Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Managing Differentiated Secure Connectivity using Intents

Loay Abdelrazek, Filippo Rebecchi

TL;DR

The paper addresses the challenge of security management in evolving 5G/6G networks by proposing differentiated security levels governed through intent-based management (IbM). It formalizes both functional (Protection) and non-functional (Security Performance) security requirements and demonstrates how these can be expressed as intents using TM Forum ontologies, with extensions to support measurable, goal-driven security. A RAN-focused use case illustrates how service and operations intents can specify differentiated protection levels across attack surfaces, supported by quantitative metrics such as Attack Surface Coverage and Security Control Coverage. The work highlights standardization gaps and outlines directions for integrating Protection and Performance Requirements into interoperable security intents, aiming to enable zero-touch, adaptable, and resilient security management in future multi-domain, multi-tenant mobile networks.

Abstract

Mobile networks in the 5G and 6G era require to rethink how to manage security due to the introduction of new services, use cases, each with its own security requirements, while simultaneously expanding the threat landscape. Although automation has emerged as a key enabler to address complexity in networks, existing approaches lack the expressiveness to define and enforce complex, goal-driven, and measurable security requirements. In this paper, we propose the concept of differentiated security levels and leveraging intents as a management framework. We discuss the requirements and enablers to extend the currently defined intent-based management frameworks to pave the path for intent-based security management in mobile networks. Our approach formalizes both functional and non-functional security requirements and demonstrates how these can be expressed and modeled using an extended TM Forum (TMF) intent security ontology. We further discuss the required standardization steps to achieve intent-based security management. Our work aims at advance security automation, improve adaptability, and strengthen the resilience and security posture of the next-generation mobile networks.

Managing Differentiated Secure Connectivity using Intents

TL;DR

The paper addresses the challenge of security management in evolving 5G/6G networks by proposing differentiated security levels governed through intent-based management (IbM). It formalizes both functional (Protection) and non-functional (Security Performance) security requirements and demonstrates how these can be expressed as intents using TM Forum ontologies, with extensions to support measurable, goal-driven security. A RAN-focused use case illustrates how service and operations intents can specify differentiated protection levels across attack surfaces, supported by quantitative metrics such as Attack Surface Coverage and Security Control Coverage. The work highlights standardization gaps and outlines directions for integrating Protection and Performance Requirements into interoperable security intents, aiming to enable zero-touch, adaptable, and resilient security management in future multi-domain, multi-tenant mobile networks.

Abstract

Mobile networks in the 5G and 6G era require to rethink how to manage security due to the introduction of new services, use cases, each with its own security requirements, while simultaneously expanding the threat landscape. Although automation has emerged as a key enabler to address complexity in networks, existing approaches lack the expressiveness to define and enforce complex, goal-driven, and measurable security requirements. In this paper, we propose the concept of differentiated security levels and leveraging intents as a management framework. We discuss the requirements and enablers to extend the currently defined intent-based management frameworks to pave the path for intent-based security management in mobile networks. Our approach formalizes both functional and non-functional security requirements and demonstrates how these can be expressed and modeled using an extended TM Forum (TMF) intent security ontology. We further discuss the required standardization steps to achieve intent-based security management. Our work aims at advance security automation, improve adaptability, and strengthen the resilience and security posture of the next-generation mobile networks.

Paper Structure

This paper contains 16 sections, 2 equations, 5 figures.

Table of Contents

  1. Introduction
  2. Background
  3. Security Requirements
  4. Intent-based Management
  5. Related Work
  6. Differentiated Security Requirements
  7. Protection Requirements
  8. Qualitative Expectation
  9. Quantitative Expectation
  10. Discussion
  11. Security Performance Requirements
  12. Quantitative Expectation
  13. Discussion
  14. Expressing Security Requirements as Intents
  15. Standardization Discussion
  16. ...and 1 more sections

Figures (5)

  • Figure 1: Different levels of protection can be defined qualitatively and achieved through quantitative and measurable expectations
  • Figure 2: Relationship between Performance Goals and Security Capabilities
  • Figure 3: Security Requirements handled by Security Intent Management Function
  • Figure 4: RAN Advanced Radio Protection Requirements Expressed as a Machine Readable Intent Model using TM Forum Ontologies
  • Figure 5: RAN Enhanced Radio Protection Requirements Expressed as a Machine Readable Intent Model using TM Forum Ontologies