guard is a cybersecurity framework to guarantee ...guard defines open apis for retrieving security...
TRANSCRIPT
-
GUARD IS A CYBERSECURITY FRAMEWORK TO GUARANTEE RELIABILITY AND TRUST FOR DIGITAL SERVICE CHAINS
-
INNOVATION STRATEGY GUARD VALUES
GUARD OBJECTIVES
Removing trust barriers for data-driven applications and services
Improved awareness in key domains and at the different layers of the business processes
User centric security and privacy
Security and privacy by-design
Trusted supply chainfor resilient services
1# Design a holistic framework for advanced end-to-end assurance and protection of business service chains by assessing the level of trustworthiness of the involved services and tracing data propagationSECURITY CHAINING2#Improve the detection of attacks and identification of new threats by applying real time and/or offline machine learning and other artificial intelligence mechanisms to large datasets collected from heterogeneous services in multiple administrative and technical domains.CONTEXT MIDDLEWARE
#3 Fine-grained, programmable and low-overhead monitoring, inspection, and enforcement by leveraging “programmability”to shape the granularity of context information to the actual needs.PROGRAMMABILITY4#Improve awareness and reaction by developinguser tools for visualization, notification, configuration, investigation, mitigation.USER TOOLS
5# We develop new business models and identify business opportunities for commercial exploitation of GUARD products and services.BUSINESS PLANNING & COMMERCIAL EXPLOITATIONVISIBILITY. DETECTION.TRACEABILITY.
-
WHAT IS GUARD?
Cybersecurity framework for complex business chains, composed by public services that exchange data and commands through open APIs.
Uses blockchain technologies for assurance and verification of security properties. GUARD defines open APIs for retrieving security and privacy information, hence developing security-by-design systems.
Collects security context (vendors, certificates, configurations) from every service in the business chain, hence detecting misconfigurations and configurations not compliant with users policies.
Integrates complementary technologies (monitoring, detection, visualization) in an open and modular architecture, hence building an interoperable framework.
INNOVATIVE
INTEGRATED
TRUSTED, VERIFIABLE
-
Develops a set of complementary technologies to monitor and inspect network traffic, application logs, and system calls.
Develops novel paradigms for data collection, aggregation and fusion to feed machine learning, leveraging programmability to balance efficiency with depth of inspection.
Visually depicts the topology of the business chain in the web interface. The same interface also includes preliminary response and recovery operations, by leveraging programmability in each service.
GUARD framework is conceived to identify threats, attacks, risks, and privacy issues for multi-domain business chains, made of multiple services that interoperate through open interfaces (i.e., service- oriented architectures).
Cyber-physical systems including IoT devices and deployments in the cloud are the primary environments for Use Case demonstration.
Takes into consideration the role and impact of humans in complex ICT system.
Develops protocols and tools to automatically retrieve and publish threats to/from common repositories and relevant bodies.
Defines open APIs to retrieve and check security properties of the execution environments, hence improving the likelihood of detection of compromised software or attacks.
Delivers tailored informative content to users, rangingfrom technical notificationsto business or legal warnings.
Monitors services involved in a business chain, which may span across interconnected infrastructures.
-
DEVELOPMENT & PROTOTYPING
Modular architecture leveraging open interfaces that will facilitate integration and interoperability.
OPENNESS / INTEROPERABILITY
CONTEXT FABRIC CONTEXT ABSTRACTION
API #
1
API #
2
API #
3
SECURITY CONTEXT DETECTIONAND ASSESSMENT
USER TOOLINFORMATIONSHARING
Programmable embedded
inspectionand monitoring
(logs, packets, system calls)
Security context (data aggrega-
tion and fusion, capabilities, pro-
grammability)
Attack detection and
identification, trustworthiness
and reliability, data sovereignty)
Situational awareness,
dashboard, remediation
and mitigation
Organized in three thematic areas: Security context Detection and assessment User tools and information sharing.
With security capabilities embedded into each software element, and orchestrated by a common security manager that (logically) centralizes the detection processes.
LOCAL SECURITYAGENTS AND API
SECURITYAND ANALYTICS
USERINTERFACE
API #1Raw context and programmability
SECU
RITY
CON
TEXT
BRO
KER
DETECTION AND
ANALYSIS
SECURITY CONTROLLER
API #3Notificationand management
API #2Context and service abstraction
IT staff
Management
CSIRTs/CERTs
SERVICE-CENTRIC FRAMEWORK
-
GUARDdetection &
analysis
GUARDthreat
intelligence
Trafficconditions
Chargingstations
Fleetmanagement
WOBCOM IoT Agent
GUARDconsole &
user interface
GUARDinspection &monitoring
JIGinternetbridge
ORION
CYGNUS
SMART MOBILITY:ENHANCED AWARENESS AND TRUSTWORTHINESS
GUARD USE CASES
Fleet management service for private companies or municipalities.
GUARD embedded monitoring and inspection tools will be deployed in JIG’s bridge device, FIWARE enablers, and Wobcom cloud services, and will feed GUARD detection algorithms.
Benefits:enhanced awareness about the integrity and trustworthiness of the whole system by the GUARD web console.
GUARD monitoring agents
GUARD APIs
Programmability
Query of security context
GUARD user interface
Detection and identification of attacks
-
Monitor, track and controlthe position and propagationof personal and sensitive data.
Decide who can process your data based on data controller trustworthiness.
Enable or revoke permissions.
Ask for definitely removing personal data.
Restrict the data to be shared following the data minimisation principle:
Identify ownership of data
Guarantee provenance and lineage of data
Policies to export data
Formal verification method for trustworthiness
GUARD user interface
Compliance to GDPR
E-HEALTH: PRIVACY-BY-DESIGN
BREAST UNIT UNITOV
Medical examination
UOC Nuclear Medicine
UOS Anatomic Pathology
SurgicalUnit
Other Unit UNITOV
External Medical Service
UNITOVFillingService
GUARDconsole &
user interface
UNITOVData
Protection Officer
UNITOV = Policlinico Tor Vergata / University of Rome Tor Vergata
PATIENT
GUARD data tracking GUARD monitoring and enforcement
GUARDprivacypolicies
GUARD USE CASES
-
DELIVERING VALUE TO DIFFERENT TARGETS
Cross-domainand multi-tenant
cyber-security frameworks
Understand data propagation and
privacy implication in unknown service
topologies
New softwaretools and machine
learning algorithmsfor securing distributed
cross-domain systems.
Threat detection to leverage distributed
and pervasive programmability.
Platform soonavailable for
experimentation.
Security and trustworthiness of
unknown topologies.
Better opportunities to be integrated in
business chains.
Open framework, no risks for vendor lock-in.
Integration of GUARD monitoring libraries in
existing software.
CYBER-SECURITY COMMUNITIES.
SOFTWARE DEVELOPERS, RESEARCH COMMUNITY.
SERVICE DEVELOPERS, INTEGRATORSAND VENDORS OF CYBER-SECURITY SYSTEMS, END USERS.
-
Improving awareness to improve response.
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 833456