5g info day
TRANSCRIPT
5G-PPP Success
12 July 2016
Stephen Phillips and Mike Surridge
{scp,ms} @ it-innovation.soton.ac.uk
IT Innovation and 5G-ENSURE
5G Info Day, London
5G-ENSURE
2
Funding (5G-PPP phase 1): €7.6MResources: 780 pm / 32 FTETime: Nov-2015 to Oct-2017 (2 years)
IT INNOVATION IN CONFIDENCE
© University of Southampton IT Innovation Centre 2015
Security challenges5G vs. previous generations
New service & business models require a ubiquitous flexible & extensible 5G infrastructure
Shift towards softwarization and cloudification of everything (SDN, NFV) means higher requirements for system security, integrity, usability and manageability
Changing threat landscapeMore frequent cyber-attacks Need to supporting critical applications
New trust modelsIncrease in numbers and kinds of stakeholdersMore complex stakeholder relationships
Privacy concernsUser, device, location, data, communication, …Lawful interception
4
USIMDomain
MobileEquipment
Domain
Access Network Domain
ServingNetworkDomain
HomeNetworkDomain
TransitNetworkDomain
Implicit Trust Model in 4G
Responsibility for domain
Trust defined by contract
Implicit relationship
Key:Regulators, Police, etc
USIM/UICCManuf.
Mobile EquipManuf.
PlatformProvider
ApplicationProvider
ServiceProvider
RoamingProvider
InterconnectProvider
AccessNetworkOperator
Subscriber
AAA/IDM
IMSI IMEI
Network Equip. Manuf.
© University of Southampton IT Innovation Centre 2016
Our Contribution
• Develop 5G trust and trustworthiness models using our
semantic security modelling approach
• Develop ‘trust enablers’ = tools that can use the models
to support 5G network stakeholders
– researchers in 5G-ENSURE: to check the security properties of
proposed 5G architectures
– designers and operators of 5G network services
– designers and operators of ‘vertical’ applications
• IT Innovation contribution: 62pm over 2 years €553k out
of total project funding of €7.58M
• Exploitation potential: tools to help stakeholders manage
security risks, especially SMEs who lack the capacity for
conventional ‘manual’ cyber security analysis
© University of Southampton IT Innovation Centre 2016
IT Innovation Centre
• We carry out applied research and development
with and for industry and commerce
– collaborative research
(supported by EC and UK programmes)
– client-funded research, development and consulting
• Currently ~30 staff, ~20 projects with ~100
commercial clients and partners
• Delivering impact:
– Knowledge transfer to clients and collaborators
new products and services
– Direct spin-offs
– Novel published research
© University of Southampton IT Innovation Centre 2016
(One of) Our Research Goals
• Goal: create models of trust/trustworthiness that
have utility for IT system design
• Approach: recognise trust/trustworthiness is
actually about acceptance/prevention of risks
– in what do I trust what risks do I accept
• Solution: create models of potential risks and
tools to map them to a given system and
understand which risks are controlled
• Applications: security requirements engineering,
trustworthy system composition and operation
© University of Southampton IT Innovation Centre 2016
Semantic Modelling Stack
• Approach developed in FP7 SERSCIS and OPTET projects
• Core model: underpins the basic modelling approach and tooling
• Generic model: encodes security expert knowledge
• Design-time model: captures specific system configuration and
supports ISO 27005 analysis of risks and security requirements
© University of Southampton IT Innovation Centre 2016
Design-time
Trustworthiness
Model
Design-time
Trustworthiness
Model
Deployment
Model
Deployment
Model
Run-time
Trustworthiness
Model
Run-time
Trustworthiness
Model
Core ModelCore Model
Generic ModelGeneric Model
• SERSCIS
– FP7-ICT-SEC-2007
– 2008 – 2011
– Critical Infrastructure
Modelling &
Management
• OPTET
– FP7-ICT-2011-8
– 2012 – 2015
– Internet connected
socio-technical
systems
© University of Southampton IT Innovation Centre 2016
The Journey
• Participation in collaborative projects since FP3
– Building on previous work and experience
– Building on a large number of existing relationships
• Impact through UK Government contract to
assess Cyber-Essentials scheme.