A pattern-based framework for the design of secure and dependable SDN/NFV-enabled networks

As the world becomes an interconnected network where objects and humans interact, cyber and physical networks appear to play an important role in smart ecosystems due to their increasing use on critical infrastructure and smart cities. Software Defined Networking (SDN) and Network Function Virtualisation (NFV) are a promising combination for programmable connectivity, rapid service provisioning and service chaining as they offer the necessary end-to-end optimisations. However, with the actual exponential growth of connected devices, future networks, such as SDN and NFV, require open architectures, facilitated by standards and a strong ecosystem.In this thesis, a model-based approach is proposed to support the design and verification of secure and dependable SDN/NFV-enabled networks. The model is based on the development of a pattern-based approach to design executable patterns as solutions for reusable designs and interactions of objects, encoded in a rule based reasoning system, able to guarantee security and dependability (S&D) properties in SDN/NFV enabled networks. To execute S&D patterns, a pattern based framework is implemented for the insertion of patterns at design and at runtime level. The developed pattern framework highlights also the benefit of leveraging the flexibility of SDN/NFV-enabled networks to deploy enhanced reactive security mechanisms for the protection of the industrial network via the use of service function chaining (SFC). To prove the importance of this approach and the functionality of the pattern framework, different pattern instances are implemented to guarantee S&D in network infrastructures. The developed design patterns are able to design network topologies, guarantee network properties and offer security service provisioning and chaining. Finally, in order to evaluate the developed patterns in the pattern framework, three different use cases are described, where a number of usage scenarios are deployed and evaluated experimentally

The approximate Determinantal Assignment Problem

The Determinantal Assignment Problem (DAP) has been introduced as the unifying description of all frequency assignment problems in linear systems and it is studied in a projective space setting. This is a multi-linear nature problem and its solution is equivalent to finding real intersections between a linear space, associated with the polynomials to be assigned, and the Grassmann variety of the projective space. This paper introduces a new relaxed version of the problem where the computation of the approximate solution, referred to as the approximate DAP, is reduced to a distance problem between a point in the projective space from the Grassmann variety Gm(Rn). The cases G2(Rn) and its Hodge-dual Gn−2(Rn) are examined and a closed form solution to the distance problem is given based on the skew-symmetric matrix description of multivectors via the gap metric. A new algorithm for the calculation of the approximate solution is given and stability radius results are used to investigate the acceptability of the resulting perturbed solutions

Fault Tolerance Using an SDN Pattern Framework

Software Defined Networking (SDN) and Network Function Virtualization (NFV) are a promising combination for programmable connectivity, rapid service provisioning and service chaining as they offer the necessary end-to-end optimizations. However, with the actual exponential growth of connected devices, future networks such as SDN/NFV require an open-solutions architecture, facilitated by standards and a strong ecosystem. Such networks need to support communication services that offers guarantees about fault tolerance, redundancy, resilience and security. The construction of complex networks preserving Security and Dependability (S&D) properties is necessary to avoid system vulnerabilities, which may occur in the various layers of SDN architectures. In this work, we propose a pattern framework build in an SDN controller able to import design patterns in a rule-based language in order to provide fault tolerance in SDN networks. To evaluate the importance and the functionality of this framework, fault tolerance patterns are proposed to guarantee network connectivity, detection and restoration of network traffic in SDN network infrastructures

Towards a Security, Privacy, Dependability, Interoperability Framework for the Internet of Things

A popular application of ambient intelligence systems constitutes of assisting living services on smart buildings. As intelligence is imported in embedded equipment, the system becomes able to provide smart services (e.g. control lights, airconditioning, provide energy management services etc.). IoT is the main enabler of such environments. However, the interconnection of these cyber-physical systems and the processing of personal data raise serious security and privacy issues. In this paper we present a framework that can guarantee Security, Privacy, Dependability and Interoperability (SPDI) in IoT. Taking advantage of the underlying IoT deployment, the proposed framework not only implements the requested smart functionality but also provide modelling and administration that can guarantee those SPDI properties. Moreover, we provide an application example of the framework in a smart building scenario

Threat Landscape and Good Practice Guide for Software Defined Networks/5G

5G represents the next major phase of mobile telecommunication systems and network architectures beyond the current 4G standards, aiming at extreme broadband and ultra-robust, low latency connectivity, to enable the programmable connectivity for the Internet of Everything2. Despite the significant debate on the technical specifications and the technological maturity of 5G, which are under discussion in various fora3, 5G is expected to affect positively and significantly several industry sectors ranging from ICT to industry sectors such as car and other manufacturing, health and agriculture in the period up to and beyond 2020. 5G will be driven by the influence of software on network functions, known as Software Defined Networking (SDN) and Network Function Virtualization (NFV). The key concept that underpins SDN is the logical centralization of network control functions by decoupling the control and packet forwarding functionality of the network. NFV complements this vision through the virtualization of these functionalities based on recent advances in general server and enterprise IT virtualization. Considering the technological maturity of the technologies that 5G can leverage on, SDN is the one that is moving faster from development to production. To realize the business potential of SDN/5G, a number of technical issues related to the design and operation of Software Defined Networks need to be addressed. Amongst them, SDN/5G security is one of the key issues, that needs to be addressed comprehensively in order to avoid missing the business opportunities arising from SDN/5G. In this report, we review threats and potential compromises related to the security of SDN/5G networks. More specifically, this report contains a review of the emerging threat landscape of 5G networks with particular focus on Software Defined Networking. It also considers security of NFV and radio network access. To provide a comprehensive account of the emerging threat SDN/5G landscape, this report has identified related network assets and the security threats, challenges and risks arising for these assets. Driven by the identified threats and risks, this report has also reviewed and identified existing security mechanisms and good practices for SDN/5G/NFV, and based on these it has analysed gaps and provided technical, policy and organizational recommendations for proactively enhancing the security of SDN/5G

Cyber insurance of information systems: Security and privacy cyber insurance contracts for ICT and helathcare organizations

Nowadays, more-and-more aspects of our daily activities are digitalized. Data and assets in the cyber-space, both for individuals and organizations, must be safeguarded. Thus, the insurance sector must face the challenge of digital transformation in the 5G era with the right set of tools. In this paper, we present CyberSure-an insurance framework for information systems. CyberSure investigates the interplay between certification, risk management, and insurance of cyber processes. It promotes continuous monitoring as the new building block for cyber insurance in order to overcome the current obstacles of identifying in real-time contractual violations by the insured party and receiving early warning notifications prior the violation. Lightweight monitoring modules capture the status of the operating components and send data to the CyberSure backend system which performs the core decision making. Therefore, an insured system is certified dynamically, with the risk and insurance perspectives being evaluated at runtime as the system operation evolves. As new data become available, the risk management and the insurance policies are adjusted and fine-tuned. When an incident occurs, the insurance company possesses adequate information to assess the situation fast, estimate accurately the level of a potential loss, and decrease the required period for compensating the insured customer. The framework is applied in the ICT and healthcare domains, assessing the system of medium-size organizations. GDPR implications are also considered with the overall setting being effective and scalable

A Rapid Emergency Deployment mobile communication node

In an Emergency and/or Crisis Situations (ECS) like earthquakes, floods, tsunamis, fires, terrorist attacks etc. the adequate operation of communication services is of extreme importance. History has shown that poor communication in such cases resulted in several casualties. In ECS fixed communication infrastructure might be unserviceable due to sustained damages. Evermore, the communication demand is highly increased in such cases resulting in poor quality of service as both civilians and authorities are trying to establish communications. In this paper, a Rapid Emergency Deployment mobile Communication (REDComm) node is presented. REDComm nodes include wireless communication technologies, to provide various telecommunication services in ECS and interoperability between them. It incorporates an 802.11a mesh cognitive radio technology that operates in the television broadcasting frequency bands to provide a backbone networking with increased range and flexibility. REDComm is constructed upon a trailer chassis able to minimize setup time, which is valuable in ECS. The presented platform is powered by a hybrid power source that combines thermal, solar and wind energy and eliminates the need for external power supply

Pairing a Circular Economy and the 5G-Enabled Internet of Things: Creating a Class of “Looping Smart Assets”

The increase in the world’s population has led to a massive rise in human consumption of the planet’s natural resources, well beyond their replacement rate. Traditional recycling concepts and methods are not enough to counter such effects. In this context, a circular economy (CE), that is, a restorative and regenerative by-design economy, can reform today’s “take–make–dispose” economic model. On the other hand, the Internet of Things (IoT) continues to gradually transform our everyday lives, allowing for the introduction of novel types of services while enhancing legacy ones. Taking this as our motivation, in this article we analyze the CE/IoT interplay, indicating innovative ways in which this interaction can drastically affect products and services, their underlying business models, and the associated ecosystems. Moreover, we present an IoT architecture that enables smart object integration into the IoT ecosystem. The presented architecture integrates circularityenabling features by maximizing the exploitation of assets toward a new type of IoT ecosystem that is circular by design (CbD). Finally, we provide a proof-of-concept implementation and an application study of the proposed architecture and results regarding the applicability of the proposed approach for the telecommunications (telecom) sector

A Reactive Security Framework for Operational Wind Parks Using Service Function Chaining

The innovative application of 5G core technologies, namely Software Defined Networking (SDN) and Network Function Virtualization (NFV), can help reduce capital and operational expenditures in industrial networks. Nevertheless, SDN expands the attack surface of the communication infrastructure, thus necessitating the introduction of additional security mechanisms. A wind park is a good example of an industrial application relying on a network with strict performance, security, and reliability requirements, and was chosen as a representative example of industrial systems. This work highlights the benefit of leveraging the flexibility of SDN/NFV-enabled networks to deploy enhanced, reactive security mechanisms for the protection of the industrial network, via the use of Service Function Chaining. Moreover, a proof of concept implementation of the reactive security framework for an industrial-grade wind park network is presented. The framework is equipped with SDN and SCADA honeypots, modelled on (and deployable to) an actual, operating wind park, allowing continuous monitoring of the industrial network and detailed analysis of potential attacks, thus isolating attackers and enabling the assessment of their level of sophistication

XBP1, Downstream of Blimp-1, Expands the Secretory Apparatus and Other Organelles, and Increases Protein Synthesis in Plasma Cell Differentiation

AbstractThe differentiation of B cells into immunoglobulin-secreting plasma cells is controlled by two transcription factors, Blimp-1 and XBP1. By gene expression profiling, we defined a set of genes whose induction during mouse plasmacytic differentiation is dependent on Blimp-1 and/or XBP1. Blimp-1-deficient B cells failed to upregulate most plasma cell-specific genes, including xbp1. Differentiating xbp1-deficient B cells induced Blimp-1 normally but failed to upregulate genes encoding many secretory pathway components. Conversely, ectopic expression of XBP1 induced a wide spectrum of secretory pathway genes and physically expanded the endoplasmic reticulum. In addition, XBP1 increased cell size, lysosome content, mitochondrial mass and function, ribosome numbers, and total protein synthesis. Thus, XBP1 coordinates diverse changes in cellular structure and function resulting in the characteristic phenotype of professional secretory cells