Skip to main content

Securing against intruders and other threats through a NFV-enabled environment

Deliverables

Requirements, KPIs, design and architecture

This deliverable will provide the requirements, the general architecture and design for the different component of SHIELD, along with the description of their interaction. This deliverable will be based on the use cases analysis. Additionally it will contain also the technical KPIs to measure the performance of the project with respect to the requirements and the tests (containing data requirements needed to evaluate the KPIs).

Interim report on Exploitation Activities

This Deliverable will provide an initial report on SHIELD exploitation activities including: analysis of global cybersecurity market and environment, identification of SHIELD positioning in the market and its unique value proposition. This deliverable will also demonstrate the barriers that may limit system’s development. Furthermore, the factors that influence the success of the proposed technology are identified.

Specifications, design and architecture for the usable information-driven engine

This document will provide the specifications of the different components of the DARE as well as their design and architecture.

Project Dissemination and Communication Plan

A detailed plan describing the designated dissemination and communication activities of each partner in the SHIELD consortium.

Updated specifications, design and architecture for the vNSF ecosystem

This document will update D3.1 according to the inputs received in the integration (T5.1) and evaluation (T5.2)

Updated specifications, design and architecture for the usable information-driven engine

This document will update D4.1 according to the inputs received in the integration(T5.1) and evaluation (T5.2)

Standardisation Plan

Roadmap of SHIELD’s contributions in order to plan and keep track of the project’s inputs to standardization. In the roadmap procedure, targeted standardisation bodies, fora and work groups will be defined. SHIELD will initially aim at the following standardization bodies and open-source projects: • ETSI, and in particular those groups related to NFV technologies (the NFV and MEC ISGs) and cybersecurity (the CYBER and LI WGs). • IETF, focusing on those WGs related with security automation (SACM) and the coming activities related to virtual security functions (the proposed I2NSF WG), and contributing to general efforts in what relates to security applications, as in the cases of the ANIMA (autonomic networking), SFC (function chaining) and I2RS (network programmability) WGs. • IRTF, mostly on the activities of the NFV and the SDN RGs • ONF, especially in the Security group, but with potential contributions in the Operator Area and issues related to the Northbound Interfaces group. • TM Forum, with special emphasis on the SDN/NFV Interest Group, and the Security and Privacy Management Community. • The OpenStack project, as the main upstream open-source reference for NFV and virtualization activities in general. • The OPNFV project, as the common reference for NFV open-source integration • The OpenDayLight project, as the most comprehensive software-based networking open-source implementation. • The ONOS project, as the emerging carrier-grade software networking open-source solution.

Specifications, design and architecture for the vNSF ecosystem

This document will provide the specifications of the different components of the vNSF ecosystem, as well as their design and architecture.

Updated requirements, KPIs, design and architecture

This deliverable will update the requirements, design and architecture gathered in D2.1 with a second iteration taking into account the inputs given by evaluation (T5.2).

Final report on Exploitation Activities

D6.4 will provide the final report on SHIELD exploitation activities including: financial and economic analysis, sensitivity and risk analyses in order to assess technology and market risks. Strategic guidelines for the most appropriate services for development will also be provided. Individual exploitation plans will also be reported.

Project management handbook

This deliverable contains all the necessary information to support management of the project, with highlights on the procedures covering, the online collaboration for effective co-operation, Project Deliverables: production process, ensuring quality, here to store, how to review, monthly reporting of effort, and progress and the mechanisms for working effectively on the project.

Information-driven engine ready for experiments

The last deliverable shall provide a final view on the DARE. This document will extend D4.1 and D4.2 and will contain all the description and usage of the modules composing the DARE. It will also contain the related software.

Final demonstration, roadmap and validation results

Report on the integrated SHIELD modules, their interconnection, the use cases implemented and evaluation results. Description and deployment of the platform tests, including the equipment to complement the developed SHIELD modules. This deliverable will also contain the final prototype.

Integration results of SHIELD HW/SW modules

Description of the component testing and integration of SHIELD parts. Report on the results of the integrated prototypes validation and associated performance assessments.

vNSF framework ready for experiments

The last deliverable shall provide a final view on the vNSF environment. This document will extend D3.1 and D3.2 and will contain all the description and usage of the modules composing the vNSF ecosystem. It will also contain the related software.

Searching for OpenAIRE data...

Publications

NFV-based network protection: The SHIELD approach

Author(s): A. Lioy, G. Gardikis, B. Gaston, L. Jacquin, M. De Benedictis, Y. Angelopoulos, C. Xylouris
Published in: 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Issue 6-8 November 2017, 2017, Page(s) 1-2
DOI: 10.1109/nfv-sdn.2017.8169869

On the establishment of trust in the cloud-based ETSI NFV framework

Author(s): Marco De Benedictis, Antonio Lioy
Published in: 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Issue 6-8 November 2017, 2017, Page(s) 280-285
DOI: 10.1109/nfv-sdn.2017.8169864

Factors Influencing Market Adoption and Evolution of NFV/SDN Cybersecurity Solutions. Evidence from SHIELD Project

Author(s): D. Katsianis, I. Neokosmidis, A. Pastor, L. Jacquin, G. Gardikis
Published in: 2018 European Conference on Networks and Communications (EuCNC), Issue 18-21 June 2018, 2018, Page(s) 1-5
DOI: 10.1109/eucnc.2018.8442845

Container-based design of a Virtual Network Security Function

Author(s): Marco De Benedictis, Antonio Lioy, Paolo Smiraglia
Published in: 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft), Issue 25-29 June 2018, 2018, Page(s) 55-63
DOI: 10.1109/netsoft.2018.8459903

Application of distributed computing and machine learning technologies to cybersecurity

Author(s): Hamza Attak, Marc Combalia, Georgios Gardikis, Bernat Gastón, Ludovic Jacquin, Dimitris Katsianis, Antonis Litke, Nikolaos Papadakis, Dimitris Papadopoulos, Antonio Pastor, Marc Roig, Olga Segou
Published in: Computer & Electronics Security Applications Rendez-vous (C&ESAR) 2018, Issue 19-21 November 2018, 2018
DOI: 10.5281/zenodo.3266038

Evaluation of Apache Spot's machine learning capabilities in an SDN/NFV enabled environment

Author(s): Christos M. Mathas, Olga E. Segou, Georgios Xylouris, Dimitris Christinakis, Michail-Alexandros Kourtis, Costas Vassilakis, Anastasios Kourtis
Published in: Proceedings of the 13th International Conference on Availability, Reliability and Security - ARES 2018, Issue 27-30 August 2018, 2018, Page(s) 1-10
DOI: 10.1145/3230833.3233278

The Mouseworld, a security traffic analysis lab based on NFV/SDN

Author(s): Antonio Pastor, Alberto Mozo, Diego R. Lopez, Jesus Folgueira, Angeliki Kapodistria
Published in: Proceedings of the 13th International Conference on Availability, Reliability and Security - ARES 2018, Issue 27-30 August 2018, 2018, Page(s) 1-6
DOI: 10.1145/3230833.3233283

Enhanced IoT security through orchestrated policy enforcement gateways

Author(s): H. Attak, L. Jacquin, A.L. Shaw, M. Casassa-Mont and Y. Beresna
Published in: C&ESAR 2016 - Computer & Electronics Security Applications Rendez-vous - Internet des Objets Vous avez dit sécurité ?, Issue 21-23 November, 2016, 2016, Page(s) 171-181
DOI: 10.5281/zenodo.3264907

SHIELD: A novel NFV-based cybersecurity framework

Author(s): G. Gardikis, K. Tzoulas, K. Tripolitis, A. Bartzas, S. Costicoglou, Antonio Lioy, B. Gaston, C. Fernandez, C. Davila, A. Litke, N. Papadakis, D. Papadopoulos, A. Pastor, J. Nunez, L. Jacquin, H. Attak, N. Davri, G. Xylouris, M. Kafetzakis, D. Katsianis, I. Neokosmidis, M. Terranova, C. Giustozzi, T. Batista, R. Preto, E. Trouva, Y. Angelopoulos, A. Kourtis
Published in: 2017 IEEE Conference on Network Softwarization (NetSoft), Issue 3-7 July, 2017, 2017, Page(s) 1-6
DOI: 10.1109/NETSOFT.2017.8004228

SHIELD– Securing against intruders and other threats through a NFV‐ enabled environment

Author(s): N.Papadakis, A.Litke, D.Papadopoulos
Published in: 4th International Conference on Operational Planning, Technological Innovations and Mathematical Applications (OPTIMA), Issue 25th-26th May, 2017, 2017, Page(s) 206
DOI: 10.5281/zenodo.3264964

Integrity verification of Docker containers for a lightweight cloud environment

Author(s): Marco De Benedictis, Antonio Lioy
Published in: Future Generation Computer Systems, Issue 97, 2019, Page(s) 236-246, ISSN 0167-739X
DOI: 10.1016/j.future.2019.02.026

Adding Support for Automatic Enforcement of Security Policies in NFV Networks

Author(s): Cataldo Basile, Fulvio Valenza, Antonio Lioy, Diego R. Lopez, Antonio Pastor Perales
Published in: IEEE/ACM Transactions on Networking, Issue 27/2, 2019, Page(s) 707-720, ISSN 1063-6692
DOI: 10.1109/tnet.2019.2895278

Classification and Analysis of Communication Protection Policy Anomalies

Author(s): Fulvio Valenza, Cataldo Basile, Daniele Canavese, Antonio Lioy
Published in: IEEE/ACM Transactions on Networking, Issue 25/5, 2017, Page(s) 2601-2614, ISSN 1063-6692
DOI: 10.1109/tnet.2017.2708096