unified approach to trust in networks management unified approach to trust in autonomic networks...

Download Unified Approach to Trust in Networks Management Unified Approach to Trust in Autonomic Networks andtheir

Post on 26-Dec-2019

1 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • http://www.etsi.org/http://www.univerself‐project.eu/

    Unified Approach to pp Trust in Autonomic Networks 

    and their Managementand their Management

    Laurent Ciavagliag Alcatel‐Lucent Bell Labs France

    (On behalf of the UniverSelf consortium)

    2nd ETSI Workshop on Future Network Technologies, session Autonomic Network Management,  27.SEP.2011, Sophia‐Antipolis, France

  • The Roadmapp "In the history of computing there has often been a 10 or more year gap  b t th f t h l d th dd i f it i th tbetween the use of technology and the addressing of security issues that  arise from it" Virgil Gligor, University of Maryland, National Security Award 2006,

    Invited talk at The 3rd Annual VoIP Security Workshop, Berlin, Fraunhofer FOKUS, 01.JUN.2006

    • Understanding trust issues arising from autonomics • Innovation: Focus on Unified Management of (Autonomics + Trust in Autonomics) • Autonomic specific metrics• Autonomic‐specific metrics • Towards Certification of Autonomic features

    • Certification model(s) • Process • Business Impacts

    • Towards Unified Trust + Management mechanisms • Predicates‐based trust • Design for trust • The Power of predicates

    • Actions in Standard bodies and UniverSelf plans • Acknowledgements References Glossary• Acknowledgements, References, Glossary

  • Understanding Trust

    T t i A t i

    g Business Incentives

    Dependable Adaptation [4] Survivable Availability [4]

    ch  a s

    Certified  Trust

    Trust  in Autonomics Autonomic Features

    Specific for

    With

    Su c

    er tif ie d  fo r

    Trust

    ModelDesign Used in DomainSpecific forMethod By

    Specific for Services

    Infrastructure With

    O f 

    For

    At

    Ce

    MeasurableR un

     ti m e

    D es ig n

    Model  driven  Trust

    D ef in ed

     b y

    To  p ro te ct

    Characterize

    Dependability Assurance

    At

    Measurable       Trust     

    R Trust

    Trust Can be  under

    Attack Threat Failure

    Metrics Mechanisms

    ed by

    D ef in in g

    OfEnabling

    Communication

    Translation Failure Information

    Technologies  Domains

    Across

    Translation

    Interworking

    E2E Trust Domains Levels

  • Innovation spacep Attacks

    Access  control

    Attacks FailuresAttacks Privacy Trust

    Autonomic architectures

    Authentication Monitoring

    Attacks FailuresAttacks

    Endpoint  health

    Confidentiality .....

    Threats Source: Yacine Rebahi, Ranganai Chaparadza, “EFIPSANS Security Roadmap”

  • Autonomic‐specific metricsp Step‐by‐step deployment of autonomic features

    shall not deteriorate the global network performance

    Availability Connectivity

    One‐way delay One‐way loss

    Packet re‐ordering Link bandwidth Packet duplication

    Metrics Measured by

    One way loss Round‐trip delay Jitter Loss patterns

    Routing metrics Service availability Network device state

    Metrics

    Possible metrics for autonomic features

    A utono

    Com p

    Learnin

    A dap

    Scal

    Respon

    D epen

    Staom y level

    patibility

    ng ability

    ptability

    ability

    nse tim e

    ndability

    … bility

    Source: Pedro B. Velloso, Laurent Ciavaglia “Composition of Well‐known Metrics to Characterize Autonomic Networks”, IEEE Network Magazine

  • Certification models • Certification of systems, process, services… à la ISO… à la MEF… • Define the type of certification needed per particular use case according• Define the type of certification needed per particular use case according 

    to the UniverSelf developed classification and performing the associated  Cost‐Benefit analysis;

    Application domain

    Use case

    pp

    Self‐diagnosis and ‐healing  IMS with VoIP and VPN services Networks stability/performance Dynamic virtualization/migration contents/servers in mobile access

    Classification

    Dynamic virtualization/migration contents/servers in mobile access SON LTE collaboration under operator‐policies Network‐morphing Operator‐governed/E2E/autonomic/network& service management Network and Service Governanceio

    n  ty pe

    Cost : benefit

    Network and Service Governance

    “The marginal benefit of increasing investment  for a given adjustment (mb) represents demand,  or willingness to pay; this decreases with

    Ce rt ifi ca ti

    or willingness to pay; this decreases with  increasing effort or expenditure on hazard  prevention. Marginal cost (mc) represents supply.  The optimum state exists when marginal costs  and marginal benefits are equal.”

    Text/Picture credit: http://www.lancs.ac.uk/staff/gyaccp/hazards/chap6.htm

  • KPI Envelopep

    • The KPI‐based envelope of process‐correct adaptations of the  system will be used in the trustworthiness evaluation of the system; 

    • the KPI based envelope can include• the KPI‐based envelope can include  – point correctness criteria (such as scalability, stability, security, 

    availability, reliability, consistency, response time, etc.) evaluated for  various networking contextsvarious networking contexts

    – and their combinations to cater for statistically sound evaluation of  process correctness; 

    – these stationary criteria will be enriched by those assessing dynamicthese stationary criteria will be enriched by those assessing dynamic  and transient properties (e.g. the rate of self‐healing, convergence  times, etc.);

    The KPI‐based envelope ensures dependable adaptations

  • Certification Process

    • The certification procedures can be divided into the  two clusters: 

    fi t t th f it i hi h ill t– first, to assess the performance criteria, which will capture  recommendations and best current practices of the usage  of testbeds, simulations, and mathematical analysis  l t d t th l frelated to the classes of use cases; 

    – Second, defining autonomic criteria for autonomy  certification, considering the trade‐off between rigorous , g g certification rules and flexibility to support new  applications.

    A utonom

    y

    Com pati

    Learning 

    A daptab

    Scalabi

    Response

    D ependa

    StabilOpen set of criteria y level

    ibility

    ability

    bility

    ility

    e tim e

    ability

    ity

  • Business Impactsp

    • Must consider potential business impacts related toMust consider potential business impacts related to  the newly introduced certification procedure. 

    • These might be related to:• These might be related to:  – the functional architecture, 

    l k– value network,  – cost and revenue structure or 

    h l f h f d d d– the value proposition for the certified system under study.

  • The Approach Trust in Autonomics can be achieved via the use of predicates

    The Approach

    WP3WP2 Operational trust is to be build

    Focus is on control loops  and their interaction

    Focus is on structure (hierarchy)  and functional blocks

    WP2

    as e

    ha se

    Behaviour is Behaviour is n  Ph

    a

    io n  Ph

    Behaviour is Pre‐defined emergent

    G d b

    Governed by Goal policies

    Adapted byPicture credits: http://en.wikipedia.org/wiki/V‐Model

    Define Trust Predicates Verify Trust PredicatesD es ig

    pe ra t

    During the design Governed by Goal policies

    Adapted by Utility  policies

    Consider rather grammatical than logical meaning of a predicate: Control Loop behaviour ~ sentence, in which Subject = CL’s Decision Process

    Define Trust Predicates Verify Trust PredicatesD

    O

    “MRO in cell A increments the TTT by 10%” = Predicate (Subject, Parameters)

    Predicate (*, *)                              – abstract behaviour; Predicate (S, *), Predicate (*, P) – partially qualified behaviour; Predicate (S, P)                              – fully qualified behaviour

  • Example Cell A Overall 

    Spectral  Inefficiency

    Increases when no of allocated RBs is large

    p

    R andom A ccess C Hannel

    Resources

    Waked Up

    Newly  Connected Terminals

    Call & HO  l k

    To satisfy

    Inefficiency

    To improve

    Increases when no of allocated RBs is small

    ReservedUL Resource Blocks of cell A

    The lower the no of successful  incoming HOs, the lower the  demand in terms of UL RBs

    Blocking  Probability

    Increases when no of allocated RBs

Recommended

View more >