Description of the solution. The ability to guarantee that a given network packet has passed through certain nodes and in a given order is one of the most powerful mechanisms to ensure that the services in a network are working as expected and to make them resilient against attacks and provide trust to users. It also allows attesting the service or monitored behaviour in case of legal problems or regulations. OPoT technology solves the lack of verification of the correct order of nodes on the path. 5 xxxxx://xxxxxx.xxx/IurmanJ/kernel_ipv6_ioam E2E Slice Mgmt KPIs report Mgmt Domain (edge,core,«) Mgmt Domain (transport,«) Trust Manager Trust Manager Enforce/ monitor PoT Enforce/ monitor PoT Security Orchestrator
Description of the solution. This enabler brings together the notions of trust, reputation and fault management. We propose to transpose the notion of reputation, generally linked to security aspects, to score the effort made by an SDN domain to manage faults of non-intentional nature. The goal of this section is to propose an online reputation framework for multi-domain SDN environments composed of heterogeneous domains cooperating in an end-to-end service. This framework objectively quantifies in real-time the effort made by each SDN domain to manage faults.
Description of the solution. The solution is to propose a static evaluation of the different components if possible (if they have descriptors, source code). For each component, adapted metric should be defined and could be measured automatically or manually. These metrics would be combined for defining trustworthiness properties exposed by the components. This approach was already followed for VNF and a Java application. The solution in INSPIRE-5Gplus would reuse an existing work and would complete it for different other kinds of component.
Description of the solution. To provide a solution to this problem, a Trust Manager mechanism will be implemented, designed as a Smart Contract, which will calculate the trust and reliability of a cloud infrastructure, or the services deployed on it, based on multiple values for both the infrastructure and the services. Different types of Trust Manager can be offered (with different Smart Contracts for each of them), depending on the element the trust is being calculated. The information from which trust is calculated is listed below: x Attestation of VMs, hypervisors, and network traffic as well as the information coming from the entities dynamically deployed to enforce security policies, such as detections, decisions and reactions. This input will come from multiple monitoring services, deployed throughout the infrastructure, which will offer the information both in real-time and by storing it in a historic. x System Model/topology of the infrastructure, as well as Manifests and VNFs software execution evidence. x Audits from Remote Verifiers. Remote Verifiers are entities in charge of performing analysis of the services or the underlying infrastructure. The number of present Remote Verifiers is variable, as there may be several, each focused on a specific aspect of security and/or to have second opinions on certain fields. Concerning Remote Verifiers reports, a series of Smart Contracts are defined, which determine the way the attestations are performed, therefore making those attestations auditable. The remote verifiers obtained reports, using the defined smart contracts, are supported by the blockchain infrastructure, providing traceability and auditing. x The Security policies and SSLAs defined on the environment, to ensure their compliance. With all this information, Smart Contracts are defined, whose output includes the trust value (score obtained in a quantitative way) of VNFs and services or the VIM, as well as the SLA and SSLA compliance (if applicable) and the Security Policies verification. For trust calculation, a set of weight algorithms or conditions will be used, together with a Fuzzy Trust Evaluator, which will use weights and fuzzy logic (among others) to calculate it. Since the trust score is calculated as a Smart Contract, the process and hence the score obtained is auditable and provides non-repudiation, as values are added to the blockchain. In this way, all the process and the events that occur are also recorded and stored in the blockchain.
Description of the solution. The concept of RAGs provides a new framework that captures simultaneously the topology of a system, the vulnerabilities, the accessibility between the components, their external exposure, and the way all these elements may evolve over the time. Thus, RAGs provide a framework for fine qualitative and quantitative risk assessment approaches to assess the impact of the exploitation of the vulnerabilities and their exposition surface throughout the nodes of the graph; to compute risk indicator metrics; and to observe their evolution over several time periods. More precisely, the system is represented as a directional graph in which a node can be either be an asset-vulnerability pair or an access point. An arc in the RAG means that the exploitation of a vulnerability of the source node exposes the target node to the exploitation of its vulnerability. A path corresponds to a potential violation of a node. A potentiality function and an accessibility function are also introduced in the model. The former evaluates the likelihood of each attack at each time slot. On the other hand, the accessibility function gives the ratio of time the system assets are accessible from each other at each time slot. The accessibility and potentiality functions are used to evaluate, respectively, the nodes and the arcs at each time slot (see Figure 16). RAGs could be used as an input to determine the best strategies to secure a system. Given a set of available countermeasures associated with the vulnerabilities (ranging from firmware updates or patches to VNF deployments), several optimization models have been developed to solve security- issue optimization problems [35], e.g., where to place countermeasures a priori to mitigate the risk of a chain of exploits.
Description of the solution. For the sake of simplicity, in this section, we focus on one property to attest, namely the property “layer binding”. In a virtualized infrastructure, layer binding refers to the fact of proving that a virtualized infrastructure is running on a designated hardware, i.e., a VM (V1) is running on top of hypervisor (H1) which is running on a compute node (C1). The family of Remote Attestation protocols that enables “layer binding” property is called Deep Attestation. Our solution of deep attestation protocol takes the advantages of both single channel and multi-channel implementations while overcoming the limitations. In a 5G network, it can be used by a mobile network operator to check that a VNF has been instantiated on top of - or migrated to – a legitimated hardware infrastructure (i.e., compute node). The RA enabler is composed of three components: RA server, RA Agent T1 and RA Agent T2 as shown in Figure 1. Figure 1 RA components
Description of the solution. In the context of INSPIRE-5Gplus, the RCA enabler relies on machine learning algorithms to identify the most probable cause(s) of detected anomalies based on the knowledge of similar observed ones. Figure 4 shows the high-level architecture of the implemented enabler.
Description of the solution. The proposed manifest is modular and follows the 5G infrastructure component throughout its life cycle, as depicted in Figure 7. During the manufacturing phase, the Component Provider builds the component by using the building blocks provided by software editors, hardware manufacturers or Service Providers. The Component Provider provides a first version of the manifest based on the description of features and preliminary usage recommendations. Then, the Validator tests the component, evaluates risks and compliance to applicable requirements. Based on its observations, it can add properties or describe controls or requirements, called usage constraints that need to be enforced by the Slice Provider (SP) to guarantee normal functioning or avoid exploitation of a known vulnerability. At the end of these steps, the manifest contains the description of a class of Component.
Description of the solution. The self-modelling algorithm depends on the network resources to be modelled. Table 4 shows some examples of the resources to be modelled in softwarized infrastructure. This self-modelling algorithm receives as input the network descriptor coming from the SDN controller. It creates the network dependency based on each network element (nodes and links) found in the network descriptor based on the following steps:
Description of the solution. C.A.T's System may generally be referred to as a multiapplication smart card software solution which is better described by reference to Chip Application Technologies Limited Product Description as may be amended from time to time.
