Projects
Preparedness and Resilience Enforcement for Critical INfrastructure Cascading Cyberphysical Threats and effects with focus on district or regional protection
Duration
24 months
Oct. 2021- Sept. 2023
Sponsor
European Commission
Keywords
Description
EU Critical Infrastructures (CIs) are increasingly at risk from cyber-physical attacks and natural hazards. Research and emerging solutions focus on the protection of individual CIs, however, the interrelationships between Cis has become more complex for example in smart cities and managing the impacts of cascading effects and enabling rapid recovery is becoming more pertinent and highly challenging.
PRECINCT aims to connect private and public CI stakeholders in a geographical area to a common cyber-physical security management approach which will yield a protected territory for citizens and infrastructures, a ‘PRECINCT’ that can be replicated efficiently for a safer Europe and will deliver:
1. A PRECINCT Framework Specification for systematic CIs security and resilience management fulfilling industry requirements.
2. A Cross-Facility collaborative cyber-physical Security and Resilience management Infrastructure enabling CI stakeholder communities to create AI-enabled PRECINCT Ecosystems and enhanced resilience support services.
3. A vulnerability assessment tool that uses Serious Games to identify potential vulnerabilities to cascading effects and to quantify resilience enhancement measures.
4. PRECINCT’s Digital Twins to represent the CIs network topology and metadata profiles, applying closed-loop Machine Learning techniques to detect violations and provide optimised response and mitigation measures and automated forensics.
5. Smart PRECINCT Ecosystems, deployed in four large-scale Living Labs and Transferability Validation Demonstrators, will provide measurement-based evidence of the targeted advantages and will realize Digital Twins corresponding to the CIs located therein, include active participation of emergency services and city administrations with results feeding back to the Digital Twins developments.
6. Sustainability related outputs including Capacity Building, Dissemination, Exploitation, Resilience Strategy, Policy/ Standardisation recommendations
Montimage will contribute with its cyber-security expertise and tools for testing and monitoring networks, applications and services, and managing detected incidents. It will design and implement the techniques for improving the resiliency and automatic response to security incidents. It will adapt and develop machine learning and big data techniques to analyse data from different sources, improve awareness, detection of incidents’ causes, and decision making.
MON will contribute in the development of improved real-time, evidence-based security management of physical and cyber threats and, in particular, building the AI-enabled Cyber-physical Security and Resilience Management and Digital Twins (DT) / Root Cause Analysis (RCA) framework. It will contribute to Task 4.1 by bringing its experience in cybersecurity and its Digital Twins platform. It will also contribute to: Task 1.1 to define and understand the user requirements; Task 1.5 to define the business and technical requirements of the PRECINCT’s solutions; Task 2.1 to provide its Complex Event Processing techniques; Task 4.2 to develop and integrate AI/ML techniques to improve the DT’s capabilities; Task 2.3 to define and implement the DT orchestrator and infrastructure; and, Task 4.3 to test the effectiveness of the DT framework in specific scenarios; and will contribute to Task 4.4 to integrate automated self-protection mechanisms. Finally, MON will support the deployment and configuration of the solutions in the LLs (Task 5.2).
As an SME, Montimage will actively strive to disseminate (Task 6.2) and exploit (Task 6.3) the results of the project following a combined open source and commercial business model.
Security and Privacy Accountable Technology Innovations, Algorithms, and machine Learning
Duration
36 months
Sep. 2021- Aug. 2024
Sponsor
European Commission
Keywords
Description
The SPATIAL (Security and Privacy Accountable Technology Innovations, Algorithms, and machine Learning) project seeks to address the challenges of black-box AI and data management in cybersecurity by designing and developing resilient accountable metrics, privacy-preserving methods, verification tools and system framework that will serve as critical building blocks to achieve trustworthy AI in security solutions.
The main objectives include:
1) To develop systematic verification and validation software/hardware mechanisms that ensure AI transparency and explainability in security solution development;
2) To develop system solutions, platforms, and standards that enhance resilience in the training and deployment of AI in decentralized, uncontrolled environments;
3) To define effective and practical adoption and adaptation guidelines to ensure streamlined implementation of trustworthy AI solutions;
4) To create an educational modules that provide technical skills, ethical and socio-legal awareness to current and future AI engineers/developers to ensure the accountable development of security solutions;
5) To develop a communication framework that enables accountable and transparent understanding of AI applications for users, software developers and security service providers.
Besides technical measures, SPATIAL project aims to facilitate generating appropriate skills and education for AI security to strike a balance among technological complexity, societal complexity and value conflicts in AI deployment. The project covers data privacy, resilience engineering, and legal-ethical accountability that are in line with EU top agenda to achieve trustworthy AI. In addition, the work carried out in SPATIAL on both social and technical aspects will serve as a stepping stone to establish an appropriate governance and regulatory framework for AI-driven security in Europe.
WP1: Provide functional and non-functional requirements derived from our use cases, and define potential threats.
WP2: Analyse and compare the use of different AI techniques in cyber-security analysis. Adapt AI/ML techniques for the different cyber-security applications.
WP3: Define and evaluate optimisation techniques based on distribution of data and processing. Define the application of explanatory AI to enhance root cause analysis (currently based on similarity learning).
WP4: Study privacy considerations related to cyber-security analysis.
WP5: Provide pilot based on a 5G mobile testbed to test and evaluate the AI algorithms and tools for security monitoring and reactions. Study privacy considerations related to cyber-security analysis.
WP6: Participate in the dissemination and exploitation. Adopt the techniques developed in SPATIAL to improve our cybersecurity tools. Participate in the training by adding AI related training courses for professionals (currently we collaborate with a certified company to provide courses on different technologies: cloud, cybersecurity).
Automated Protection and Prevention to Meet Security Requirements in DevOps Environments
Duration
36 months
Oct. 2020- Sep. 2023
Sponsor
European Commission
Keywords
Description
VeriDevOps is about fast, flexible system engineering that efficiently integrates development, delivery, and operations, thus aiming at quality deliveries with short cycle time to address ever evolving challenges. Current system development practices are increasingly based on using both off-the-shelf and legacy components which make such systems prone to security vulnerabilities. Since DevOps is promoting frequent software deliveries, verification methods artefacts should be updated in a timely fashion to cope with the pace of the process. VeriDevOps aims at providing a faster feedback loop for verifying the security requirements i.e. confidentiality, integrity, availability, authentication, authorization and other quality attributes of large scale cyber-physical systems. VeriDevOps is focusing on optimizing the security verification activities, by automatically creating verifiable models directly from security requirements, and using these models to check security properties on design models and generate artefacts (such as tests or monitors) that can be used (later on) in the DevOps process.
More concretely, we will develop methods and tools for: 1) creating security models from textual specifications using natural language processing, 2) automatic security test creation from security models using model-based testing and model-based mutation testing techniques and 3) generating (intelligent/adaptive, ML-based) security monitors for the operational phases. This brings together early security verification through formal modelling as well as test generation, selection, execution and analysis capabilities to enable companies to deliver quality systems with confidence in a fast-paced DevOps environment. Overall, VeriDevOps is using the results of formal verification of security requirements and design models created during the analysis and design phase for test and monitor generation to be used to enhance the feedback mechanisms during development and operation phases.
MI will provide, in this project, its Monitoring Framework (MMT) to introduce new AI/ML techniques for the detection, mitigation and prevention of different cybersecurity threats and vulnerabilities targeting the different domains treated by the project. It will develop the concepts of continuous risk analysis, root cause analysis to obtain a security intelligent defence management that is able to handle end-to-end security in different environments (IoT, Cloud etc.).
Towards a Sophisticated SIEM Marketplace for Blockchain-based Threat Intelligence and Security-as-a-Service
Duration
36 months
Sept. 2020- Aug. 2023
Sponsor
European Commission
Keywords
Description
PUZZLE will implement a highly usable cybersecurity, privacy and data protection management marketplace targeted at SMEs&MEs that enables them to monitor, forecast, assess and manage their cyber risks through targeted cybersecurity services, increase their cybersecurity awareness through the efficient heterogeneous information processing, the establishment of knowledge sharing with other SMEs&MEs and extract insights based on advanced analytics. The PUZZLE will track the relationships among the cyber assets of each SME&ME, considering the available network, compute and storage infrastructure and use them to efficiently calculate individual, cumulative and propagated risks, as well as recommend and apply mitigation actions. The PUZZLE will support vulnerabilities and threats assessment in a collaborative manner based on the homogenization of data provided by the SMEs&MEs. Data will be collected by resource handling and monitoring agents applied over Cloud/Edge Computing, IoT and network infrastructure. Such data will be enriched with data provided in relevant open repositories. SMEs&MEs data sharing will take place through blockchain-based technologies for secure data management. Based on the calculated risks and the provided graph topology, the application of resilient defensive strategies will be recommended, considering the type of infrastructure used by the SME&ME. Automated defensive strategies deployment mechanisms are also going to be made available, reducing a lot the complexity and the burden for the deployment of the provided services by cybersecurity managers in SMEs&MEs. Special emphasis will be given on the usability and the rise of competitiveness of the PUZZLE Marketplace, by designing solutions that can be easily on-boarded by external cybersecurity providers and can be seamlessly adopted by the end-users taking into account their preferences. The provided services will be made accessible through the SMEs&MEs Dashboard that will be developed.
Montimage will actively participate in the development of the Network Security functions (T3.2) and Advanced Cybersecurity Analytics functions (T3.4). It will contribute with its techniques and components to the real-time monitoring and complex event processing (T4.3) and mitigation techniques (T4.4), in particular by introducing its MMT-IoT wireless tool and cloud-based security monitoring techniques that will be integrated in the Pilots 1 and 2. The application and machine learning techniques is one of the main activities that will be provided by Montimage, aiming to enhance the PUZZLE framework with situational awareness and intelligent decision making capabilities.
Montimage will contribute in the exploitation and dissemination plans, leading the task T7.4 Market Analysis, Business and Sustainability Planning, where it will rely on its experience from similar roles in past H2020 projects.
Analysis Software Scheme of Uniform Statistical Sampling, Audit and Defence Processes
Duration
36 months
Sept. 2020- Aug. 2023
Sponsor
European Commission
Keywords
Description
The project involves 15 Partners from 8 European countries, and aims to design and develop an analySis software scheme of uNiform statistiCal sampling, aUdit and defence proceSses (SANCUS – an Roman god of trust). The main idea draws on formalising the logic of expressing (for the first time) the notions of cyber security and digital privacy by means of final formulas and fuse them into optimisation strategies to acquire the truly optimum defence recommendation in dynamic manner, i.e., with respect to the runtime changes of the telecommunications network environment. In this respect, SANCUS will dimension the new inclusive Key Performance Indicator metric, namely, the security‐vs‐privacy‐vs‐reliability efficiency trade‐off, for measuring the system network cybersecurity and privacy performance explicitly, flexibly, automatically and agnostically. To realise the heterogeneity of the security and privacy levels across the system network and its supply chain, the proposed scheme sits on six efficient engines, namely, FiV, CiV, SiD, AcE, MiU and GiO, which combine unique modelling of the Internet of Things units, cutting edge methods for automated firmware and software validation and verification, and innovative Artificial Intelligence driven game techniques for the automated optimisation of the control and trust of digital services. Extended evaluations of the project outcomes are also considered by means of developing contemporary network testbed prototype built on latest 5G and cloud‐native system setting and running three pilot use cases for examining the scheme performance across Firmware, Virtualisation and Management software layers. The SANCUS scheme will be delivered as an integrated software suite and it is expected to revolutionise the European research and development efforts, in and out, the cybersecurity regime. All outcomes are planned to be audited and disseminated extensively.
Contributing to the use-cases definition planning of attack scenarios and the collection of the requirements and the selection of KPIs participating in the overall system architecture.
Contributing to the System Demonstration Validation and Integration specifically in the Unification, integration and testing of the developed engines within the system network prototypes and, in the demonstration, and evaluation of SANCUS outcomes
New tool for small businesses to fight cyberattacks
Duration
30 months
June 2020- November 2023
Sponsor
European Commission
Keywords
Description
GEIGER will be an innovative solution with associated components and an Education Ecosystem addressing security, privacy and data protection risks of and for Small and Medium-sized Enterprises and Microenterprises (SMEs&MEs) in Europe. GEIGER will be developed in analogy of a GEIGER counter for detecting atomic radiation threatening human life. The GEIGER solution will be used for assessing, monitoring, and forecasting risks and reducing these risks by improving the SMEs’&MEs’ security with well-curated tools, and an education program targeting practitioners-in-practice as “Certified Security Defenders” bringing security expertise sustainably to SMEs&MEs using existing vocational education frameworks. GEIGER consists of a GEIGER Indicator that dynamically summarizes the current level of risk by evaluating measures undertaken for security defences among the participating SMEs&MEs. The GEIGER Indicator can be personalised by registering the enterprise’s profile and supports GDPR-compliant sharing and exchanging data about incidents. The GEIGER Toolbox allows stepwise do-it-yourself assessment and improvement of the SMEs’&MEs’ security, privacy, and data protection with lightweight controls and advice for improved protection at varied levels of sophistication. The included tools offer endpoint, server, and network protection and guide the SME&ME in a personalised manner in data hygiene, including access and security control, data privacy management, and backup practices. The GEIGER Education Ecosystem offers experimental-based training and cyber range-enabled challenges and will be integrated into curricula of diverse professions of non-ICT experts, offering direct impact on SMEs&MEs through target group-oriented education. The GEIGER solution will be demonstrated in three complementary use cases within three countries. GEIGER will achieve sustainable impact by raising awareness of more than one million SMEs&MEs within a period of 2.5 years after start.
- MI will support the GEIGER solution architecture definition and gaps analysis and will participate in defining the education, governance, and compliance concept.
- MI will contribute to the Toolbox and Cloud Implementation, Integration, and Testing and will lead the tasks of Optimisation & Security Hardening (Red Team) of GEIGER framework.
- MI will lead the task to develop Cyber Range-supported Challenges.
- MI will support the piloting phase with a technological and educational perspective.
- MI supports dissemination and exploitation with a special focus on Standardisation and Liaison with Policy.
Multi-level and multi-technology orchestration of high- performance micro-services for network security and QoS
Duration
36 months
December 2019- November 2022
Sponsor
French Nation Research Agency (ANR)
Keywords
Description
For several years, programmability has become increasingly important in network architectures. A first generation of programmable networks was born ten years ago with the Software Defined Networking (SDN) concept and its implementations (OpenFlow) which offers a first level of control plane programmability. Then, the Network Function Virtualization (NFV) was introduced to enable the deployment of software functions. Today, the data plane programmability, mainly instantiated by P4 that further extends the concept of network programmability, is approaching.
In parallel, a new trend to finely split services into micro-services appeared. The expected benefits rely on an easier development and maintenance, better quality, scalability and responsiveness to new scenarios than monolithic approaches, while offering more possibilities for operators and management facilities through orchestration.
As a consequence, it appears that network functions, such as routing/switching, filtering, field translation, etc. can be split in several micro-services, implemented through different means, according to the software environments, and at different topological locations, thus opening the way to fully end-to-end programmable networks.
In this context, the fundamental question of the placement (topological location) and the execution environment (support node, such as a container or P4-based) of network functions, and more specifically micro-services that compose them, arises.
To date, even if some proposals start to include several networking programmable technologies (i.e. ONOS integrating SDN and P4), none of them consider a global end-to-end orchestration providing a multilevel and multi-technology abstract view for the optimization of network services finely cut into microservices, neither offer advanced network service orchestration algorithms.
This need for multi-level and multi-technology orchestration is even more important with the emergence of new services, such as immersive services, which exhibit very strong quality of service constraints (i.e. latency cannot exceed a few milliseconds), while preserving end-to-end security. In the project we will focus on such immersive services, and taking as example the use-case of a telesurgery and a remote drone operation.
In this context, the MOSAICO (Multi-layer Orchestration for Secured and low lAtency applICatiOns) project proposes to design, implement and validate a global and multi-layer orchestration solution, able to control several underlying network programmability technologies to compose micro-services forming the overall network service.
Montimage will contribute especially to the evaluation of the solution against the project use-case. A testbed with wired and wireless access networks, using the Open Air Interface (OAI) solution for taking into account the constraints and uncertainties of the 5G mobile networks, will be implemented.
Multi-level and multi-technology orchestration of high- performance micro-services for network security and QoS
Duration
36 months
November 2019- October 2022
Sponsor
European Commission
Keywords
Description
The goal of INSPIRE-5Gplus is to advance security of 5G and Beyond networks via two main approaches: (1) by leveraging/ extending existing assets such as Trusted Execution Environments (TEEs), Remote Attestation/Path Proof/RCA (Root Cause Analysis), and end-to-end liability management between parties, and (2) by introducing novel solutions/paradigms exploiting the potential of new trends including AI/ML and Blockchains. Accordingly, the INSPIRE-5Gplus project will address key security challenges against the concrete and efficient realisation of 5G through vertical applications, ranging from autonomous and connected cars to Critical Industry 4.0 (under specific regulation constraints).
Grounded in an integrated network management system and relevant frameworks, INSPIRE-5Gplus is entirely devoted to improve security at various dimensions (i.e., overall vision, use cases, architecture, integration to network management, assets, and models). It is also committed to deliver actionable results and enablers for all relevant stakeholders at both Program and Community levels. These outcomes will serve the crucial objectives of intelligent security and pervasive trust for future connected systems where Security will not be software-defined only, but will also be governed by Algorithms (AI, ML, Modeling, Optimization) to realize new concepts such as pro-active security while being trustworthy. Through its objectives, INSPIRE-5Gplus will deliver unique assets to achieve intelligent and trusted multi-tenancy (i.e. confident, evidence-based, and liable) across multi-tenants infrastructure, whilst also improving the control of systems, vulnerabilities and compromises for the infrastructure owners and tenants.
Montimage's main contributions will include the real-time security, quality and resource usage assessments and predictions in virtualised SDN/NFV environments. In particular, providing SECaaS (monitoring and reaction services) and real-time Secure Service Level Agreement (SSLA) assessments. Global security management and end-to-end orchestration of security functions providing multi-level and multi-technology abstract view for the optimization of network services finely cut into micro-services; considering TEE for trusted execution and P4 for data plane packet optimization.
Moreover, Montimage will provide an easy to deploy testing platform (EPC-in-box) based on open source hardware and software, our own 5G Core, our own monitoring framework for analysing traffic and security, and attack scenarios to demonstrate the effectiveness of the security mechanisms.