Invited talk at RTSI 2018

Evolving business models are progressively reshaping the scope and structure of ICT services, through the creation of multi-domain and complex business chains that span several technological and administrative domains and tightly interact with the physical environment.

Invited talk at RTSI 2018

Evolving business models are progressively reshaping the scope and structure of ICT services, through the creation of multi-domain and complex business chains that span several technological and administrative domains and tightly interact with the physical environment.

Convergence among existing software paradigms, such as cloud computing, software-defined networking, and the Internet of Things (IoT) is expected for this purpose, leveraging autonomicity and dynamic composition through the massive introduction of virtualization paradigms, as well as service-oriented and everything-as-as-service models applied to cyber-physical systems. This approach has undoubtedly brought more agility in service deployment and operation, even though the need to share infrastructure and data brings additional security and privacy concerns that have not been addressed in a satisfactory way yet.

Current cyber-security paradigms, still largely based on the security perimeter model and the deployment of discrete independent security appliances, are already revealing their substantial inability to cope with dynamic, mutable, and often partially unknown service chains, running over multi-domain and multi-tenancy infrastructures. In this talk, Franco Davoli (CNIT) elaborated on the need for tighter integration of security aspects in service engineering and business processes. The ground concept of the ASTRID vision is the architectural separation between analysis and data sources, mediated by proper abstraction for the cyber-security context; Franco discussed how this paradigm will result in an open, modular, pluggable, extendable, and scalable security framework. Key benefits behind the ASTRID approach include but are not limited to: i) increasing the information base for analysis and detection, while preserving privacy, ii) improving the detection capability by data correlation between domains and sources, iii) verifying reliability and dependability by formal methods that take into account configuration and trust properties of the whole chain.

 

RTSI aims to be the flagship event of the IEEE Italy Section and the program includes tutorials, exhibitions (research projects, academic spin-off and industrial sponsors), industrial sessions, and panel sessions. RTSI provides a great opportunity for Universities, research institutes and spin-offs involved in the above-mentioned fields to present their activities, to meet the stakeholders and to contribute to the national and international debate about what is going on in these relevant fields. It was a nice opportunity to share the main ASTRID concepts and to establish relationships with other researchers outside the Consortium.