TrustORAN
Trustworthy Shared 5G O-RAN Solutions with On-demand Secure Network Slicing.
Project overview
The objective of the project is the investigation, specification, implementation and validation of a network infrastructure prototype implementing security and resource isolation framework for commissioned network slices.
In this project ISN is joining forces with FiduciaEdge to investigate, specify, implement and validate a network infrastructure prototype implementing security and resource isolation framework for commissioned network slices realizing the parallel private networks. The novelty lies in enabling the network slices to define the security concepts (including the level of resource isolation) that will be deployed at all layers (physical, virtualization, network). To this end, we aim at providing a framework for managing and monitoring the security features at all layers (including network, virtualization/container, cloud and physical layers) from the network slices management level, while maintaining the security baseline defined by the 5G standards.
The prototype will integrate ISN network running over the FiduciaEdge Core Technology provided by FiduciaEdge partner, which is one of the most secure infrastructures where the network may be deployed. It will include the slice security framework researched and proposed in the project. FiduciaEdge Core Technology will enhance ISN solution by adding all the security controls needed at the underlying infrastructure in order that the Open RAN equipment may be securely allocated in any physical environment (Open Cloud model). This will provide ISN with the possibility of providing a private network solution prototype with the highest security standards to be used in a separate environment or in a commercial network.
The objective of the project is the investigation, specification, implementation and validation of a network infrastructure prototype implementing security and resource isolation framework for commissioned network slices.
In this project ISN is joining forces with FiduciaEdge to investigate, specify, implement and validate a network infrastructure prototype implementing security and resource isolation framework for commissioned network slices realizing the parallel private networks. The novelty lies in enabling the network slices to define the security concepts (including the level of resource isolation) that will be deployed at all layers (physical, virtualization, network). To this end, we aim at providing a framework for managing and monitoring the security features at all layers (including network, virtualization/container, cloud and physical layers) from the network slices management level, while maintaining the security baseline defined by the 5G standards.
The prototype will integrate ISN network running over the FiduciaEdge Core Technology provided by FiduciaEdge partner, which is one of the most secure infrastructures where the network may be deployed. It will include the slice security framework researched and proposed in the project. FiduciaEdge Core Technology will enhance ISN solution by adding all the security controls needed at the underlying infrastructure in order that the Open RAN equipment may be securely allocated in any physical environment (Open Cloud model). This will provide ISN with the possibility of providing a private network solution prototype with the highest security standards to be used in a separate environment or in a commercial network.
Role of IS-Wireless
IS-Wireless is a provider of virtualised Radio Access Network components: O-DU, O-CU-UP, O-CU-CP. In addition, IS-Wireless will provide additional elements such as Slice and Security Controllers to translate security related slice requirements to the particular security controls which will be embedded into a new or existing slice in a lowest common multiple manner. It will analyze both the existing security controls and available ones through slice commissioning acceptance algorithms. We propose that the network slice controller will make decisions based on attributes describing how the network slice serves the service including security. Such attributes are a high-level abstraction that provide requirements for selected network parts to enforce specific behavior.
IS-Wireless is a provider of virtualised Radio Access Network components: O-DU, O-CU-UP, O-CU-CP. In addition, IS-Wireless will provide additional elements such as Slice and Security Controllers to translate security related slice requirements to the particular security controls which will be embedded into a new or existing slice in a lowest common multiple manner. It will analyze both the existing security controls and available ones through slice commissioning acceptance algorithms. We propose that the network slice controller will make decisions based on attributes describing how the network slice serves the service including security. Such attributes are a high-level abstraction that provide requirements for selected network parts to enforce specific behavior.