The Road to a Trustworthy 6G; On the Need for a “Zero Trust 6G” Paradigm
DOI:
https://doi.org/10.13052/jmm1550-4646.2014Keywords:
6G security, Softwareization, Accountability, “Zero Trust 6G” conceptsAbstract
The high-level aspects of 6G are slowly being agreed upon. It is safe to assume that 6G will bring many enhancements to 5G, including pervasive application of Artificial Intelligence (AI) and Machine Learning (ML) services. The “softwareization” trend is likely to continue and become even more prevalent. Security and trustworthiness are recognized goals for 6G. Accordingly, we predict that Zero Trust principles will become fully integrated in the 6G architecture. While necessary, this will not be sufficient. With the “softwareization” in mind, we postulate a need for increased focus on software development and deployment practices. Thus, we propose to extend the Zero Trust paradigm to encompass software development assurance and bring about a Zero Trust 6G regime. This will also be in line with the current developments for improved accountability for software and services.
Downloads
References
ITU-R. IMT Vision – Framework and overall objectives of the future development of IMT for 2020 and beyond. Recommendation M.2083-0, ITU-R, 09 2015.
ITU-R. Future technology trends of terrestrial International Mobile Telecommunications systems towards 2030 and beyond. Report M.2516-0, ITU, 11 2022.
Scott Rose, Oliver Borchert, Stu Mitchell, and Sean Connelly. Zero Trust Architecture. Special Publication 800-207, NIST, 08 2020.
Ifigeneia Lella, Eleni Tsekmezoglou, Rossen Svetozarov Naydenov, Cosmin Ciobanu, Apostolos Malatras, and Marianthi Theocharidou (eds). ENISA THREAT LANDSCAPE 2022; July 2021 to July 2022. Report, ENISA, 11 2022.
Andrew van der Stock, Brian Glas, Neil Smithline, and Torsten Gigler. OWASP Top 10 – 2021. https://owasp.org/Top10/, 09 2021.
EU. EU Cybersecuirty Act. Regulation, EU, 04 2019.
EU. EU Cyber Resilience Act. Proposal, EU, 09 2022.
EU. EU Digital Services Act. Regulation, EU, 10 2022.
Sukhpal Singh Gill, Minxian Xu, Carlo Ottaviani, Panos Patros, Rami Bahsoon, Arash Shaghaghi, Muhammed Golec, Vlado Stankovski, Huaming Wu, Ajith Abraham, et al. Ai for next generation computing: Emerging trends and future directions. Internet of Things, 19:100514, 2022.
Fausto Artico, Arthur L Edge III, and Kyle Langham. The future of artificial intelligence for the biotech big data landscape. Current Opinion in Biotechnology, 76:102714, 2022.
Abid Haleem, Mohd Javaid, Ravi Pratap Singh, Shanay Rab, and Rajiv Suman. Hyperautomation for the enhancement of automation in industries. Sensors International, 2:100124, 2021.
3GPP. Highlights. Newsletter Issue 05, 3GPP, 11 2022.
B. Varga, J. Farkas, L. Berger, A. Malis, and S. Bryant. Deterministic Networking (DetNet) Data Plane Framework. Informational RFC 8938, IETF, 11 2020.
James Taylor Faria Chaves and Sergio Antônio Andrade de Freitas. A systematic literature review for service-oriented architecture and agile development. In Sanjay Misra, Osvaldo Gervasi, Beniamino Murgante, Elena Stankova, Vladimir Korkhov, Carmelo Torre, Ana Maria A.C. Rocha, David Taniar, Bernady O. Apduhan, and Eufemia Tarantino, editors, Computational Science and Its Applications – ICCSA 2019, pages 120–135. Springer International Publishing, 2019.
Torgeir Dingsøyr, Tore Dybå, and Nils Brede Moe. Agile software development: current research and future directions. Springer Science & Business Media, 2010.
Henry Edison, Xiaofeng Wang, and Kieran Conboy. Comparing methods for large-scale agile software development: A systematic literature review. IEEE Transactions on Software Engineering, 48(8):2709–2731, 2022.
Mohammad Rizky Pratama and Dana Sulistiyo Kusumo. Implementation of continuous integration and continuous delivery (ci/cd) on automatic performance testing. In 2021 9th International Conference on Information and Communication Technology (ICoICT), pages 230–235, 2021.
Eliezio Soares, Gustavo Sizilio, Jadson Santos, Daniel Alencar da Costa, and Uirá Kulesza. The effects of continuous integration on software development: a systematic literature review. Empirical Software Engineering, 27(3):78, 2022.
Kalle Rindell, Jukka Ruohonen, Johannes Holvitie, Sami Hyrynsalmi, and Ville Leppänen. Security in agile software development: A practitioner survey. Information and Software Technology, 131:106488, 2021.
Maria Ilaria Lunesu, Roberto Tonelli, Lodovica Marchesi, and Michele Marchesi. Assessing the risk of software development in agile methodologies using simulation. IEEE Access, 9:134240–134258, 2021.
Alberto Avritzer. Challenges and approaches for the assessment of micro-service architecture deployment alternatives in devops : A tutorial presented at icsa 2020. In 2020 IEEE International Conference on Software Architecture Companion (ICSA-C), pages 1–2, 2020.
Sébastien Mosser and Jean-Michel Bruel. Requirements engineering in the devops era. In 2021 IEEE 29th International Requirements Engineering Conference (RE), pages 510–511, 2021.
Len Bass, Ingo Weber, and Liming Zhu. DevOps: A software architect’s perspective. Addison-Wesley Professional, 2015.
Tuhinshubhra Ghosh, Nikhil Kumar, Sai Mohan Sakuru, Patrick Shirazi, Mark Simos, Altaz Valani, Anthony Carrato, Stephen Whitlock, Jim Hietala, John Linford, and Andras Szakal. Zero Trust Core Principles. Whitepaper W210, The Open Group, 04 2021.
NSA. Embracing a Zero Trust Security Model. Memo U/OO/115131-21 |
PP-21-0191 |
February 2021 Ver. 1.0, NSA, 02 2021.
Raj Badhwar. CISO Maturity ModelCISO maturity model (CMM), pages 29–37. Springer International Publishing, Cham, 2021.
US Cybersecurity & Infrastructure Security Agency. Zero Trust Maturity Model. Pre-decisional draft, CISA, 06 2021.
Belal Ali, Simsam Hijjawi, Leith H Campbell, Mark A Gregory, and Shuo Li. A maturity framework for zero-trust security in multiaccess edge computing. Security and Communication Networks, 2022, 2022.
Elie Saad and Rick Mitchell. OWASP Web Security Testing Guide; Version 4.2. OWASP Webpage, 12 2020.
I. Tarandach and M.J. Coles. Threat Modeling: A Practical Guide for Development Teams. O’Reilly Media, Incorporated, 2020.
Ron Ross, Mark Winstead, and Michael McEvilley. Engineering Trustworthy Secure Systems. Special Publication 800-160v1r1, NIST, 11 2022.
Ron Ross, Victoria Pillitteri, Richard Graubart, Deborah Bodeau, and Rosalie McQuuaid. Engineering Trustworthy Secure Systems. Special Publication 800-160v2r1, NIST, 12 2021.
Armando Ramirez, Anthony Aiello, and Susan J Lincke. A survey and comparison of secure software development standards. In 2020 13th CMI Conference on Cybersecurity and Privacy (CMI) – Digital Transformation – Potentials and Challenges(51275), pages 1–6, 2020.
Hala Assal and Sonia Chiasson. ’think secure from the beginning’: A survey with software developers. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, CHI ’19, page 1–13, New York, NY, USA, 2019. Association for Computing Machinery.
Jangirala Srinivas, Ashok Kumar Das, and Neeraj Kumar. Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems, 92:178–188, 2019.
Mahmood Niazi, Ashraf Mohammed Saeed, Mohammad Alshayeb, Sajjad Mahmood, and Saad Zafar. A maturity model for secure requirements engineering. Computers & Security, 95:101852, 2020.
Rafiq Ahmad Khan, Siffat Ullah Khan, Habib Ullah Khan, and Muhammad Ilyas. Systematic mapping study on security approaches in secure software engineering. IEEE Access, 9:19139–19160, 2021.
Murugiah Souppaya, Karen Scarfone, and Donna Dodson. Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities. Special Publication 800-218v1r1, NIST, 02 2022.
Bart De Win, Riccardo Scandariato, Koen Buyens, Johan Grégoire, and Wouter Joosen. On the secure software development process: Clasp, sdl and touchpoints compared. Information and Software Technology, 51(7):1152–1171, 2009. Special Section: Software Engineering for Secure Systems.
Nor Shahriza Abdul Karim, Arwa Albuolayan, Tanzila Saba, and Amjad Rehman. The practice of secure software development in sdlc: an investigation through existing model and a case study. Security and Communication Networks, 9(18):5333–5345, 2016.
Rafiq Ahmad Khan, Siffat Ullah Khan, Habib Ullah Khan, and Muhammad Ilyas. Systematic literature review on security risks and its practices in secure software development. IEEE Access, 10:5456–5481, 2022.
Shams Al-Amin, Nirav Ajmeri, Hongying Du, Emily Z. Berglund, and Munindar P. Singh. Toward effective adoption of secure software development practices. Simulation Modelling Practice and Theory, 85:33–46, 2018.
Lynn Futcher and Rossouw von Solms. Guidelines for secure software development. In Proceedings of the 2008 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists on IT Research in Developing Countries: Riding the Wave of Technology, SAICSIT ’08, page 56–65, New York, NY, USA, 2008. Association for Computing Machinery.
Binayak Parashar, Inderjeet Kaur, Anupama Sharma, Pratima Singh, and Deepti Mishra. Revolutionary transformations in twentieth century: making ai-assisted software development. Computational Intelligence in Software Modeling, 13(1), 2022.
Sumit Gulwani. Ai-assisted programming: Applications, user experiences, and neuro-symbolic techniques (keynote). In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2022, page 1, New York, NY, USA, 2022. Association for Computing Machinery.
Gartner. Top strategic technology trends for 2022. eBook, 2022.
Steven Furnell and Kerry-Lynn Thomson. Recognising and addressing “security fatigue”. Computer Fraud & Security, 2009(11):7–11, 2009.
Brian Stanton, Mary F. Theofanos, Sandra Spickard Prettyman, and Susanne Furman. Security fatigue. IT Professional, 18(5):26–32, 2016.
W Alec Cram, Jeffrey G Proudfoot, and John D’Arcy. When enough is enough: Investigating the antecedents and consequences of information security fatigue. Information Systems Journal, 31(4):521–549, 2021.
Tao Ban, Ndichu Samuel, Takeshi Takahashi, and Daisuke Inoue. Combat security alert fatigue with ai-assisted techniques. In Cyber Security Experimentation and Test Workshop, CSET ’21, page 9–16, New York, NY, USA, 2021. Association for Computing Machinery.
Dimitrios Serpanos and Konstantinos Katsigiannis. Fuzzing: Cyberphysical system testing for security and dependability. Computer, 54(9):86–89, 2021.
László Erdődi, Åvald Åslaugson Sommervoll, and Fabio Massimo Zennaro. Simulating sql injection vulnerability exploitation using q-learning reinforcement learning agents. Journal of Information Security and Applications, 61:102903, 2021.
Geir Køien and Lasse Øverlier. A call for mandatory input validation and fuzz testing. Wireless Personal Communications, Accepted for publication, 2023.
Jon Bently. Programming pearls; bumper-stricker computer science. Communications of the ACM, 28(9):896–901, September 1985.