[Back]

M. Villari, M. Fazio, S. Dustdar, O. Rana, L. Chen, R. Ranjan:
"Software Defined Membrane: Policy-Driven Edge and Internet of Things Security";
IEEE Cloud Computing (invited), Volume 4 (2017), Issue 4; 92 - 99.

The Internet of Things (IoT) is the latest evolution of computing technology, incorporating potentially billions of devices (such as cameras, sensors, RFIDs, smart phones, and wearables). It is not owned or coordinated by any central authority, but is a heterogeneous mix of
devices, components, lightweight OS´s, technologies, and protocols,
from different organizations and by individuals deploying and using them for their own purposes. There are currently 6.4 billion IoT devices in use around the world (according to Gartner). Their number, capabilities, and scope of use keep growing and changing rapidly. Gartner also forecasts that the number of IoT devices will reach 20.8 billion by 2020, and that IoT service spending will reach $1,534 billion, and hardware spending $1,477 billion by this period. Similarly, the volume of generated data and computing/storage requirements of IoT applications will continue to increase. However, security and data privacy remain major challenges in the use of
such IoT devices in a complex environment. We illustrate that
software-defined membrane can agilely integrate security policies that enables resilient and dependable migration of microservices/data among Edge and Cloud resources. IoT technologies are introducing many billions of Internet Connected `Devices´ or `Things´ where programmability remains a major feature. Vendors are increasingly providing additional features into their devices without fully realizing the potential security implications that such features
introduce. Edge devices (sensors, actuators, mobile phones, surveillance cameras, routers, gateways, and switches) ubiquitously monitor the cyber and physical worlds. Similarly, IoT devices provide unprecedented ability to collect data, but also necessitate timely processing of the data collected. This requires intelligent approaches to reduce the network latency as well as the cost of processing.
Designing security measures for IoT is particularly challenging due
to the heterogeneity (types, data formats, firmware, etc.) of devices, leading to potentially a range of attack vectors that are not relevant for other types of computing infrastructure.1 Some refer to the increasing take-up of such devices as leading to an "untrusted internet". Recently, various reports have emerged of insecure IoT and Edge device deployments inadvertently exposing personal or corporate data. However, the introduction of additional capability at the network Edge creates both security challenges and opportunities. One
issue that has been highlighted in the recent past is whether microservices deployed on Edge devices are more secure than those deployed on remote Cloud-based data centers. For example, a malicious attacker able to replace a microservice could compromise the subsequent processing of sensor data and any decisions that are reached on such data. On the other hand, new opportunities with Edge computing include the ability to aggregate and anonymize data close to sensors to thwart an attack in the remote data center, or in the
network link connecting the Edge and the Cloud.

http://dx.doi.org/10.1109/MCC.2017.3791014