Periodic Reporting for period 1 - 5GhOSTS (5th GeneratiOn Security for Telecom Services) Reporting period: 2019-09-01 to 2021-08-31 Summary of the context and overall objectives of the project 5GhOSTS will analyse and improve the security of service-based implementations of 5G networks, relevant to protect the EU’s critical communication infrastructure. Starting from the emerging 3GPP's service-based architecture for 5G networks, which includes virtualization of mobile and core network functions, the project aims to improve the security of virtualization technologies: containers, lightweight Virtual Machines and orchestration frameworks. Unlike previous evolutions in the telecommunications sector, the 5th Generation of Telecommunication Systems (5G) presents diverse and novel requirements for technologies such as heterogeneous air interfaces, Software Defined Networking, Network Functions Virtualization, Mobile Edge Computing and Fog Computing, as well as algorithms to optimize the management of such complex networks. As a result, the 5G evolution will mainly built on layers of software services. The telecom industry is migrating to virtualized and orchestrated environments, allowing the deployment of Virtual Network Functions (VNFs) on cloud infrastructure enabling the concept of network slicing. The main motivation driver for this move is sustainability through cost and energy reduction as well as full automation of telecom systems operations facilitating dynamic and scalable adaptation to service demands. State-of-the-art light-weight virtualization and container orchestration frameworks clearly contribute to this driver, but do not meet the stringent security requirements of telecommunication systems. Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far Four Early Stage Researchers (ESRs) are working on the following topics:Gianlica Scopellitti (ESR1) is tackling the integrity protection of container images. It needs to be ensured that the integrity and confidentiality of the container image is not damaged during the container image life cycle, which encompasses multiple phases such as development, image building, image distribution, and container execution. Despite the ample existing security measures (image scanning, digital signing and hashing, trusted execution environments), there still remains a small window during the container execution phase when the container images are left vulnerable. Gianluca tackles this challenge by using and combining trusted computing and remote attestation techniques in a novel way. Moreover, approaches to interconnect enclave applications in heterogeneous and distributed trusted computing environments are not well understood. Gianluca will therefore further develop the concept of authentic execution so that it becomes applicable to distributed container-based applications. Authentic execution is a notion of end-to-end security and secure I/O where the overall application's behaviour depends solely on trusted code executed within a hardware-protected memory segment and authenticated inputs. Gerald Budigiri (ESR2) is focusing on inter-container communication that occurs at the level of the network between containers. This network is set up and managed by external system components that interact with Kubernetes through a standardized interface . Gerald has evaluated the performance overheads of these external components with a more detailed assessment of the overhead of the aforementioned security policies that restrict inter-container communication by means of fine-grained firewall rules. He has also analysed the main security threats and vulnerabilities of such security policies. With regard to the performance evaluation, no significant performance overhead has been observed, which means that network-level security policies are suitable for ultra-low-latency applications. Regarding the analysis of security threats the main problem is that of misconfiguration. In view of this threat, Gerald is developing a verification method that will not only verify policy correctness and compliance but also verify against cross-layer inconsistencies between different system layers of the Kubernetes stack. Merve Turhan (ESR3) aims to improve the security of commonly used system and application components in 5G applications by applying and combining techniques for strong software isolation mechanisms, safe programming languages and formal verification. As such, Merve will incept a development methodology and provide trustworthy software components that are ready to be deployed in existing container-based clusters. Currently, she is looking at low-latency applications that are implemented in systems-oriented programming languages such as C and C++ that do not offer memory-safety, and thus can be exploited by buffer-overflow attacks These attacks submit carefully crafted inputs to an application in order to trick the application to execute arbitrary code or to leak sensitive information. This is especially damaging in multi-tenant applications such as web services where a HTTP request from one user can overwrite or steal data from other users. Mykyta Petik (ESR4) will ensure compliance of the technological building blocks with the relevant EU legislation on privacy, data protection and security, such as GDPR and the NIS Directive. Any produced results by the other three ESRs will be studied for privacy compliance and potential recommendations to policy-makers and regulators will be formulated and disseminated. One of the findings is that software-defined networks themselves contribute to disruption of privacy in 5G due to their dynamic and flexible nature. Software-defined networks can dynamically re-route user traffic to different data centers in the edge or in the cloud, and together with container-based orchestration it will enable the dynamic provisioning of new data processing functions. In summary, the 5G network and its data processing facilities are not fixed once data is sent from the mobile device of end users. As such privacy compliance cannot be certified once and for all, instead, the container orchestration process and software-defined networks have to guarantee compliance with privacy, data protection, and security requirements in an auditable fashion. Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far) The objectives of the 5GhOSTS project are:1. To form an international and interdisciplinary research group of four ESRs and senior researchers. The ESR’s will benefit from close intersectoral collaboration to develop transferable skills, both soft and technical skills that will uplift their future careers. The ambitious training networks leverages academic excellence and intersectoral mobility, together with a strong business‐ and innovation‐oriented mind‐set, to develop technical skills with a thorough understanding of legal and business aspects. 5GhOSTS fosters innovation and standardization in the mobile networks of the future, focusing on security and privacy in an EU context;2. To design, implement and release a number of building blocks for secure light‐weight virtualization and container orchestration technology for upcoming 5G networks, which provide a strong, well‐understood and formalized notion of security, and which complies with legal requirements with respect to data privacy. These building blocks will be a high‐priority asset for the non‐academic beneficiaries’ competitiveness in 5G product development;3. To address the growing need of the EU economy for young researchers with a strong profile (technical, legal and economic) in the 5G telecommunications domain, thus increasing the researchers’ international competitiveness.