By-default Security Orchestration on distributed Edge/Cloud Computing Framework

Next generation networks and the strength of the distributed computing paradigm (edge/cloud) are transforming how services are provisioned, mainly when solutions focus on collaboration and aggregation of resources provided by different entities or organisations, that becomes essential to satisfy the most demanding computation and storage service requirements. However, it also entails challenges such as infrastructure and technologies heterogeneity, which directly impacts infrastructure management and especially security, that usually tends to be relegated to a second place. This paper provides a by-default security orchestrator approach to mitigate the above mentioned challenges in distributed edge/cloud computing frameworks. We use an Intent-based/policy-based orchestration paradigm for dealing with heterogeneity, allowing users to request service deployments securely without requiring knowledge about the underlying distributed infrastructure. By-default security orchestration will decide how to provide the requested services, ensuring that they are compliant with the security requirements provided by the user and the ones gathered by the system, locally and from reliable external sources1. We provide design and use-cases based workflows for managing by-default security orchestration in proactive and reactive ways. In the future, it is expected to perform the implementation and validation of the proposed approach inside the scope of the FLUIDOS EU project.1https://www.cisa.gov/known-exploited-vulnerabilities-catalog