The growing virtualization and softwarization of networks and computing infrastructures is bringing unprecedented agility in the creation of digital services. From a technical perspective, the creation of digital services consists in "chaining" several processes, software, and devices, and feeding them with relevant user's data and context. In this respect, convergence among existing software paradigms, such as cloud computing, software-defined networking (SDN), network function virtualization (NFV), and the Internet of Things (IoT) is expected to this purpose, leveraging autonomicity and dynamic composition through service-oriented and everything-as-a-service models applied to virtualized infrastructures and cyber-physical systems. Unfortunately, the evolution of cyber-security paradigms has not gone with the same pace, leading to a substantial difficulty in protecting the new forms of distributed and heterogeneous systems against cyber-threats. This is especially worrying when considering that part of this overwhelming technological evolution is already encompassing critical infrastructures and industrial systems, such as smart grid components. Indeed, the growing complexity and the multi-domain nature make digital services ever more vulnerable to security breaches, due to human errors in design, implementation, configuration, and management. Relying on individual's ability for hardening, verification of security properties, attack detection, and threat identification is no longer practical, and that is clearly an unacceptable practice especially when critical infrastructures and large chains are involved.
The main purpose of the SecSoft workshop is to integrate the "Security, Safety, Trust and Privacy support in virtualized environments" conference topic. Beyond security mechanisms at the hypervisor or domain level, the softwarization of legacy security appliances, and federation schemes between multiple domains, this Workshop will look ahead to more dynamic, agile, and autonomic forms of detection and reaction of advanced threats, including the persistence ones. The specific focus will be on secure and trustworthy digital services, including pure virtual services as well as cyber-physical systems. The objective is to stimulate a constructive discussion on overall frameworks and specific aspects that are necessary to build wide situational awareness and to timely counter cyber-attacks: pervasive monitoring and deep inspection, cross-correlation in time and space dimensions and detection, automated control and management of complex orchestratable systems, forensics and legal investigation, trustworthiness and privacy.
The SecSoft workshop is a joint initiative from EU Cyber-Security projects: ASTRID, CYBER-TRUST, GUARD, SIMARGL, DATAVAULTS, RAINBOW, PALANTIR and SPEAR.