Context Discovery for Digital Service Chain with OpenC2

Recent management paradigms for software-defined infrastructures bring more agility in the creation and operation of digital services, but also introduce new cyber-security issues due to fast-changing environments and dynamic topologies. Rigid and statically-configured architectures are no more suitable for managing cyber-security functions in mixed cloud/6G/IoT environments, since the number, capabilities, and providers of such functions are expected to change at run-time. In this paper, we propose a context discovery protocol based on the OpenC2 language. It recursively queries Context Providers that describe services, relationships, and cyber-security functions, in order to build the whole service context graph, also encompassing multiple networks and domains. We provide a working implementation that covers OpenStack and Kubernetes environments, and we validate it in a software-defined 5 G testbed. Our approach provides a more general context and uniform interface than existing service discovery protocols; furthermore, the domain-specific language enables seamless integration in cyber-security frameworks.