Modern ICT ecosystems such as healthcare environments (hospitals, care-centers etc.), operate in different abstraction layers (cloud, fog, extreme-edge) and comprise large numbers of network entities such as terminals, devices, sensors or even specialized appliances (virtual or physical). It is common in such environments, that several network entities with intermittent connectivity, join and leave the network in an unstructured and unsupervised manner (Wi-Fi access-points, BYOD policies, IoT, etc.). Such devices of frivolous nature, or even trusted devices/terminals, are prone to security vulnerabilities, since they are operated by regular, non-expert users who are not aware of any security aspects whatsoever. To effectively manage and proactively protect such large, complex and multilayered networks, dedicated personnel (system administrators, security specialists etc.) must be employed and specialized appliances must be deployed. On the other hand, modern cyber-warfare has become even more elaborate and insightful. Thus, ICT infrastructures must continuously evolve and adapt to the everchanging cyber-threats, which is a rather cumbersome and expensive task to accomplish. Towards addressing the above-mentioned issues, this paper proposes a cross-layered system, which leverages the Software Defined Networking (SDN) paradigm and the distributed Fog architecture, for network slicing and task offloading to provide dynamic, security-aware Vulnerability-Assessment as a service for large ICT infrastructures. The presented system provides seamless assessment for all existing and newly introduced network entities against all known security vulnerabilities, certifies them through a Common Vulnerability Scoring System (CVSS), classifies them according to the cyber-threat they introduce, and finally assigns them to a connectivity-appropriate VLAN. The presented system was preliminarily evaluated under a controlled-conditions simulation environment.
Read full abstract