Accelerating NATO Transformation with SnTEE: Experiments with Network Security Function Virtualization in Coalition Networks
Lopes, Roberto Rigolin F.; Loevenich, Johannes F.; Wrona, Konrad; Rettore, Paulo H. L.; Falkcrona, Jerry; Mathews, Joseph; Nordbotten, Nils; Vasilache, Bogdan; Lampe, Thorsten; Worthington, Olwen L.; Röning, Juha (2023-09-20)
IEEE
20.09.2023
R. R. F. Lopes et al., "Accelerating NATO Transformation with SnTEE: Experiments with Network Security Function Virtualization in Coalition Networks," 2023 International Conference on Military Communications and Information Systems (ICMCIS), Skopje, North Macedonia, 2023, pp. 1-9, doi: 10.1109/ICMCIS59922.2023.10253524.
https://rightsstatements.org/vocab/InC/1.0/
© 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
https://rightsstatements.org/vocab/InC/1.0/
© 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
https://rightsstatements.org/vocab/InC/1.0/
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:oulu-202604272800
https://urn.fi/URN:NBN:fi:oulu-202604272800
Tiivistelmä
Abstract
This paper introduces a virtual laboratory for experiments with cybersecurity functions in coalition networks. The motivation comes from the NATO Allied Command Transformation (ACT) initiative on Science and Technology Experimentation Environment (SnTEE), which supports the transfer of scientific and technical activities carried out by the NATO Science and Technology Organization (STO) research task groups towards NATO operations. The goal of the experiments reported in this paper is to emulate a network topology inspired by Protected Core Networking (PCN), which defines two interfaces. One interface between two protected core segments, from different nations, and another interface between a protected core segment and a colored cloud within a particular nation. The experiments are intended to support the investigation performed by the STO IST-196 RTG on Cyber Security in Virtualized Networks. In particular, the starting hypothesis of IST-196 is that security function virtualization can support/speedup PCN topology changes when links are added/removed. We define our experimental setup as Infrastructure as Code (IaC) and introduce experiments that emulate topology changes. We also sketch a solution for the deployment of two chains of virtualized cybersecurity functions at lower protocol layers (physical and IP) and at higher protocol layers (transport and application). This paper also lists future experiments for the NATO SnTEE lab, namely risk-aware routing, cross-layer enforcement of policies, information exchange functions, and federate monitoring and detection of cyber incidents/attacks.
This paper introduces a virtual laboratory for experiments with cybersecurity functions in coalition networks. The motivation comes from the NATO Allied Command Transformation (ACT) initiative on Science and Technology Experimentation Environment (SnTEE), which supports the transfer of scientific and technical activities carried out by the NATO Science and Technology Organization (STO) research task groups towards NATO operations. The goal of the experiments reported in this paper is to emulate a network topology inspired by Protected Core Networking (PCN), which defines two interfaces. One interface between two protected core segments, from different nations, and another interface between a protected core segment and a colored cloud within a particular nation. The experiments are intended to support the investigation performed by the STO IST-196 RTG on Cyber Security in Virtualized Networks. In particular, the starting hypothesis of IST-196 is that security function virtualization can support/speedup PCN topology changes when links are added/removed. We define our experimental setup as Infrastructure as Code (IaC) and introduce experiments that emulate topology changes. We also sketch a solution for the deployment of two chains of virtualized cybersecurity functions at lower protocol layers (physical and IP) and at higher protocol layers (transport and application). This paper also lists future experiments for the NATO SnTEE lab, namely risk-aware routing, cross-layer enforcement of policies, information exchange functions, and federate monitoring and detection of cyber incidents/attacks.
Kokoelmat
- Avoin saatavuus [43406]
Samankaltainen aineisto
Näytetään aineisto, joilla on samankaltaisia nimekkeitä, tekijöitä tai asiasanoja.
-
Blockchain-over-optical networks: a trusted virtual network function (VNF) management proposition for 5G optical networks
(Institute of Electrical and Electronics Engineers, 16.03.2021) -
Network Slice Mobility for 6G Networks by Exploiting User and Network Prediction
IEEE International Conference on Communications (IEEE, 23.10.2023) -
Federated learning based anomaly detection as an enabler for securing network and service management automation in beyond 5G networks
European Conference on Networks and Communications (Institute of Electrical and Electronics Engineers, 08.07.2022)
