A cybersecurity framework for securing digital service chains

Today, the digital economy is pushing new digital services and dig- ital service chains through the interconnection of processes and services across different domains and organizations. In such a scenario, an architecture is needed that effectively fulfills all the main security issues: mutual trustworthi- ness of entities in partially unknown topologies, identification and mitigation of advanced multi-vector threats, management and propagation of sensitive data, and advanced identity management and access control procedures. Based on these considerations, this contribution aims to reach two goals. First, it pro- poses a new methodological approach by designing a framework that implements heterogeneous security services for distributed systems that combine together dig- ital resources and components from multiple domains. The framework focuses on three novel aspects: i) full automation of the processes that manage the whole system, ii) dynamic adaptation of operations and security tasks to newest at- tack patterns, and iii) real-time adjustment of the level of detail of inspection and monitoring processes. Second, it proposes an authentication and autho- rization module that automatically protects the information flowing among the framework modules, guaranteeing resource availability only to authenticated sub- jects. Experimental tests show that the proposed module enables authentication and authorization procedures, while maximizing the flexibility of the set of access control policies and providing an efficient service protection.