The Smart and Secure Networks Lab (S2N) is a National Laboratory, located in Genoa, Italy, of CNIT (National Inter-University Consortium for Telecommunications). Its activities cover the areas of Future Internet and its applications, with particular emphasis on cybersecurity, 5G and beyond, network sustainability, cloud-native virtualization and edge computing. Specific research interests are in signal and networking optimization, network management and control, Software Defined Networking, Network Functions Virtualization, network slicing, satellite communications, security of virtualized infrastructures and cyber-physical systems.
The Laboratory staff includes 8 CNIT employees and 24 university and CNR research associates, who have been involved in a large number of national and EU-funded research projects.
S2N operates a highly flexible and large networking infrastructural testbed, able to control computing resources at bare-metal level, autonomously instantiate virtual infrastructure managers or software components in automated unattended fashion, and connect them to software-defined networking and radio devices and user equipment.
The vision of MATILDA is to design and implement a holistic 5G end-to-end services operational framework tackling the lifecycle of design, development and orchestration of 5G-ready applications and 5G network services over programmable infrastructure, following a unified programmability model and a set of control abstractions.
It aims to devise and realize a radical shift in the development of software for 5G-ready applications as well as virtual and physical network functions and network services, through the adoption of a unified programmability model, the definition of proper abstractions and the creation of an open development environment that may be used by application as well as network functions developers.
Intelligent and unified orchestration mechanisms will be applied for the automated placement of the 5G-ready applications and the creation and maintenance of the required network slices. Deployment and runtime policies enforcement is provided through a set of optimisation mechanisms providing deployment plans based on high level objectives and a set of mechanisms supporting runtime adaptation of the application components and/or network functions based on policies defined on behalf of a services provider.
Multi-site management of the cloud/edge computing and IoT resources is supported by a multi-site virtualized infrastructure manager, while the lifecycle management of the supported Virtual Network Functions Forwarding Graphs (VNF-FGs) as well as a set of network management activities are provided by a multi-site NFV Orchestrator (NFVO). Network and application-oriented analytics and profiling mechanisms are supported based on realtime as well as a posteriori processing of the collected data from a set of monitoring streams. The developed 5G-ready application components, applications, virtual network functions and application-aware network services are made available for open-source or commercial purposes, re-use and extension through a 5G marketplace.
ASTRID pursues a transition from infrastructure-centric to embedded service-centric cybersecurity frameworks.
The main concept is the disaggregation of cyber-security appliances into business logic (i.e., detection algorithms) and data plane (i.e., monitoring and inspection tasks), mediated by orchestration logic and proper security models. Instead of overloading the execution environment with complex and sophisticated threat detection capabilities, efficient processing capabilities are provided in the execution environment that create events and knowledge. Algorithms for detection of threats and vulnerabilities are moved upwards and process such data in a coordinated way for the whole execution environment.