Accelerating NATO Transformation with SnTEE: Experiments with Network Security Function Virtualization in Coalition Networks

This paper introduces a virtual laboratory for experiments with cybersecurity functions in coalition networks. The motivation comes from the NATO Allied Command Transformation (ACT) initiative on Science and Technology Experimentation Environment (SnTEE), which supports the transfer of scientific and technical activities carried out by the NATO Science and Technology Organization (STO) research task groups towards NATO operations. The goal of the experiments reported in this paper is to emulate a network topology inspired by Protected Core Networking (PCN), which defines two interfaces. One interface between two protected core segments, from different nations, and another interface between a protected core segment and a colored cloud within a particular nation. The experiments are intended to support the investigation performed by the STO IST-196 RTG on Cyber Security in Virtualized Networks. In particular, the starting hypothesis of IST-196 is that security function virtualization can support/speedup PCN topology changes when links are added/removed. We define our experimental setup as Infrastructure as Code (IaC) and introduce experiments that emulate topology changes. We also sketch a solution for the deployment of two chains of virtualized cybersecurity functions at lower protocol layers (physical and IP) and at higher protocol layers (transport and application). This paper also lists future experiments for the NATO SnTEE lab, namely risk-aware routing, cross-layer enforcement of policies, information exchange functions, and federate monitoring and detection of cyber incidents/attacks.