Towards a security architecture for IP-based optical transmission systems

Optical cross-connect systems with several terabits of switching capacity are critical components of today's communication networks. Because of their central role within the telecommunication infrastructure, along with their remote management capabilities, high-capacity network nodes are potential targets of attacks. Built upon proprietary hardware and software components in the past, such systems increasingly make use of standard technology today. The Linux operating system has become a widely-used standard for embedded communication controllers, and similarly the Internet Protocol is widely used for both internal and external data exchange. In this paper, we establish a threat model for transmission network nodes employing these open source technologies. Based upon functional models of such systems, we then introduce security requirements for functional components and their communication with respect to that threat model, thereby forming a security architecture for transmission systems. We further propose security zones to strictly segregate sensitive internal communication from external traffic. © 2011 Alcatel-Lucent. can be made for software, where standardized software packages and suites are likewise replacing proprietary software solutions. Open source software and standardized protocols offer both flexible and costeffective solutions for the design of complex systems. In particular, real-time variants of Linux* (commonly called "Embedded Linux") have become the de facto standard for communication controllers, and similarly the Internet Protocol (IP) is widely used for both internal and external data exchange. The use of open source software and standard technology also presents new and different challenges for security. Although the open source community tends to address security flaws quickly, "insider knowledge" of