WO2023118922A1 - Procédé de conception d'une architecture d'un système électronique, procédé de réalisation de fonctions dans un système électronique et système électronique associé - Google Patents

Procédé de conception d'une architecture d'un système électronique, procédé de réalisation de fonctions dans un système électronique et système électronique associé Download PDF

Info

Publication number
WO2023118922A1
WO2023118922A1 PCT/IB2021/000958 IB2021000958W WO2023118922A1 WO 2023118922 A1 WO2023118922 A1 WO 2023118922A1 IB 2021000958 W IB2021000958 W IB 2021000958W WO 2023118922 A1 WO2023118922 A1 WO 2023118922A1
Authority
WO
WIPO (PCT)
Prior art keywords
micro
services
combination
service
security
Prior art date
Application number
PCT/IB2021/000958
Other languages
English (en)
Inventor
Shanay BEHRAD
David ESPES
Philippe Bertin
Cao-Thanh Phan
Original Assignee
Fondation B-Com
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fondation B-Com filed Critical Fondation B-Com
Priority to PCT/IB2021/000958 priority Critical patent/WO2023118922A1/fr
Publication of WO2023118922A1 publication Critical patent/WO2023118922A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity

Definitions

  • the invention relates to the field of micro-service architectures for electronic systems.
  • the invention relates to a method for designing an architecture of an electronic system, a method for performing functions in an electronic system and an associated electronic system.
  • Decomposition of a service into micro-services generally seeks to improve nonfunctional requirements, such as performance, reliability, maintainability, and complexity.
  • This article seeks to quantitatively characterise the trade-offs between the degree of reliability and the associated cost in terms of bandwidth and computing power.
  • the invention provides a method for designing an architecture of an electronic system providing a plurality of functions, wherein said method comprises a step of selecting a combination of micro-services jointly providing the plurality of functions based on at least one security metric associated with said combination of micro-services.
  • Security is hence taken into account when defining the combination of microservices that shall form the architecture of the electronic system.
  • the obtained electronic system can thus conform to a sought security level thanks to its particular design, which avoids the need for adding costly security measures to compensate for security issues that would be detected after the electronic system is designed.
  • the updated combination of micro-services includes a chain of micro-services including an interface micro-service adapted to provide connectivity to electronic devices external to said electronic system, and a security micro-service located opposite the interface micro-service in the chain of micro-services;
  • At least one step of rearranging an initial combination of micro-services into an updated combination of micro-services includes adding a gateway connected to a plurality of security micro-services defined in the initial combination of micro-services;
  • At least one step of rearranging an initial combination of micro-services into an updated combination of micro-services includes duplicating at least one micro-service defined in the initial combination of micro-services;
  • the method comprises execution of a machine learning algorithm receiving as an input a description of the service and producing data defining said plurality of functions;
  • the combination of micro-services jointly providing the plurality of functions is selected based on said at least one security metric associated with said combination of micro-services and based on at least a complexity metric associated with said combination of micro-services;
  • the security metric is representative of a confidentiality level associated with at least part of the combination of micro-services, or an integrity level associated with at least part of the combination of micro-services, or an availability level associated with at least part of the combination of micro-services;
  • the provided functions participate in operating a telecommunications network.
  • the proposed method may also comprise the following steps: - constructing a plurality of candidate combinations of micro-services, the candidate combinations of micro-services corresponding to distinct combinations of micro-services;
  • the selected combination may then be the candidate combination associated with an optimal value among said values.
  • the invention also provides a method for performing functions in an electronic system, comprising the following steps:
  • the invention also proposes an electronic system having an architecture designed using a method as defined above.
  • the invention provides computer program comprising instructions executable by a processor and designed such that the processor carries out a method as proposed above when these instructions are executed by the processor.
  • the invention provides a (non-transitory) computer readable medium storing a computer program as just mentioned.
  • FIG. 1 is a flowchart representing a first possible embodiment of a method of designing an architecture of an electronic system
  • Figure 2 schematically represents a first possible re-arrangement of microservices usable in the method of Figure 1 ;
  • Figure 3 schematically represents a second possible re-arrangement of micro-services usable in the method of Figure 1 ;
  • Figure 4 schematically represents a third possible re-arrangement of microservices usable in the method of Figure 1 ;
  • Figure 5 shows a combination of micro-services considered in a first example of use of the method of Figure 1 ;
  • FIG. 6 shows another combination of micro-services considered in the first example of use of the method of Figure 1 ;
  • Figure 7 shows a combination of micro-services considered in a second example of use of the method of Figure 1 ;
  • FIG. 8 shows another combination of micro-services considered in the second example of use of the method of Figure 1 ;
  • FIG. 9 is a flowchart showing an alternative embodiment of the method of designing an architecture of an electronic system according to the invention.
  • the electronic system is for instance a telecommunication network operating system.
  • the architecture is meant to provide a service including a plurality of functions. In the example just mentioned, as further explained below, these functions participate in operating a telecommunication network.
  • the method of Figure 1 is for instance performed by a computer comprising a processor and a memory storing computer program instructions designed such that the processor carries out the method of Figure 1 when these computer program instructions are executed by the processor.
  • This computer program may be stored on a computer readable medium and read by the computer for transfer to the memory for being executed by the processor.
  • the method of Figure 1 starts with a step S2 of receiving data defining the functions included in the service to be provided by the electronic system, and at least one target security level.
  • the data defining the functions can be a list of descriptors of the functions.
  • the data defining the functions can be a description of an existing combination of micro-services performing the service, i.e. the functions.
  • the at least one target security level may include a target confidentiality level and/or a target integrity level and/or a target availability level.
  • step S2 also includes receiving a complexity threshold.
  • step S2 includes receiving at least one security level (and possibly a complexity threshold) and a description of the service.
  • the functions can be determined from the service using dedicated algorithms, for instance as described below with reference to Figure 9.
  • the method of Figure 1 continues with a decomposition step S4 during which an initial architecture for the service is rearranged into an updated combination of micro-services.
  • Both the initial architecture for the service and the updated combination of micro-services are suitable to provide the service, i.e. perform the functions received in step S2.
  • the initial architecture for the service and the updated combination of micro-services may differ as regards their respective security levels.
  • the initial architecture for the service may in some embodiments be a description of the service, for instance a list of descriptors of the functions to be provided by the service as already mentioned.
  • step S4 may include a step of randomly distributing the functions in a predetermined number of micro-services.
  • the initial architecture for the service may also be an initial combination of micro-services, in particular when the step S4 is implemented subsequently to the step T1 described below (in which case the initial combination of micro-services results from a previous execution of step S4).
  • the re-arrangement of micro-services performed in step S4 may include merging at least two micro-services (of the initial combination of micro-services) into a single micro-service (in the updated combination of micro-services) and/or decomposing a micro-service (of the initial combination of micro-services) into 2 or more micro-services (in the updated combination of micro-services).
  • the rearrangement of micro-services performed in step S4 may thus involve a change of the size of micro-services and/or a change in the respective position of the micro-services in the combination.
  • step S6 of computing at least one security metric associated with the updated combination of micro-services produced by step S4.
  • Such a security metric can be representative of the security of a particular micro-service of the updated combination of micro-services, or representative of the overall security of the updated combination of micro-services.
  • the computed security metric can be representative of a confidentiality level associated with at least part of the updated combination of micro-services, or representative of an integrity level associated with at least part of the updated combination of micro-services, or representative of an availability level associated with at least part of the updated combination of micro-services.
  • the security metric is for instance computed using one of the formulae proposed in the article “Impacts of Service Decomposition Models on Security Attributes: A Case Study with 5G Network Repository Function”, by S. Behrad, D Espes, P. Bertin and C.T. Phan, ,” in 2021 IEEE 7th International Conference on Network Softwarization (NetSoft), 2021 , pp. 470-476.
  • Step S6 may also include the computation of a complexity value associated with the updated combination of micro-services.
  • This complexity value is for instance representative of the time complexity resulting from security measures used in the updated combination of micro-services.
  • This complexity value C may in practice be computed as the sum of complexity orders O a of security algorithms applied to entry points EPi (i.e. points providing connectivity to electronic devices external to the electronic system) in the updated combination of micro-services, for instance according to the following formula: where Ai is the set of security algorithms applied to a given entry point EPi.
  • step T1 of testing whether the at least one security metric (computed in step S6) conforms to the corresponding target security level (received in step S2).
  • step T1 it can be tested in step T1 whether the complexity value C (possibly computed in step S6) is below the complexity threshold (possibly received in step S2 as indicated above).
  • Other criteria such as performance criteria relating to the current combination of micro-services may also be taken into account in the test of step T 1 .
  • step S4 If (any of) the security metric(s) does not conform to the corresponding target security level (or if the complexity value C is above the complexity threshold), the method loops to step S4 for a further rearrangement of the current combination of micro-services.
  • step S8 If (all) the security metric(s) conforms (conform) the corresponding target security level (and, when computed, the complexity value is below the complexity threshold), the method proceeds to step S8.
  • step S8 the current combination of micro-services (/.e. the updated combination of micro-services obtained in the last occurrence of step S4) is selected for use as the architecture of the electronic system.
  • the electronic system can thus be produced with the architecture designed as per steps S2-S8 just described, i.e. based on the selected combination of microservices.
  • Functions of the service can then be performed by the electronic system, by executing the various micro-services of the selected combination of micro-services (step S10).
  • Figure 2 schematically represents a first possible re-arrangement of microservices usable in step S4 mentioned above.
  • the initial combination Ch1 of micro-services is a chain of microservices including an interface micro-service COM, a security micro-service SEC and at least another micro-service ANY.
  • the interface micro-service COM provides connectivity to electronic devices external to the electronic system and thus comprises an entry point for the electronic system.
  • the security micro-service SEC contains a key asset (that has to be protected from attacks), such as security (cryptographic) keys.
  • the interface micro-service COM and the other micro-service ANY contain normal assets.
  • the security micro-service SEC is situated between the interface micro-service COM and the other micro-service ANY in the chain of micro-services.
  • step S4 moves the security micro-service SEC to the end of the chain.
  • the security micro-service SEC is located opposite the interface microservice COM in the chain of micro-services.
  • Figure 3 schematically represents a second possible re-arrangement of micro-services usable in step S4 mentioned above.
  • the initial combination Combi of microservices includes ten micro-services M1-M10.
  • the second possible re-arrangement involves adding a gateway G connected to a plurality of micro-services (in particular security micro-services M8, M9, M10) defined in the initial combination Combi of micro-services.
  • security micro-services M8, M9, M10 is for instance a micro-service including sensitive assets, such as security (cryptographic) keys.
  • micro-services connected to the gateway G may then be located at the opposite of micro-services M1 , M2 that provide connectivity to electronic devices external to the electronic system ES, i.e. opposite to entry points EP1 , EP2 of the electronic system ES, with respect to the gateway G.
  • security micro-services M8, M9, M10 are thus accessible only through the gateway G in the updated combination Comb2 of micro-services.
  • the re-arrangement described here thus makes it possible to increase the confidentiality level and the integrity level of the electronic system ES, but has a negative impact on availability (because an attack on the gateway will affect microservices M8, M9 and M10).
  • the re-arrangement proposed here is thus used in the step S4 of the method of Figure 1 when there is a need to increase the confidentiality level and the integrity level (i.e. when the confidentiality level and/or the integrity level associated with the initial combination Combi of micro-services is lower than the corresponding target security level).
  • Figure 4 schematically represents a third possible re-arrangement of microservices usable in step S4 mentioned above.
  • the initial combination Comb3 of micro-services includes a plurality of microservices N1-N6.
  • the re-arrangement proposed here involves duplicating at least some of the micro-services N3, N4, N6 defined in the initial combination Comb3 of micro-services.
  • the updated combination Comb4 of micro-services thus includes at least one pair of micro-services providing the same functions, here several pairs N3, N3’; N4, N4’; N6, N6’ of micro-services, each such pair of micro-services including two micro-services both providing a given set of functions.
  • the redundancies in the updated combination Comb4 of micro-services increases the availability level of the electronic system.
  • the re-arrangement proposed here is thus used in the step S4 of the method of Figure 1 when there is a need to increase the availability level (i.e. when the availability level associated with the initial combination Comb3 of micro-services is lower than the target availability level).
  • the re-arrangement proposed here may also involve adding at least a gateway G1 , G2 for connecting at least a microservice N2; N5 to a plurality of redundant micro-services N3, N3’; N6, N6’ (redundant micro-services being microservices providing the same set of functions).
  • the Network Repository Function is responsible for keeping the information of the all network functions and providing this information to the requesters.
  • the Network Repository Function provides the following services:
  • the network functions in 5G core can register, deregister and update their profiles; they can also subscribe to be notified about any changes happen in the profiles of their intended network functions;
  • the network function in 5G core can discover their intended network function in 5G core and their provided services;
  • step S2 a list of the various functions that the Network Repository Function should provide is received by the computer carrying out the method of Figure 1.
  • a target security level here a target integrity level
  • the received target integrity level is expressed as a maximum allowable integrity risk:
  • MaxIntegrityRisk - - - where N is the number of software vulnerabilities in the whole code meant to perform the Network Repository Function when executed and p is the probability of exploiting these vulnerabilities for an attacker.
  • the subscription micro-service SUB, the registration micro-service NOT and the discovery micro-service DIS are suitable for performing the functions of the NFManagement service mentioned above.
  • a complexity threshold is also received by the computer in step S2, here a complexity threshold of value 2 x O(r).
  • step S4 The computer then implements a first occurrence of step S4 resulting in the combination of micro-services shown in Figure 5.
  • step S4 the computer performs a random decomposition leading to the combination of microservices shown in Figure 5.
  • the subscription micro-service SUB and the registration micro-service REG are connected to other network functions NF via a gateway micro-service GW.
  • the notification micro-service NOT is connected to the registration micro-service REG and can receive requests therethrough.
  • the notification micro-service NOT may however transmit data directly to other network functions NF.
  • the subscription micro-service SUB and the registration micro-service REG (as well as the notification micro-service via the registration micro-service) can thus be accessed through one URL that belongs to the gateway micro-service GW.
  • the discovery micro-service DIS, the access token micro-service TOK and the bootstrapping micro-service BTS are each connected directly to other network functions NF.
  • Each micro-service is in addition directly connected to the Network Repository Function External Database DB.
  • step T 1 thus results in a loop to step S4 (as the evaluated security metric, here the integrity level, does not conform with the target security level, here the target integrity level).
  • step S4 results in the combination of microservices shown in Figure 6.
  • the re-arrangement performed in this second occurrence of step S4 involves adding a gateway, as proposed and described above with reference to Figure 3.
  • the subscription micro-service SUB, the registration micro-service REG, the discovery micro-service DIS, the access token micro-service TOK and the bootstrapping micro-service BTS are connected to other network functions NF via an API gateway micro-service APIGW.
  • the notification micro-service NOT is connected to the registration microservice REG and can receive requests therethrough.
  • the notification micro-service NOT may however transmit data directly to other network functions NF.
  • Each micro-service is in addition directly connected to the Network Repository Function External Database DB.
  • the complexity value is O(n).
  • the computed security metric (here the integrity level) associated with the current combination of micro-services conforms to the target security level (here the target integrity level) and the complexity value associated with the current combination of micro-services conforms to the complexity threshold, such that the test at step T1 leads to step S8 where the current combination of micro-services (shown in Figure 6) is selected as an architecture of the electronic system (here the Network Repository Function).
  • ALISF Authentication Server Function
  • the Authentication Server Function ALISF is defined to provide the following services:
  • step S2 the computer implementing the method of Figure 1 receives the target confidentiality level, expressed as the maximum tolerable confidentiality risk:
  • confidentiality is the only security parameter considered.
  • the computer also receives the complexity threshold 3 x O(r).
  • step S2 This initial combination of micro-services may possibly be received by the computer (under the format of a description of this combination) is step S2.
  • the initial combination of micro-services shown in Figure 7 could result from previous iterations of steps S4 and S6 in the method of Figure 1 .
  • micro-services The initial combination of micro-services shown in Figure 7 includes the following micro-services:
  • the UE authentication microservice AUT, the steering of roaming information protection micro-service SOR and the UE parameters update protection micro-service UPU are directly connected to other network functions NF’.
  • the initial combination thus uses 3 entry points.
  • the UE authentication micro-service AUT, the steering of roaming information protection micro-service SOR and the UE parameters update protection micro-service UPU may exchange data with a database DB’ storing in particular an authentication key.
  • the UDM selection micro-service may exchange data with the UE authentication micro-service AUT only.
  • the confidentiality impact of the UE authentication microservice AUT is high, while the steering of roaming information protection micro-service SOR and the UE parameters update protection micro-service UPU have no confidentiality impact.
  • the exchange of data between the UE authentication micro-service AUT and other network functions NF’ is protected by both authentication and FIP-S encryption (e.g., AES).
  • step S4 a re-arrangement of the initial combination of microservices shown in Figure 7 is performed, here using the re-arrangement described above with reference to Figure 3 (addition of a gateway micro-service GW’) and leading to the updated combination of micro-services shown in Figure 8.
  • the UE authentication microservice AUT is still directly connected to other network functions NF’.
  • the steering of roaming information protection micro-service SOR and the UE parameters update protection micro-service UPU are however connected to other network functions NF’ via the added gateway micro-service GW’.
  • the updated combination thus uses 2 entry points.
  • the gateway micro-service GW’ is not connected to sensitive micro-services, it is not protected by authentication or encryption.
  • the UE authentication micro-service AUT, the steering of roaming information protection micro-service SOR and the UE parameters update protection micro-service UPU may exchange data with the database DB’, and the UDM selection micro-service may exchange data with the UE authentication microservice AUT only.
  • the security metric representative of the confidentiality level is evaluated by the computer as per step S6, which results in the present case in the following confidentiality risk associated with the updated combination shown in Figure 8:
  • This confidentiality risk is lower than the maximum tolerable confidentiality risk, such that the confidentiality level associated with the updated combination of micro-services shown in Figure 8 conforms to the target confidentiality level (received in step S2).
  • the complexity value (also computed in step S6) is 2 x O(n) (as two entry points are used in the updated combination) and is thus lower than the complexity threshold (received in step S2).
  • step T1 the method goes to step S8 where the updated combination shown in Figure 8 is used as the architecture of the Authentication Server Function.
  • Figure 9 is a flowchart showing an alternative embodiment of the method of designing an architecture of an electronic system according to the invention.
  • the electronic system has to be designed to perform a service including a plurality of functionalities.
  • the method of Figure 9 starts with a step S20 of receiving a description of the service and target security levels (i.e. a target confidentiality level, a target integrity level and a target availability level).
  • target security levels i.e. a target confidentiality level, a target integrity level and a target availability level.
  • step S21 of producing a list of functionalities and classifying each functionality of the service in one of the following groups:
  • This determination and classification of functionalities can be performed by a machine learning algorithm.
  • the machine learning algorithm can receive the description of the service as input and provide data defining the functionalities and the classification of the functionalities as outputs.
  • the machine learning algorithm is in this case trained using known list and classifications of functionalities.
  • the machine learning algorithm can be designed to compute, for each functionality, the respective probabilities that this functionality corresponds to the various groups listed above, the group with the higher probability being chosen as the resulting classification for the concerned functionality.
  • a Support Vector Machine algorithm can be used. As such an algorithm provides a binary classification, it is implemented 7 times to classify among the 8 groups mentioned above.
  • step S24 a plurality of candidate combinations of micro-services are constructed by distributing in different manners the functionalities into N microservices so as to obtain distinct combinations of micro-services.
  • the distribution of the functionalities may be done according to their classes as determined in step S21 . For instance, functionalities of a given class can be put in the same microservice. (This step is not implemented in the first iteration where N is equal to 1 .)
  • security metrics here a confidentiality level, an integrity level and an availability level
  • security metrics are computed for each candidate combination of microservices and the candidate combination which maximizes a fitness function depending on the security metrics (/.e. a fitness function depending on the confidentiality level and/or the integrity level and/or the availability level) is selected.
  • Steps S24 and 26 thus implement a so-called genetic algorithm.
  • step T2 it is tested whether the combination selected in step S26 is suitable for use as the architecture of the electronic system.
  • step T2 it is for instance determined in step T2 whether the security metrics (e.g. the confidentiality level and/or the integrity level and/or the availability level) associated with the selected combination conform to the target security level(s).
  • security metrics e.g. the confidentiality level and/or the integrity level and/or the availability level
  • step S27 the variable N is incremented and loops to step S24.
  • the method ends at step S28 by the choice of the last selected combination as the combination to be used for the architecture of the electronic system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé de conception d'une architecture d'un système électronique fournissant une pluralité de fonctions, ledit procédé comprenant une étape de sélection d'une combinaison de micro-services fournissant conjointement la pluralité de fonctions sur la base d'au moins une métrique de sécurité associée à ladite combinaison de micro-services. L'invention concerne également un procédé d'exécution de fonctions dans un système électronique et un système électronique associé.
PCT/IB2021/000958 2021-12-22 2021-12-22 Procédé de conception d'une architecture d'un système électronique, procédé de réalisation de fonctions dans un système électronique et système électronique associé WO2023118922A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2021/000958 WO2023118922A1 (fr) 2021-12-22 2021-12-22 Procédé de conception d'une architecture d'un système électronique, procédé de réalisation de fonctions dans un système électronique et système électronique associé

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2021/000958 WO2023118922A1 (fr) 2021-12-22 2021-12-22 Procédé de conception d'une architecture d'un système électronique, procédé de réalisation de fonctions dans un système électronique et système électronique associé

Publications (1)

Publication Number Publication Date
WO2023118922A1 true WO2023118922A1 (fr) 2023-06-29

Family

ID=81940436

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2021/000958 WO2023118922A1 (fr) 2021-12-22 2021-12-22 Procédé de conception d'une architecture d'un système électronique, procédé de réalisation de fonctions dans un système électronique et système électronique associé

Country Status (1)

Country Link
WO (1) WO2023118922A1 (fr)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017200978A1 (fr) * 2016-05-16 2017-11-23 Idac Holdings, Inc. Sélection et attribution de tranches à base de sécurité

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017200978A1 (fr) * 2016-05-16 2017-11-23 Idac Holdings, Inc. Sélection et attribution de tranches à base de sécurité

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
BECK MICHAEL TILL ET AL: "Resilient allocation of service Function chains", 2016 IEEE CONFERENCE ON NETWORK FUNCTION VIRTUALIZATION AND SOFTWARE DEFINED NETWORKS (NFV-SDN), IEEE, 7 November 2016 (2016-11-07), pages 128 - 133, XP033093237, DOI: 10.1109/NFV-SDN.2016.7919487 *
BEHRAD SHANAY ET AL: "Impacts of Service Decomposition Models on Security Attributes: A Case Study with 5G Network Repository Function", 2021 IEEE 7TH INTERNATIONAL CONFERENCE ON NETWORK SOFTWARIZATION (NETSOFT), IEEE, 28 June 2021 (2021-06-28), pages 470 - 476, XP033948513, DOI: 10.1109/NETSOFT51509.2021.9492620 *
IMPACTS OF SERVICE DECOMPOSITION MODELS ON SECURITY ATTRIBUTES: A CASE STUDY WITH 5G NETWORK REPOSITORY FUNCTION
S. BEHRADD ESPESP. BERTINC.T. PHAN: "Impacts of Service Decomposition Models on Security Attributes: A Case Study with 5G Network Repository Function", 2021 IEEE 7TH INTERNATIONAL CONFERENCE ON NETWORK SOFTWARIZATION (NETSOFT, 2021, pages 470 - 476, XP033948513, DOI: 10.1109/NetSoft51509.2021.9492620
SOENEN THOMAS ET AL: "A model to select the right infrastructure abstraction for Service Function Chaining", 2016 IEEE CONFERENCE ON NETWORK FUNCTION VIRTUALIZATION AND SOFTWARE DEFINED NETWORKS (NFV-SDN), IEEE, 7 November 2016 (2016-11-07), pages 233 - 239, XP033093253, DOI: 10.1109/NFV-SDN.2016.7919503 *
T. SOENENW. TAVERNIERD. COLLEM. PICKAVET: "Optimising Microservice-based Reliable NFV Management & Orchestration Architectures", 2017 9TH INTERNATIONAL WORKSHOP ON RESILIENT NETWORKS DESIGN AND MODELING (RNDM, 2017, pages 1 - 7, XP033243360, DOI: 10.1109/RNDM.2017.8093034

Similar Documents

Publication Publication Date Title
US11204919B2 (en) Optimizing queries and other retrieve operations in a blockchain
US20180048669A1 (en) Comprehensive risk assessment in a heterogeneous dynamic network
CN1738237B (zh) 具有连接管理的密钥配置拓扑
US20170264482A1 (en) Method and device for updating client
US11729001B2 (en) Distributed proof-of-work for sharded or parallel blockchains
US20190312908A1 (en) Cyber chaff using spatial voting
Gong et al. Surakav: Generating realistic traces for a strong website fingerprinting defense
CN111783142B (zh) 数据保护方法、装置、服务器和介质
US20230342669A1 (en) Machine learning model update method and apparatus
Munilla et al. Attacks on ownership transfer scheme for multi-tag multi-owner passive RFID environments
CN112199706B (zh) 基于多方安全计算的树模型的训练方法和业务预测方法
US11838311B2 (en) Systems and methods for automated quantitative risk and threat calculation and remediation
CN112508563A (zh) 跨链交易可信验证方法、装置及计算机设备
Anandhi et al. An authentication protocol to track an object with multiple RFID tags using cloud computing environment
Hristea et al. Destructive privacy and mutual authentication in Vaudenay’s RFID model
EP4172867A1 (fr) Apprentissage machine fédéré décentralisé par sélection de noeuds de travailleurs participants
Upadhyay et al. Robust and secure hybrid quantum-classical computation on untrusted cloud-based quantum hardware
Kawamoto et al. On the compositionality of quantitative information flow
WO2023118922A1 (fr) Procédé de conception d'une architecture d'un système électronique, procédé de réalisation de fonctions dans un système électronique et système électronique associé
Habler et al. Adversarial machine learning threat analysis and remediation in open radio access network (o-ran)
CN116506206A (zh) 基于零信任网络用户的大数据行为分析方法及系统
CN115795546A (zh) 基于污点标志跟踪的微服务应用访问控制方法及装置
WO2022099115A1 (fr) Système et procédé d'analyse de sécurité assistée par apprentissage machine de systèmes connectés à un réseau 5g
CN116488816A (zh) 一种基于区块链网络的数据处理方法、装置及存储介质
Zhu et al. Lightweight anonymous RFID group ownership transfer protocol in multi-owner environment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21899328

Country of ref document: EP

Kind code of ref document: A1