Blog

Cyber assurance and protection in an industrial cloud infrastructure

blog_post_03

Cyber assurance and protection in an industrial cloud infrastructure

The third Work package, started on September 2019 (M4) and now ongoing, has these objectives:

  • To ensure the provision and configuration process of infrastructure resources through efficient resource management and orchestration for Cloud (Core) infrastructure;
  • To develop the C4IIOT core of Level-3 security mechanism which consists of the development of behavioural models that will enable the analysis of the behaviour of multiple IoT devices;
  • To develop mitigation and immune reaction mechanisms across the three different framework layers (Edge, Field, Cloud);
  • To design and develop the building components composing the C4IIOT trust infrastructure.

wp3_figure

First result was starting prototype of some components, some of them already working on MVP (Minimum Viable Product), reaching at M12 (May 2020) Milestone MS2 (Proof of concept through C4IIOT MVP). Next step will be working to add more components, functionalities and integration for Interim MVP version to obtain MS3 (First version of Integrated platform and of C4IIOT Level-1, Level-2 and Level-3 security mechanisms; initial execution of demonstrators).

Work Package released at M12 (May 2020) two deliverables:

  • D3.1, a refined specification and description of current version of the Behavioural Analysis & Cognitive Security Framework (BACS) – a framework consisting of behavioural models that enable the analysis of the behaviour of multiple IoT devices. Together with the framework, deliverable describes solutions for building, deploying and managing heterogeneous hybrid cloud environments, where framework relies on, and includes description of Intel SGX technology that BACS behavioural models will use for increased security and privacy‑awareness.
  • D3.2, a description of the overall structure of the mitigation engine; its main components: a binary code analyser, a software-defined networking controller, and a central brain performing the analysis of possible reconfiguration based on the available inputs; the interactions internal and external to the mitigation engine.