PALANTIR: Zero-Trust Architecture for Managed Security Service Provider
| Autor: | Compastié, Maxime, Sisinni, Silvia, Gurung, Supreshna, Fernández, Carolina, Jacquin, Ludovic, Mlakar, Izidor, Šafran, Valentino, Lioy, Antonio, Pedone, Ignazio |
|---|---|
| Přispěvatelé: | i2Cat Foundation, Politecnico di Torino = Polytechnic of Turin (Polito), Hewlett Packard Enterprise (Hewlett Packard) (HPE), Faculty of Electrical Engineering and Computer Science, University of Maribor, Sfera IT d.o.o., The work described in this article has received funding by the European Union Horizon 2020 research and innovation programme, supported under Grant Agreement no. 883335. Part of this work is alsosupported by the Spanish Government Grant ONOFRE-3 PID2020-112675RB-C43 funded by MCIN/AEI /10.13039/501100011033., CEUR Workshop Proceedings, European Project: 883335,PALANTIR |
| Jazyk: | angličtina |
| Rok vydání: | 2023 |
| Předmět: |
Managed Security
[INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI] [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] cybersecurity Remediation [INFO]Computer Science [cs] Trusted Computing [INFO.INFO-RO]Computer Science [cs]/Operations Research [cs.RO] Zero-Trust Integrity Measurement Zero-Trust Architecture |
| Zdroj: | Proceedings of the 29th Computer & Electronics Security Application Rendezvous (C&ESAR): Ensuring Trust in a Decentralized World C&ESAR 2022-29th Computer & Electronics Security Application Rendezvous (C&ESAR): Ensuring Trust in a Decentralized World C&ESAR 2022-29th Computer & Electronics Security Application Rendezvous (C&ESAR): Ensuring Trust in a Decentralized World, Nov 2022, Rennes, France. pp.83-98 |
| DOI: | 10.5281/zenodo.7545474 |
| Popis: | International audience; The H2020 PALANTIR project aims at delivering a Security-as-a-Service solution to SMEs and microenterprises via the exploitation of containerised Network Functions. However, these functions are conceived by third-party developers and can also be deployed in untrustworthy virtualisation layers, depending on the subscribed delivery model. Therefore, they cannot be trusted and require a stringent monitoring to ensure their harmlessness, as well as adequate measures to remediate any nefarious activities. This paper justifies, details and evaluates a Zero-Trust architecture supporting PALANTIR’s solution. Specifically, PALANTIR periodically attests the service and infrastructure’s components for signs of compromise by implementing the Trusted Computing paradigm. Verification addresses the firmware, OS and software using UEFI measured boot and Linux Integrity Measurement Architecture, extended to support containerised application attestation. Mitigation actions are supervised by the Recovery Service and the Security Orchestrator based on OSM to, respectively, determine the adequate remediation actions from a recovery policy and enforce them down to the lower layers of the infrastructure through local authenticated enablers. We detail an implementation prototype serving a baseline for quantitative evaluation of our work. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|