Skip to main content

A cybersecurity framework to GUArantee Reliability and trust for Digital service chains

Periodic Reporting for period 1 - GUARD (A cybersecurity framework to GUArantee Reliability and trust for Digital service chains)

Reporting period: 2019-05-01 to 2020-10-31

Today, the ICT industry is introducing new architectures that bring more agility in the creation and management of new services. As a matter of fact, the implementation of applications is progressively moving from the traditional “writing and linking the code” pattern to more modern paradigms based on “chaining of elementary services.” The new paradigms leverage the availability of virtualization infrastructures, smart things, pre-packaged software modules, and data in public or private marketplaces, which are connected together (“chained”) through common interfaces in elastic topologies (see the pictorial example in Figure 1). Indeed, all recent frameworks for building cloud, IoT, and network applications (i.e. respectively TOSCA, FIWARE, NFV) already follow this approach.

While a lot of progress has been made in recent years in the field of virtualization and open interfaces for remote management and self-provisioning, cyber-security paradigms are still mostly stuck to legacy models that do not take into account the dynamicity and multi-tenancy nature of modern business chains. Therefore, novel security and privacy models are required, because the legacy (virtual) security perimeter model becomes unfeasible when multiple services are acquired from different providers. Without this evolution, organizations will remain reluctant to move their processes to the cloud, while customers will continue to have privacy and confidentiality concerns. Ultimately, this would jeopardize the concrete realization of expected evolution in terms of service agility underpinned by cloud, IoT and 5G technologies.

The GUARD project investigates the feasibility of integrating security controls into management/control APIs of digital resources. While the range of security services for digital business chains is very broad, the GUARD project focuses on attack detection and prevention, including both service availability and data sovereignty. Under this challenging scenario, the GUARD objectives mostly revolve around the three main concepts of visibility, detection and traceability to improve awareness.

Demonstration and validation of the proposed solution is also expected in two relevant Use Cases. The first Use Case addresses public transportation and an application which collects data from buses for predictive maintenance, with a clear focus on the integrity of the service and exchanged messages. The second Use Case implements a medical application for sharing data within physicians in an Hospital and with external entities, and focuses on tracking the propagation of sensitive information and applying sharing controls based on user’s preferences.
Based on the overall concept and specific requirements from technological roadmaps and involved end-users, the Project has delivered its architecture, which analyses the peculiar aspects of the digital chain model and identifies the necessary logical elements to extend the scope of SIEM tools to new business environments. The framework is made of a centralized GUARD platform, owned and operated by security operators and security functions embedded in digital resources (implemented by Local Agents) and exposed by specific APIs; this is schematically depicted in Figure 1. The former is typically deployed and operated by a Security Provider, while the latter are deployed and exposed by Resource Providers in their own digital resources.

The centralized platform is largely based on the Elastic Stack, which is enriched with a specific element that manages the presence of multiple heterogeneous agents in different domains. A dashboard is also present that gives a graphical and intuitive representation of the topology of the whole chain and available agents, as well as supports specific detection and analytics services. A set of programmable agents have been designed and integrated that cover most of the detection needs (file logs, network traffic, signature and rule-based detection, filtering of API messages), including the possibility to run local detectors. The set of algorithms includes detection of DoS by machine learning, vulnerability and risk analysis, and anomaly detection on the LORA network. Other algorithms will be integrated in the next period.

For the first use case, an application that collects data from IoT devices on buses used in the city of Wolfsburg has been designed and implemented. It uses a LORA network for communications and deploys a number of applications and services in the cloud. For the second use case, an application to share medical data between physicians has been designed following the principles of the IDS architecture; interactions with external entities are also possible, by leveraging block chain technology.
The GUARD approach goes beyond the scope of a middleware that hides the heterogeneity of security functions exposed by Resource Providers (as typically done by Cloud Access Security Brokers), because it is intended to “build” detection and analytics pipelines by direct control on the monitoring and inspection processes implemented by Local Agents. Of course, there are limitations to what is visible, due to confidentiality and privacy concerns.
At the architecture level, the Project concept is progressing beyond the current state of the art in the following way:
• more flexibility than existing tools in the creation and modification of processing pipelines at run-time;
• the management of trust relationships between the different entities that provide digital resources, create and operate value-added services, and implement security processes;
• new data trading models, based on the concept of open data spaces.

The framework also develops innovative algorithms for checking both the service integrity and data sovereignty:
• integration of machine learning techniques for the identification of anomalies and denial of service in the network;
• dynamic insertion of detectors for the analysis of application logs and system metrics;
• identification of internal and external vulnerabilities;
• tracking and filtering of data propagation within a data space, according to user-defined policies.

The project expects a long-term impact for all modern service development paradigms, which are largely based on the integration of cloud applications and IoT devices through micro-services and service mesh patterns. Definitely, this would remove many of existing concerns in the adoption of cloud technologies and the implementation of cyber-physical systems, reducing the need for expensive vertical closed silos and fostering the combination of products and services from multiple vendors.
Digital services are composed by complex chains of software, processes, and devices.
GUARD framework is made of a centralized platform and security functions offered by Resource Pro
The GUARD concept revolves around the idea of improving awareness for improving response.