The vision of MATILDA is to design and implement a holistic 5G end-to-end services operational framework tackling the lifecycle of design, development and orchestration of 5G-ready applications and 5G network services over programmable infrastructure, following a unified programmability model and a set of control abstractions.
It aims to devise and realize a radical shift in the development of software for 5G-ready applications as well as virtual and physical network functions and network services, through the adoption of a unified programmability model, the definition of proper abstractions and the creation of an open development environment that may be used by application as well as network functions developers.
Intelligent and unified orchestration mechanisms will be applied for the automated placement of the 5G-ready applications and the creation and maintenance of the required network slices. Deployment and runtime policies enforcement is provided through a set of optimisation mechanisms providing deployment plans based on high level objectives and a set of mechanisms supporting runtime adaptation of the application components and/or network functions based on policies defined on behalf of a services provider.
Multi-site management of the cloud/edge computing and IoT resources is supported by a multi-site virtualized infrastructure manager, while the lifecycle management of the supported Virtual Network Functions Forwarding Graphs (VNF-FGs) as well as a set of network management activities are provided by a multi-site NFV Orchestrator (NFVO). Network and application-oriented analytics and profiling mechanisms are supported based on realtime as well as a posteriori processing of the collected data from a set of monitoring streams. The developed 5G-ready application components, applications, virtual network functions and application-aware network services are made available for open-source or commercial purposes, re-use and extension through a 5G marketplace.
ASTRID pursues a transition from infrastructure-centric to embedded service-centric cybersecurity frameworks.
The main concept is the disaggregation of cyber-security appliances into business logic (i.e., detection algorithms) and data plane (i.e., monitoring and inspection tasks), mediated by orchestration logic and proper security models. Instead of overloading the execution environment with complex and sophisticated threat detection capabilities, efficient processing capabilities are provided in the execution environment that create events and knowledge. Algorithms for detection of threats and vulnerabilities are moved upwards and process such data in a coordinated way for the whole execution environment.
The purpose of the GUARD project is manifold:
- to increase the information base for analysis and detection, while preserving privacy;
- to improve the detection capability by data correlation between domains and sources;
- to verify reliability and dependability by formal methods that take into account configuration and trust properties of the whole chain
- to increase awareness by better propagation of knowledge to the humans in the loop.
The distinctive approach of GUARD will be the architectural separation between analysis and data sources, mediated by proper abstraction; this paradigm will result in an open, modular, pluggable, extendable, and scalable security framework. This holistic solution will blend security-by-design with enhanced inspection and detection techniques, raising situational awareness at different levels of the companies’ structure by tailored informative contents, so to enable quick and effective reaction to cyber-threats.