ABOUT TELECOM SUDPARIS
Telecom SudParis is a public graduate school for engineering, which has been recognized on the highest level in the domain of digital technology. The quality of its courses is founded on the scientific excellence of its faculty and on teaching techniques that emphasize project management, innovation and intercultural understanding. Telecom SudParis is part of the Institut Mines-Telecom, the number one group of engineering schools in France, under the supervision of the Minister for Industry. Telecom SudParis with Ecole Polytechnique, ENSTA Paris, ENSAE Paris and Telecom Paris are co-founders of the Institut Polytechnique de Paris, an institute of Science and Technology with an international vocation. Its assets include: a personalized course, varied opportunities, the no.3 incubator in France, an ICT research center, an international campus shared with Institut Mines-Telecom Business School and over 60 student societies and clubs.
Network and function virtualization technologies (SDN/NFV) are considered enablers to 5G slices, that is virtual and physical resources are dynamically allocated and orchestrated by a network slice broker to fulfil the needs of a tenant or a service provider. 5G slicing could be vulnerable to a number of threats across time including information leakage at design time, policy tampering at deployment stage, or application vulnerability exploitation or denial of service during runtime. At the same time, those same enablers allow slice owners to specify security policies and constraints that would apply to their slice. Such policies and constraints are negotiated with infrastructure and service providers in the form of service-level agreements (SLA). Finally, these policies are deployed automatically and evaluated continuously so as to anticipate changes. Therefore, it is needed to quantify security indicators and deploy means to continuously monitor them. The slice owner or operator would gain insights on the security level of the slice and subsequently verify the
enforcement of security policies. This ultimately ensures that security is guaranteed throughout the slice lifecycle.
The objective of the proposed work is to develop a number of indicators of security to quantify the level of security of a system in order to gain situational awareness. This will enable operators to take informed decision on the security of the slice. What is more, we would like to assess different countermeasures, not only in terms of their efficiency to thwart the detected attacks, but also in terms of their (adverse) impact to the protected slice. Therefore, the candidate will pursue the following goals:
• develop an integrated model (e.g., a digital twin) to produce security decisions based on the previously developed indicators
• quantify risks related to cybersecurity
• quantify mitigation and detection systems in a dynamic 5G slicing system
• quantify the efficiency and collateral damages of automated countermeasures
The proposed work aims at securing 5G slices and verifying that deployed policies are compliant with what was specified by the slice owner in terms of slicing and security. From the metrics collected throughout the infrastructure, we will be able to gain insights on the state of the slice, and its security level. Thus, we propose to define a model of the slice as a digital twin in order to quantify its risks. The security policies are often expressed in a domain-specific language, and together with the aforementioned model, we propose to quantify the coverage of mitigation and detection systems – by deriving security policies from the owner’s specifications (SLAs) to the implemented dataplane configurations – with respect to expected threats, through injection against the digital twin. Finally, we will improve on existing response quantification methodologies to adapt to 5G needs, to measure the trade off between the efficiency of the response and its potential collateral
damages against the slice.
Level of training and / or experience required:
Essential skills, knowledge and experience:
Advantageous skills, knowledge and experience:
Abilities and skills:
INFORMATION FOR APPLY:
Contract: determinated contract for 1.5 year full time
Deadline for apply: August 31, 2022
Contact for information: email@example.com