What is GUARD?
GUARD is a cybersecurity framework to Guarantee Reliability and trust for Digital service chains.
GUARD develops a cybersecurity framework for complex business chains, composed by public services that exchange data and commands through open APIs. GUARD targets concrete technologies and architectures (i.e., FIWARE, IDS).
GUARD integrates complementary technologies (monitoring, detection, visualization) in an open and modular architecture, hence building an interoperable framework.
GUARD collects security context (vendors, certificates, configurations) from every service in the business chain, hence detecting misconfigurations and configurations not compliant with users policies. GUARD uses blockchain technologies for assurance and verification of security properties. GUARD defines open APIs for retrieving security and privacy information, hence developing security-by-design systems.
GUARD delivers tailored informative content to users, ranging from technical notifications to business or legal warnings. GUARD develops trust verification and assessment algorithms to check the compliance of business chains to users policies. The GUARD user interface includes pre-defined remediation and recovery actions to well-known threats and attacks.
GUARD monitors services involved in a business chain, which may span across interconnected infrastructures. Machine learning algorithms correlate events and security logs from all these services, trying to infer how attacks are originated and propagate.
GUARD develops a set of complementary technologies to monitor and inspect network traffic, application logs, and system calls. GUARD agents deployed in services are programmable and may run local inspection tasks, to manage the widest security context without overwhelming the underlying communication channels.
GUARD takes into consideration the role and impact of humans in complex ICT systems. GUARD considers the need for tailored message contents, to create awareness at different levels of the business organization about different security implications (e.g., compromised software and restoration times, service disruption, loss of reputation, violation of existing regulations).
GUARD develops novel paradigms for data collection, aggregation and fusion to feed machine learning, leveraging programmability to balance efficiency with depth of inspection. GUARD develops modular algorithms that delegate simple inspection/monitoring tasks locally.
GUARD defines open APIs to retrieve and check security properties of the execution environments (including inspection of network traffic, monitoring of system calls and application logs), hence improving the likelihood of detection of compromised software or attacks.
GUARD visually depicts the topology of the business chain in the web interface. The same interface also includes preliminary response and recovery operations, by leveraging programmability in each GUARD service.
GUARD develops protocols and tools to automatically retrieve and publish threats to/from common repositories and relevant bodies.
The GUARD framework is conceived to identify threats, attacks, risks, and privacy issues for multi-domain business chains, made of multiple services that interoperate through open interfaces (i.e., service- oriented architectures). Cyber-physical systems including IoT devices and deployments in the cloud are the primary environments for Use Case demonstration.
Objectives
SECURITY CHAINING
Design a holistic framework for advanced end-to-end assurance and protection of business service chains, by assessing the level of trustworthiness of the involved services and tracing data propagation.
CONTEXT MIDDLEWARE
Improve the detection of attacks and identification of new threats, by applying real time and/or offline machine learning and other artificial intelligence mechanisms to large datasets collected from heterogeneous services in multiple administrative and technical domains.
PROGRAMMABILITY
Fine-grained, programmable and low-overhead monitoring, inspection, and enforcement, by leveraging “programmability” to shape the granularity of context information to the actual needs.
GUARD'S USER TOOLS
Improve awareness and reaction, by developing user tools for visualisation, notification, configuration, investigation, mitigation.
BUSINESS PLANNING
Development of new business models for commercial exploitation, leveraging different exploitation models (i.e., products, integrated solutions, support services).
COMMERCIAL EXPLOITATION
We identify business opportunities and initiate tangible actions for successful commercial exploitation after the project lifetime, by bringing GUARD products and services close to the market.
Use Cases
The GUARD Platform will be validated and evaluated in significant industrial environments. To initiate realistic and concrete business opportunities the GUARD technologies will be deployed into two challenging Use Cases, which represent short-term exploitation opportunities for involved partners. The two use cases have been selected from Smart Mobility and eHealth domains, to demonstrate all the security and privacy features developed in the GUARD platform.
Demonstration will happen in realistic testbed environments that replicate relevant industrial environments, including a mix of network/cloud/CPS infrastructure of end users. Evaluation will consider base load and normal system behaviour based on end user/technology provider experience, plus injection of recent anomalies and attack patterns collected by national response teams.
Smart Mobility
The Use Case will consist in a fleet management service for private companies or municipalities (e.g., post services, city patrol, food delivery), which manages routes around the city, schedules maintenance and charging times, records working times, etc.
The service is made of multiple devices and cloud applications: an Internet bridge on electrical vehicles developed by JIG, public information services (road maps, traffic conditions, charging stations, etc.), Orion context broker, Cygnus data collector, and fleet management application.
eHealth
This Use Case will consist of a set of medical services for treatment plan and clinical path of patients affected by breast cancer, hosted by UNITOV. The testbed will include real data from the Breast Unit of Policlinico Tor Vergata of Rome (part of UNITOV), collected from a) the UOC of Nuclear Medicine, b) the UOS of Anatomic Pathology and c) Surgical Unit. However, the personal data will be anonymised, and homomorphic encryption will be used for pseudoanonymisation. Personal data will be treated using a neutral code secured to not be traceable.
- Solution Provider: JIG
- End-users: WOB, Torrot (external partner)
- Solution Provider: Maggioli
- End-users: UNITOV
Impact
The GUARD concept goes beyond traditional security paradigms, still largely based on protecting a single infrastructure, by targeting trust and security mechanisms for end-to-end digital services and business chains.
The GUARD approach is based on embedding heterogeneous inspection and monitoring mechanisms in each software/hardware element of the chain, while common interfaces and APIs are used to programmatically collect the security context, ruled by control access policies. Pervasive and capillary access to security context allows better correlation and more effective usage of machine learning techniques to detect anomalies and identify new threats. GUARD also pursues improved awareness, by sharing threat information among the participants in the business chain and import/export mechanisms towards national and international response teams, and by improving the interaction with humans and existing enterprise processes.
Overall, the major impact of this Project is expected in the domain of digital services and cyber-physical systems.
Enhanced protection against novel advanced threats
GUARD will enhance the protection against novel advanced threats by improving detection capabilities. GUARD will apply artificial intelligence on wide and pervasive security context, hence improving the likelihood of correlation of independent events and of recognition of even light behavioural anomalies.
Advanced technologies and services to manage complex cyber-attacks and to reduce the impact of breaches
Dynamic and flexible digital services will be created by combining loosely-coupled and interoperable hardware devices and software services, leveraging existing paradigms as service-oriented architectures and web-services..
Contribute to the development of the CSIRT Network across the EU
GUARD aims at improving the effectiveness of the CSIRT Network across the EU by implementing different technological actions
Addressing mayor trends in the evolution of technologies utilised in future ICT infrastructures
Robust, transversal and scalable ICT infrastructures resilient to cyber-attacks that can underpin
relevant domain-specific ICT systems (e.g., for energy) providing them with sustainable
cybersecurity, digital privacy and accountability (long term).
Consortium
