Alex Carrega

Ph.D. IT & Network Engineer



+39 348-74.85.497


TNT Lab @ UniGe

CNIT

via Opera Pia 13, 16154 Genoa, Italy



ASTRID


www

โ„น๏ธ
AddreSsing ThReats for virtualIseD services
๐Ÿ’ก
Leveraging software orchestration for reshaping the service graph
๐Ÿ“”
Security orchestration is the core element of the ASTRID conceptual architecture, including both service management and situational awareness.
Starting from the descriptive and applicative semantics of a Security Model, orchestration is expected to deploy and manage the life-time of the service, by adapting the awareness layer of individual components and the whole service graph according to specific needs of detection algorithms.ย 
This means that monitoring operations, types and frequency of event reporting, level of logging is selectively and locally adjusted to retrieve the exact amount of knowledge, without overwhelming the whole system with unnecessary information.
The purpose is to get more details for critical or vulnerable components when anomalies are detected that may indicate an attack, or when a warning is issued by cyber-security teams about new threats and vulnerabilities just discovered.
๐Ÿ’ก
Decoupling detection from monitoring and inspection
๐Ÿ“”
ASTRID pursues a transition from infrastructure-centric to embedded service-centric cybersecurity frameworks.
The main concept is the disaggregation of cyber-security appliances into business logic (i.e., detection algorithms) and data plane (i.e., monitoring and inspection tasks), mediated by orchestration logic and proper security models.
Instead of overloading the execution environment with complex and sophisticated threat detection capabilities, efficient processing capabilities are provided in the execution environment that create events and knowledge.
Algorithms for detection of threats and vulnerabilities are moved upwards and process such data in a coordinated way for the whole execution environment.
๐Ÿ’ก
In-kernel processing for fast inspection & effective enforcement
๐Ÿ“”
In-kernel processing for fast inspection and effective enforcement
ASTRID designs and develops a software data plane leveraging eBPF and related frameworks. The target is a flexible data plane well beyond the basic monitoring capability today envisioned by flow-level reporting, which includes stateless and/or stateful inspection criteria on flows and/or packets, aggregation and storing capabilities.
ย ASTRID defines the data plane as the logical layer between the user-requested service and the external world, including the virtualization system, network processing elements (e.g., software switches), and hypervisor/operating systems internals (e.g., system calls).
ย Thanks to this broad definition, ASTRID may exploit multiple and advanced programmability features of the data plane to perform monitoring, inspection and enforcing tasks, ranging from applications running in VMs or containers (e.g., LXC), OpenFlow rules, IOVisor and/or P4-based applications.
๐Ÿ“Œ
Main responsibilities
  • LEADER of WP4 โ€œIntegration, Demonstration and Validationโ€.
  • Management of WP2 โ€œSecure Orchestration Platformโ€.
  • LEADER of T4.4 โ€œASTRID Software Frameworkโ€.
  • LEADER of T2.2 โ€œProgrammable Components and Context Modelsโ€.
  • Management of T2.1 โ€œProgrammable Components and Context Modelsโ€.
  • Management of T1.5 โ€œReference Framework and System Architecture for Situational Awarenessโ€.
  • LEADER of D2.1 โ€œProgrammable Components and Context Modelsโ€.ย 
  • LEADER of D4.2 โ€œFinal release of the ASTRID frameworkโ€.
  • Management of D1.3 โ€œFinal ASTRID architectureโ€.
  • Management of D2.5 โ€œPublic release of the secure orchestration componentsโ€.
Share



Follow this website


You need to create an Owlstown account to follow this website.


Sign up

Already an Owlstown member?

Log in