Skip navigation

Concordia university

Collaborating on security

Evolving the future of 5G security with Concordia University

5G is being rapidly rolled out across the world. To unlock its full value by becoming more agile, flexible, and scalable, 5G relies on latest technologies such as cloud, virtualization and softwarization. This comes with additional complexity, making security compliance verification and assurance more challenging than before.

Case

In collaboration with Montreal-based Concordia University, Ericsson Security Research is leveraging its previous collaborations on Cloud Security Compliance auditing to tackle new issues in NFV/SDN domains – a move which is critical to the future of the Internet of Things (IoT).

Blending expertise

Hands typing on keyboard programming security functions

The collaboration brings together Ericsson's strong tradition of security research and development with Concordia's advanced capabilities within information systems engineering and cyber security in the field of cloud computing.

The two organizations have been working within the NSERC/Ericsson industrial research chair since 2019 to address the need for developing new approaches of security compliance verification that are more adaptable to the underlying technology of the next generation mobile network, particularly NFV/SDN, and its inherent characteristics.

For example, the security of NFV cannot be tackled without considering the multi-layered aspect of NFV and correlation between those layers. Additionally, the benefits from NFV/SDN comes from its enabled automation and orchestration, which result in a dynamically and frequently changing environment. Thus, the use of manual traditional security compliance verification solutions becomes dramatically costly and inefficient. Furthermore, the project has rapidly adapted to recently observed technology changes by steering research to the new containerized environments.

 

Secure cloud and 5G

Targeting the different layers of the stack forming the next generation mobile network, the project proposes several solutions addressing different security and privacy aspects.

The ultimate aim of the project was to develop a toolkit of scalable, automated and efficient security auditing and compliance verification algorithms that meet the needs of the cloud.

The first stage of the collaboration has been successfully executed, resulting in a number of published papers and sparking interest within the industry and security research communities. Significantly, successful proofs-of-concept have also been performed, with the developed algorithms prototyped into OpenStack cloud management systems, and, more recently, into Kubernetes container environment.

Phoenix: Surviving Unpatched Vulnerabilities via Accurate and Efficient Filtering of Syscall Sequences

Unpatched vulnerabilities represent one of the most critical concerns for businesses that rely on software-based services. Our joint research team explored the research question “How to safeguard cloud-based applications from unknown vulnerabilities, as well as known vulnerabilities for which no patch is currently available, while ensuring uninterrupted and timely service delivery?” The result was Phoenix, a solution for preventing exploits of unpatched vulnerabilities by accurately and efficiently filtering sequences of system calls identified through provenance analysis. The solution is explained in the recently published conference paper Phoenix in the Network and Distributed System Security Symposium (NDSS) 2024, one of the top four security conferences in the world.

ProvTalk - efficient root cause analysis of security incidents in NFV environments

For a more effective root cause analysis of security incidents in multi-level NFV environments, the project developed a novel solution we call ProvTalk. This solution applies machine learning and a newly defined multi-level provenance graph. ProvTalk tackles challenges stemming from the multi-level aspect of the management stack, the complexity, and the sheer size of operations. ProvTalk provides new features and capabilities, not existing in comparable commercial tools, to increase automation and ease the investigation process through three novel techniques, namely multi-level pruning, mining-based aggregation, and rule-based natural language translation. ProvTalk was presented at the Network and Distributed System Security (NDSS) Symposium 2022, one of the top security conferences.

Read the paper

ProSaS - proactive security compliance auditing system for the Cloud

ProSaS, published recently in the IEEE TDSC journal, proposes a proactive security compliance auditing system for Clouds. This revolutionizes the traditional retroactive approach by enabling the prediction of future critical events, based on ML-learned dependency model. Then, it proactively verifies the potential impacts of those future events on the compliance status and prevents them before they can actually cause violations of security policies. This work is currently being extended to tackle containerized environments.

Read the paper

R2DP - on automation for differential privacy

R2DP (randomizing the randomization mechanism of differential privacy) automatically optimizes different utility metrics to enable differentially private investigation of data by a third-party analyst using common Machine Learning tools.

R2DP was presented at the top tier ACM Computer and Communications Security Conference  (CCS) 2020.

Read the paper

Security compliance verification in 5G

The next stage of the research collaboration will focus on getting closer to the security requirements within 5G systems which will raise new challenges, such as those related to Network Functions Virtualization (NFV), a key technology in 5G, and the Cloud-native computing approach.

In particular, a key goal for this stage will be achieving a proactive compliance-driven security monitoring, attack prevention, detection and mitigation solutions. This will be an important feature of future solutions if they are to keep up with the high speeds of 5G.

The results of this research will be highly significant for the industry. From robotics to self-driving cars, 5G will be a critical enabler of many IoT use cases – and all will need to provide evidence that they meet security requirements.

By addressing compliance challenges in cloud and 5G, Ericsson and Concordia University are helping to make a secure, connected future a reality.

Data center security verification

Concordia CIISE

Established in 2002, the Concordia Institute for Information System Engineering (CIISE) offers graduate programs in information system security. With a total of 65 cybersecurity researchers, including 10 professors, 55 graduate students and postdoctoral fellows and high levels of funding, the Institute is a thriving environment for interdisciplinary research.

 

Learn more