The vision of PUZZLE is to enhance the the cyber-health of an SME business ecosystem based on a SecaaS marketplace offering a wide gamut of cyber-security tools, applications and services which enable them to dynamically monitor, forecast, assess and manage their security, privacy and personal data risks. The endmost goals is to enable SMEs&MEs, that may lack resources to target the integration of holistic security solutions, towards increasing their cyber-security awareness through the efficient aggregation and processing of heterogeneous information flows, collected by distributed agents, and the establishment of online collaboration and (threat intelligence) knowledge sharing with other business stakeholders.
These requirements are grouped by type of the core functionalities and services envisioned in PUZZLE in the following fields: network security management, remote attestation, dynamic real-time risk assessment and enhanced and accountable knowledge sharing of operational threat intelligence data flows (through the use of policy-compliant Blockchain structures).
In this context, PUZZLE will investigate the adoption of key technologies in edge and cloud native application security for orchestrating and unifying the provision of appropriate security resources protecting both logical extremes of a business ecosystem; namely the edge and the network operating stacks. The PUZZLE framework will incubate artificial intelligence (through the adoption of advanced Deep Learning and Graphical Machine Learning classification mechanisms) to extract insights from the aggregated information in the facilitation of analysis, security recommendations and reports.
Information will originate from the monitoring and introspection of security information such as vulnerability information in the running service workloads, workload audits (e.g., host based forensics traces as well as network packet traces), context security, etc. All these operations will be facilitated through the deployment of programmable agents and trust anchors as enablers for the secure monitoring, collection, aggregation and verifiable processing and computing of such heterogeneous information flows (running within the target business ecosystem) and the secure communication and data sharing with backend centralized processing and threat intelligence extraction engines.
In order to also have verifiable evidence on the correctness of the exchanged information, this process will be also secured by trust extensions leveraging root of trust capabilities of a novel TC-enabled middleware (using either Trusted Execution Environments (TEEs) or a combination of HW- and SW-based decentralized roots-of-trust such as using TPMs and DICE abstractions) that guarantees and simplifies the trust relationships between all layers in the entire OS runtime stack, thus, providing strong security and trust claims on the trustworthiness of all service function chains of a zone of heterogeneous, connected devices (like the assets comprising a processing of the data extracted from verified and authenticated data sources) will be supported through the use of policy-compliant Blockchain structures.