UBITECH is participating at the kick-off meeting, in Genova, Italy (May 30-31, 2018), of the ASTRID Research and Innovation Action, officially started on May 1st, 2018. The project is funded by European Commission under Horizon 2020 Programme (Grant Agreement No. 786922) and spans on the period May 2018 – April 2021. The ASTRID H2020 project aims to provide better awareness about cyber-security threats of virtualised services, referred to each single component (i.e., each specific application) as well as the service as a whole (i.e., the entire service graph), and facilitate (possibly automate) the detection and reaction to sophisticated cyber-attacks, incorporating the ability to detect vulnerabilities, threats and attacks not only from the canonical input/output channel of the services, but also internally to the service. In particular, the ASTRID project will (a) decouple the service business logic from the (necessary) security management; (b) automate security management and response to threats, security incidents, attacks; (c) reduce the run-time overhead of security processing; and (d) support legal and forensics investigation in virtualised environments.
Within ASTRID, UBITECH R&D team will significantly contribute towards the requirements elicitation and the definition of the ASTRID reference architecture, including the main functional elements, their relationships, and the overall operating logic for orchestrating security hooks in multi-layered applications. Moreover, UBITECH will contribute in the design and development of techniques and mechanisms to make virtual resources programmable-by-design, making virtualisation containers (Virtual Machines, LXC, Docker, unikernels) programmable, by embedding data forwarding planes which are able to run dynamically generated and injected code for monitoring and protection – involving also the identification and modelling of the suitable abstractions (Context Model) for the underlying programmable resources and the specification of the degree of security desired by the different involved actors.
Furthermore, UBITECH will be involved in the mechanisms related to the access and privacy control and the models to secure the flow of data, based on ABAC (Attribute Based Access Control) and ABEC (Attribute Based Encryption Control), incorporating mechanisms for IdM (Identity Management) that relies on a PKI infrastructure (with link to a Certification Authority (CA)) and a TSL (Trusted Service List) module. In addition to this, UBITECH will contribute in the implementation of the Security Policy Engine, a set of Context Management components, i.e. the Context Broker (CB) and the Complex Event Processing (CEP), a Security Profiling Engine, a Vulnerability-Threat-Anomaly Detection Engine (VTADE), a Targeting Engine and the Long-term Store(s). These modules will be used to enhance UBITECH’s MAESTRO multi-Cloud orchestrator with features that are needed to: a) track virtual services and their components, including programming capabilities; b) dynamically inject code/apply configuration in the programmable resources; c) collect monitoring and tracing information from security code and feed algorithms for threat and attack detection; and d) receive offloading requests for detection/protection from algorithms and trigger code generation based on the target resource capability.
Finally, UBITECH will realize the timely detection and risk assessment (and management) of vulnerability, threats, anomalies during the execution of virtual functions, considering different lifecycle management approaches already available for cloud and NVF domains (based on centralised orchestration or per-function agents) and leveraging packet fuzzing, packet sniffing, and selective concolic testing (some of the predominant vulnerability assessment techniques) in a complementary manner.