We at Nokia Bell Labs have come up with the Bhadra framework to address the above issues. Bhadra, in a nutshell, is a structured way to talk about security events (e.g., attacks, incidents, or threats) using a common language and reference framework describing adversary behaviors in telecom networks. It is designed to model adversarial behavior in its attack phases and to be used as a common taxonomy matrix. Taking inspiration from the MITRE ATT&CK framework, we have systematically organized publicly known attacks into various tactics and techniques. We also have built a web tool to assist with modeling activities, e.g., for annotating and visualizing.
Although Bhadra is in its infancy, it has sought the attention of many key players in the mobile communication industry and picking up momentum. Nevertheless, this is just the beginning. We want this research activity to be a community-driven initiative. So, all your suggestions, critics, and contributions are more than welcome.
In this talk, besides introducing the Bhadra framework, I will address some of the questions you probably already have at this point;Why is telco different? Why can't we use MITRE ATT&CK or any other existing frameworks? What are the use cases of this framework? What next? How can we contribute? etc.
Sid Rao is a security and privacy researcher at Nokia Bell Labs and Aalto University Finland. He is a system security researcher who specializes in the security analysis of communication protocols, architectures, and recently, usability and human factors of security. He has previously given talks at security conferences such as Def Con, Blackhat, hack.lu and Troopers.