Securing Convergent Ultra-large Scale Infrastructures

确保融合超大规模基础设施的安全

• 批准号: EP/Z531315/1
• 负责人: Awais Rashid
• 金额: $ 864.03万
• 依托单位: University of Bristol
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2024
• 资助国家: 英国
• 起止时间: 2024 至 无数据
• 项目状态: 未结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FZ531315%2F1
• 关键词: Securing; Convergent; Ultra; large; Scale

Digital infrastructures are seeing convergence and connectivity at unprecedented scale. This is true for both current critical national infrastructures and emerging future systems, e.g., smart cities, intelligent transportation, high-value manufacturing and Industry 4.0. Cyber security of such ultra-large scale infrastructures faces unprecedented complexity. Diverse legacy and non-legacy software and hardware compose on-the-fly to deliver services to millions of users with varying requirements and unpredictable actions. This complexity is compounded by intricate supply-chains and the need to deliver resilient operations in the presence of untrusted, partially trusted or compromised elements. The integrated exploration of such ultra-large scale, compositionally secure infrastructures is an imperative need, yet to be comprehensively scoped in the research community. There is an urgent need to pivot our perspective away from piecemeal solutions to one that takes a compositional, adaptive view, anticipating and addressing the security challenges arising from hitherto unprecedented complexity, heterogeneity and connectivity. Furthermore, shifting established research paradigms from an ideal vision of security-by-design to the reality of securing-a-compromised-system is imperative.SCULI will drive this paradigm-shift to predictable security assurances in the presence of uncertainty. This holds the key to addressing the grand challenge of provisioning security at the societal scale—highly interconnected, dynamic, structureless, on-demand systems and services. To do so, it will deliver rapid research advances in four fundamental but interlinked research challenges:Predictability at ultra-large scale: How to elicit, specify and validate security assurances for service composition in the presence of uncertainty, dynamism and human behaviour (including addressing direct and indirect dependencies and resulting systemic risks)?Composition at ultra-large scale: How to compose and orchestrate security provision across diverse and heterogeneous evolving infrastructures with legacy and non-legacy elements that change over a long infrastructure lifespan?Continual assurance at ultra-large scale: How to reason, to requisite levels of accuracy and at an appropriate pace, about the security state at runtime to provide continuity of oversight and trust, when several elements may be partially trusted, under attack, vulnerable or compromised?Incident response at ultra-large scale: How to orchestrate incident response in a manner that accounts for heterogeneous incident response practices in constituent systems and provides situational awareness at the necessary pace and resolution for human-machine decision-making?SCULI's research advances will deliver future security provision in digital infrastructures underpinning society for the next several decades. From a practical standpoint, embracing the challenges of delivering security in the context of such highly distributed, independent (individually) yet co-dependent (collectively), infrastructures is the only way to build a resilient digital backbone for industry and society. From a policy perspective, this is critical to the UK's socio-economic prosperity as reflected in the National Cyber Strategy (December 2021). From a citizens and public discourse perspective, this is key to transforming the narrative on cyber security from fear, uncertainty and doubt to predictable, continual assurance, and accountable decision-making when securing societal-scale infrastructures.

数字基础设施正在以前所未有的规模实现融合和连接。对于目前的重要国家基础设施和正在出现的未来系统，智慧城市、智能交通、高价值制造业和工业4.0。这种超大规模基础设施的网络安全面临着前所未有的复杂性。各种传统和非传统软件和硬件组成的飞行，以提供服务，以数百万用户的不同要求和不可预测的行动。复杂的供应链以及在存在不可信、部分可信或受损元素的情况下提供弹性操作的需求加剧了这种复杂性。这种超大规模的，成分安全的基础设施的综合探索是一个迫切的需要，尚未在研究界进行全面的范围。迫切需要将我们的观点从零敲碎打的解决方案转向一种综合的、适应性的观点，预测和解决迄今为止前所未有的复杂性、异质性和连通性所带来的安全挑战。此外，将现有的研究范式从设计安全的理想愿景转变为安全受损系统的现实势在必行。SCULI将推动这种范式转变，在存在不确定性的情况下实现可预测的安全保证。这是解决在社会规模上提供安全性的巨大挑战的关键-高度互连，动态，无结构，按需系统和服务。为了做到这一点，它将在四个基本但相互关联的研究挑战方面提供快速的研究进展：超大规模的可预测性：如何在存在不确定性，动态性和人类行为的情况下（包括解决直接和间接的依赖关系以及由此产生的系统性风险）引出，指定和验证服务组合的安全保证？超大规模的组合：如何组合和协调各种异构的不断发展的基础设施中的安全配置，这些基础设施中的传统和非传统元素会在很长的基础设施生命周期内发生变化？超大规模的持续保证：当多个元素可能部分受信任、受到攻击、易受攻击或受损时，如何以适当的速度推理运行时的安全状态，以提供监督和信任的连续性？超大规模事件响应：如何以一种方式协调事件响应，以解决组成系统中的异构事件响应实践，并以人机决策所需的速度和分辨率提供态势感知？SCULI的研究进展将在未来几十年内为支撑社会的数字基础设施提供未来的安全保障。从实践的角度来看，在这种高度分布式、独立（单独）但相互依赖（共同）的基础设施环境中，迎接提供安全性的挑战是为行业和社会建立弹性数字骨干的唯一途径。从政策角度来看，这对英国的社会经济繁荣至关重要，正如国家网络战略（2021年12月）所反映的那样。从公民和公共话语的角度来看，这是将网络安全叙事从恐惧，不确定性和怀疑转变为可预测，持续保证和负责任决策的关键，以确保社会规模的基础设施。