Continuous Security Assurance of Modern Supply-Chain Ecosystems with Application in Autonomous Driving
Cyber security always forms a significant aspect of ICT infrastructure, with threats on supply-chain networks gaining greater attention nowadays. The secure autonomous driving domain presents a unique set of challenges for supply- chain security. Autonomous vehicles rely on a complex ecosystem of hardware and software components, many of which are sourced from third-party suppliers. Ensuring the security and reliability of this supply-chain is essential to maintain the safety and viability of autonomous driving as a technology.
This paper presents an approach to the automatic remediation of threats reported by Cyber Threat Intelligence. Remediation strategies, named Recipes, are expressed in a close-to-natural language for easy validation. Thanks to the developed models, they are interpreted, contextualized, and then translated into CACAO Security playbooks, a standard format ready for automatic enforcement, without human intervention. The presented approach also allows sharing of remediation procedures on threat-sharing platforms (e.g. MISP) which improves the overall security posture.
A Link-Layer Virtual Networking Solution for Cloud-Native Network Function Virtualisation Ecosystems: L2S-M
Microservices have become promising candidates for the deployment of network and vertical functions in the fifth generation of mobile networks. However, microservice platforms like Kubernetes use a flat networking approach towards the connectivity of virtualised workloads, which prevents the deployment of network functions on isolated network segments (for example, the components of an IP Telephony system or a content distribution network).
Rapid development in the network infrastructure has resulted in sophisticated attacks which are hard to detect using typical network intrusion detection systems (NIDS). There is a strong need for efficient NIDS to detect these known attacks along with ever-emerging zero-day exploits. Existing NIDS are more focused on detecting known attacks using supervised machine learning approaches, achieving better performance for known attacks but poor detection of unknown attacks. Many NIDS have utilized the unsupervised approach, which results in better detection of unknown anomalies.
Security represents one of the crucial concerns when it comes to De- vOps methodology-empowered software development and service delivery process. Considering the adoption of Infrastructure as Code (IaC), even minor flaws could potentially cause fatal consequences, especially in sensitive domains such as healthcare and maritime applications. However, most of the existing solutions tackle either Static Application Security Testing (SAST) or run-time behavior analysis distinctly.
Runtime security monitoring by an interplay between rule matching and deep learning-based anomaly detection on logs
In the era of digital transformation the increasing vulnerability of infrastructure and applications is often tied to the lack of technical capability and the improved intelligence of the attackers. In this paper, we discuss the complementarity between static security monitoring of rule matching and an application of self-supervised machine-learning to cybersecurity. Moreover, we analyse the context and challenges of supply chain resilience and smart logistics.
New FISHY poster to be presented in EuCNC & 6G Summit, Gothenburg, 06-09 June 2023
A data infrastructure for heterogeneous telemetry adaptation. Application to Netflow-based cryptojacking detection
The increasing development of cryptocurrencies has brought cryptojacking as a new security threat in which attackers steal computing resources for cryptomining. The digitization of the supply chain is a potential major target for cryptojacking due to the large number of different infrastructures involved. These different infrastructures provide information sources that can be useful to detect cryptojacking, but with a wide variety of data formats and encodings.
Healthcare ecosystems form a critical type of infrastructures that provide valuable services in today societies. However, the underlying sensitive information is also of interest of malicious entities around the globe, with the attack volume being continuously increasing.
This paper presents a formal model of the features, named security capabilities, offered by the controls used for enforcing security policies in computer networks. It has been designed to support policy refinement and policy translation and address useful, practical tasks in a vendor-independent manner. The model adopts state-of-the-art design patterns and has been designed to be extensible. The model describes the actions that the controls can perform (e.g.