GUARD: GUArantee Reliability and trust for Digital service chains

Today, the creation of security processes for multi-domain business chains is often hindered by heterogeneous security services provided by different providers, not to mention the weak posture of IoT devices. With GUARD, security processes will no more be limited to integration of heterogeneous security appliances and interfaces; rather, they will leverage common APIs for retrieving data and events, while existing architectures already used within the enterprise could be used for processing, analytics and detection. This will definitely introduce common patterns for recurring needs, as integrity, availability, data protection.

• Visibility over services and data deployed in different administrative domains;
• Flexible definition and adaptation of security processes at run-time;
• Externalization of security processes to professional operators.

The fear of vendor lock-in is often cited as a major impediment to the cybersecurity service adoption. Multi-domains and heterogeneous infrastructures’ management has enabled end-users to switch between different vendors and reduce the dependency on a single vendor. This relative independence promotes end-users to negotiate with vendors for improved pricing, Service-Level Agreements (SLAs), or both. In addition, business chains management also offers flexibility in deployment and enables end-users to move their workload to multiple infrastructures as per the requirement.

Developing an open and extensible platform for advanced assurance and protection of trustworthy and reliable business chains

The GUARD concept goes beyond traditional security paradigms, still largely based on protecting a single infrastructure, by targeting trust and security mechanisms for end-to-end digital services and business chains.  - Matteo Repetto - Guard's technical coordinator

The GUARD project aim at developing an open and extensible platform for advanced assurance and protection of trustworthy and reliable business chains spanning multiple administrative domains and heterogeneous infrastructures, a novel architecture to create new tools for managing security aspects of digital services, which tackle the dynamicity and unpredictability of such environments.

The project is also demonstrating the platform applicability, security and privacy features in significant industrial environments in  Smart Mobility and eHealth domains. The demonstration happens in realistic testbed environments and considers base load and normal system behaviour, plus injection of recent anomalies and attack patterns collected by national response teams.

GUARD gives security operators better visibility over service chains, which are created by composing resources from multiple domains. GUARD addresses the dynamic nature of modern business paradigms, which require services to be created, changed and destroyed ever faster than in the past. Specific objectives under this perspective include:

• Running multiple security processes in parallel, to address both service integrity and data sovereignty;
• Improving the visibility over third parties’ resources, by providing data models and APIs;
• Manage business and technical relationships between security operators, service providers, infrastructure/resource providers;
• Facilitating the composition and management of security processes.

GUARD envisions the broad adoption of common APIs and data models to expose security capabilities by resource and service providers. This interface can be seen as an extension of existing efforts in the field of service-oriented architectures and software orchestration. The data models elaborated by GUARD can represent the initial kernel for further extensions, aimed at covering as much detection, monitoring and tracing tasks as possible. Cloud providers should be properly encouraged to expose a common API, which gives programmatic visibility over the execution of resources allocated to their tenants, without jeopardizing the confidentiality of internal processes and other tenants.

Click this link to learn more about the GUARD project.