Authentication and Authorization in Cyber-Security Frameworks: a Novel Approach for Securing Digital Service Chains

Digital services and digital service chains are the heart beating of the modern economy. Their composition involves several players, i.e., processes, software, devices, and many kinds of data exchanged among them. In such a scenario, it is important to guarantee data confidentiality, integrity, as well as authentication and authorization procedures between the communicating parties of a service chain. Cyber-security frameworks are explicitly designed for this purpose. They rely on the integration of different software modules, mutually interfaced to accomplish complex security tasks. Nevertheless, it is important to guarantee a high level of protection during data exchange among the modules. Currently, standardized authentication and authorization mechanisms are implemented through proprietary “As-a-Service” products, but the deployment of a mature on-premise solution is still missing. To bridge this gap, this contribution proposes an authentication and authorization module that automatically protects the information flowing among the modules of cyber-security frameworks. It guarantees resource availability only to authenticated subjects. Thus, their operations are confined in what actions they are authorized for. The proposed module has been implemented and tested in a real cyber-security framework under development into the H2020 GUARD project. Experimental tests show that the proposed module enables authentication and authorization procedure delegation among GUARD modules, which eases their implementation, while maximizing the flexibility of the set of access control policies and an efficient protection of the services.