained a high momentum due to their expected roles in the way people (and machines) communicate. The RIGOUROUS project aspires to identify and address the major cybersecurity, trust and privacy risks threatening the network, devices, computing infrastructure, and next generation of services. RIGOUROUS is addressing these challenges by introducing a new holistic and smart service framework leveraging new machine learning (ML) and AI mechanisms, which can react dynamically to the ever-changing threat surface on all orchestration layers and network functions. The main objectives of Rigourous are: i) Design and implement an Holistic Smart Service framework for securing the IoT-Edge-Cloud continuum lifecycle management, ii) Deliver Human-Centric DevSecOps models and tools iii) Devise and implement a model-based and AI-driven Automated Security Orchestration, Trust Management and deployment iv) Look into advanced AI-driven Anomaly Detection, decision and Mitigation Strategies v) Demonstration of a Set of Industrially Relevant Use Cases in Operational Environments

During the first 18 month the project has defined a methodology for collecting and defining the high-level requirements, defining the first architecture of RIGOUROUS, including the main functional blocks, workflows, services as well as the Use-Cases and threat scenarios specifications. The project has devised, designed and implemented the first proof of concepts implementations of the enablers and assets being investigated for coming up with a Multi-domain model-based automated security orchestration, trustmanagement and deployment. It this regard, it is worth highlighting, the design and implementation of the security/privacy models, design of the onboading specifications of network resources and devices and policy framework, and the privacy quantifier enabler. Design and implementation of the security/privacy orchestrator, the zero-touch device bootstrapping, trusted application onboarding mechanism, and the privacy and privacy-preserving ABC mechanism for credential enrolment. In addition the project has deliverd the first results of the innovative mechanisms powered by AI to enable federated cross-domain analytics for anomaly detection with privacy protection and resilience to adversarial attacks, dynamic and automated service composition mechanisms, based on a hybrid scheme combining AI with rules-based systems, in order to detect and resolve the interconnection problems (interoperability and/or security, privacy and trust mismatches) among components that are attempting to interoperate, and which are not known in advance. Besides, the project has delivered the first AI-driven mechanisms for the automated decision making for the proper mitigation as well as the enablers to achieve a fully functional close control loop for automated security mitigation against cyber-attacks. Furthemore the project has designed the methodology for testing and integration, acomplished the first set of in-lab experiments and delivered described the results of the first implement prototype and inlab testing.

RIGOUROUS has come up with first prototypes of several technologies betyond the state of the art that can ensure secure, privacy-preserving, and trustworthy services. The AI-based Security Orchestration is able to make orchestration decisions across domains and cross-network segments along the IoT-RAN-EDGE-Core-Cloud continuum in the 6G network. The novel Privacy-preserving Federated AI strengthens anomaly detection across these domains and network segments combining FL with PET technologies. RIGOUROUS is advancing the control of the network to new levels of accuracy and control, where network slicing technologies can be enforced across the segments of the data plane enabling a novel mechanism to effectively mitigate threats and cyber-attacks. This mechanism will be empowered by a Cognitive SOAR control loop able to perform such mitigation without human intervention. RIGOUROUS has explored novel mechanisms for decentralized identity to enable digital identification based on the self-sovereign identifier (SSI) privacy-preserving mechanism and identifier authentication based on the associated verifiable secure credentials to be integrated in B5G network. The End-to-End multi-Domain 6G slicing perform security isolation and security control of the various network slice instances corresponding to the different applications with different multi-domain security requirements. The Dynamic and Automated Service Composition ensure and automate the interconnection (and the interoperability) capabilities of service components. The Cyber-Physical Correlator will perform real-time anomaly detection for intrusion patterns recognition and root cause analysis. The Threat Risk Assessment will provide a dynamic identification of risks and their characteristics, as well as a smart environment for monitoring, troubleshooting, and testing. All these technologies are being offered to multi-stakeholders and tenants including vertical industries as users, via a programmable platform that is based on an intent-based Security & Privacy formal modelling and onboarding specification to embrace policy enforcement of specific contextual elements for 6G and make them adaptive and smart according to the underling system and context.