Crea%ng a SARNET Alliance by applying the Service Provider Group Framework and by using the Ciena/GENI testbed

Transcription

1 Crea%ng a SARNET Alliance by applying the Service Provider Group Framework and by using the Ciena/GENI testbed April 29 th 2015 Leon Gommans: leon.gommans@klm.com

2 Content - Introduc@on - Security Autonomous Response NETwork research - Service Provider Group framework - How framework will be studied using GENI concepts - Research Ques@ons: - SARNET alliance feasibility? - Future networking: is SPG a way to define & deliver slice archetypes? Note: session is about federa@ng services assuming Iden@ty federa@on has been arranged.

3 Internet Security envisioned in RFC 1958* *Brian Carpenter, Architectural Principles of the Internet, RFC 1958, IETF June 1996.

4 Cyber Security readiness Secure Transport Alliance Detect & Filter Protec%ve Perimeters SARNET Security state / defense tac@cs automa@on Crea@ng a SARNET Alliance Sharing intelligence and defensive power SARNET Topology dynamics

5 SARNET Alliance concept SARNET Alliance research The Big Bad Internet Internet Service Provider A Internet Ex change Internet Service Provider B Enterprise A Enterprise B Enterprise C SARNET research Testbed provided by using technology

6 SARNET Projects Security Autonomous Response NETwork project: Studies best ways to provide autonomous responses to cyber- security threats by automated security state monitoring using so]ware defined, virtualized & defense mechanisms. Funded by NWO Cyber Security Research Agenda 2 PhD students, research team: Air France KLM, Ciena, TNO and UvA. SARNET forms the context for a research project considering the applicability of the Service Provider Group concept: Crea@ng a SARNET Alliance project: Studies how to organize SARNET func@onali@es across mul@ple Service Provider- and Enterprise Networks, where each par@cipant must trust other par@cipants to correctly detect and mi@gate cyber threats, whilst authorizing each other to be involved. Funded by Dutch ministry of economic affairs 1 PhD student, research team: Air France KLM, COMMIT/, CS- and Legal faculty UvA.

7 SPG is rooted in IRTF RG on Mul%- domain AAA Architecture Agreement? Trust? Study started in 2010 Governance? Enterprise Level How to organize a service with mul@ple organisa@ons? Authoriza@on Level Opera@onal Level

8 Service Provider Group framework A Service Provider Group (SPG) is an organisa5on structure providing a defined service only available if its members collaborate. Examples:

9 Study of a highly trusted collabora@ve service MC Users MC Service Provider Group Merchant Agreement Member Agreement Cardholder Agreement Banking Infrastructure Merchant bank account Trusted Service Cardholder bank account MasterCard allows its member financial ins@tu@ons to serve merchants and cardholders with a card payment & processing service that is trusted worldwide.

10 MC rule study: anatomy of the SPG (presented I2 Spring member 2012) & Law, Rules and & Law, Rules and Law & Governance of an Autonomous Member Rooted MC Service Provider Group Level Power Legisla%ve Judicial En- force ment Exe- cu%ve Ad mini- Str a%on MasterCard (Directorate) Mem ber Banks Business, Legal and IT have to work together

11 Mapping rules that create trust on types of power Legisla%ve Judicial Execu%ve Membership Service Licenses Risk Management Non- compliancy Fees Chargebacks Liability Appeals Enforcement Rules Licenses Messages Reports Markings L Membership Agreements Processes Monitoring Fee collec@on Appeals Audi@ng Admini stra%on Cardholder Agreement Merchant Agreement Disputes Reports Audi@ng MasterCard Corpora@on Member Banks

12 Fit level model

13 SPG Framework showing key elements organizing trust. See Chapter 5 of PhD Thesis Mul@- domain authoriza@on for e- Infrastructures hjp://dare.uva.nl/record/1/ ISBN

14 Service Provider Group Autonomous members together on a decision to provide a service none could provide on its own Appears as a single provider to a customer Appears as a collabora@ve group to members with standards, rules and policies that are defined, administered, enforced and judged by the group. Autonomy in the group: every member signs an agreement declaring compliance with common rules, unless local law determines otherwise. Membership rules organizes trust amongst members and manage group reputa@on and viability.

15 Testbed GENI Racks serve as programmable routers, security state monitors, firewalls, security app, honeypots, SDX, etc..

16 Envisioned role of the SPG: define slice archetypes? Privacy Big Science DRP Cyber defense Slice level SPG A SPG - B Service Provider Group level Aggregate Manager Service Provider Infrastructure Level

17 Research SARNET: Is a cyber security alliance, allowing networks to join/leave freely, feasible? What is needed to organize an alliance, considering the SPG concept? Considering future networking concepts: Is a SPG a concept that should iden@fy and arrange slice archetypes e.g. defining cyber- security assurance levels What concerns should the SPG address (e.g. economical-, legal-, administra@ve-, etc. slice ownerships)? Collabora@on welcomed: delaat@uva.nl