GENIO

Type

Accordo per l’Innovazione, Ministero delle Imprese e del Made in Italy (MIMIT)

Description

The boundary between clouds and telecommunications networks has always been clear: clouds offer a set of IT tools and technologies to develop, implement and deliver services, while telecommunications networks provide access to services at a local level. This boundary has become a limitation, as customers demand better performance from the “cloud - telecom network” chain. To provide better performance, latency must be reduced, and communication channels must be used efficiently to reduce costs.

The GENIO project aims to build a platform that blurs the boundary between cloud services and telecommunications networks, creating a platform that provides cloud-based services designed to operate within a broadband telecommunications network. The project leverages the ongoing evolution of OLT nodes adopted for fixed fiber optic networks - direct evolution towards a software-defined and open-standard approach - to build a distributed, local, capillary computing platform managed according to cloud logics that can host third-party services and applications in self-service mode or within dedicated projects.

GENIO architecture

The GENIO project will enable the creation of new applications based on the edge computing paradigm, exploiting the high performance and efficiency of the OLT system. However, these new advanced scenarios will inevitably be exposed to threats aimed at sabotaging the availability of services and the integrity and confidentiality of information. In particular, the application domains considered by the project (smart infrastructures, smart cities) are notoriously subject to cyber attacks, aimed at compromising fundamental services and the safety of citizens (e.g., to hinder the supply of energy, transport services, etc.). It is therefore necessary to base the GENIO project on security-oriented methodologies from the early stages (“security by design”).

The GENIO project will secure the software and hardware for the open XGS-PON optical access node (open OLT) in direct access fixed network architectures. The project will adopt a secure development process that identifies and mitigates threats (threat modeling), that adopts secure programming frameworks and technologies aimed at mitigating the most serious classes of vulnerabilities (e.g., memory buffer overflow), that applies static analysis solutions and dynamics aimed at identifying residual vulnerabilities (e.g. fuzz testing, static code analysis). Furthermore, the project aims to mitigate security risks due to the software supply chain, due to the reuse of third-party components (e.g., libraries, kernels), through hardening of the component configuration, analysis of vulnerabilities in dependencies and related management of security updates. Finally, the project will take care of the security aspects related to the management platform and the services running on it, introducing secure programming interfaces (APIs) to the application services and the platform, and adopting secure design principles (fail-safe defaults, separation of privilege, least privilege, economy of mechanism). The project will also give service providers the opportunity to carry out quality and security validation and certification campaigns, based on the simulation of attacks in an experimental environment.

Start date: 01/09/2023 End date: 31/08/2026

Partners

System Management S.p.A. Umpi S.R.L.

People

Roberto Natella
Principal Investigator