Scroll Top

Secure Edge-Cloud continuum

The Edge-Cloud continuum (or Cloud-Edge continuum) refers to the integration of Edge Computing and Cloud Computing technologies, in which computational and storage resources are dynamically distributed closer or farther from users, depending on their specific needs (e.g., reduced latency for critical tasks or increased data processing capabilities for bulk data analysis). While closely related in their focus on virtualization technologies, both Edge and Cloud have various inherent differences, given the distributed nature of Edge Computing and the existence of various strategies whose aim is to instantiate its vision (e.g., Mobile Edge Computing in 5G and beyond environments, Fog Computing in more traditional IT environments). Precisely, there are numerous security and privacy challenges related to the protection of Edge infrastructures. Such challenges have been extensively catalogued by our research lab in a highly cited seminal work [1], and certain specific challenges have been studied in detail under the umbrella of various research projects (SecureEDGESMOG).

One of such challenges is the development of intrusion detection systems, given the distributed and heterogeneous nature of the Edge and the increased attack surface caused by the existence of multiple interconnected processing environments. For this problem, we have focused on two strategies. One strategy is the deployment of passive detection mechanisms from a bottom-up perspective (e.g., crowdsourced IoT entities [2]), where the detection processes are crowdsourced to the lowermost layers. Another strategy is the deployment of immune system-like agents from a top-down perspective (e.g., deployed from the Cloud to the Edge [3]), where specialized agents are deployed to those sections of the network where they are needed using as less resources as possible.

Another challenge is related to the privacy of users, as information processing is delegated to Edge infrastructures. One example is the Internet of Vehicles, where the anonimity of users can be easily challenged. Here, we have defined how Edge infrastructures can facilitate the preservation of the vehicles’ privacy through information relaying and local data processing [4]. On the other hand, such infrastructures can be used as an always-present assistant that can act on behalf of the users. This approach was used to define a distributed and user-friendly privacy platform [5], capable of providing privacy agents that can migrate from one edge environment to another in order to offer contextual privacy at a reduced latency.

Research lines

Cloud Computing

Before tackling the security and privacy problems of Edge Computing environments, we worked on various challenges in the area of cloud computing. One of such challenges was the problem of accountability, that is, “Who is responsible for the security and proper stewardship of my data in the cloud?”. For this purpose, NICS participated in the FP7 A4Cloud, project, which focused on extending accountability across the entire cloud service value chain. Precisely, the role of NICS in A4Cloud, was mainly focused on developing metrics for accountability in the cloud, proposing in [6], a metamodel for describing accountability properties and metrics for measuring them.

Another challenge in the area of Cloud Computing was identity management and user privacy. Here, we first investigated how cryptography can be applied to cloud computing to address some of the concerns that limit its adoption [7]. We also explored the application of cryptographic techniques to achieve user data protection in identity management systems. For example, in [8] [9] [10] we applied proxy re-encryption techniques to create special OpenID and SAML 2.0 providers, and then further refining the concept into a privacy-preserving Identity Management as a Service. Moreover, within the PASSIVE project, we worked towards authentication and authorization schemes for applications.

Finally, given the need to federate different cloud providers, another challenge was related to interoperability in the Cloud. Here, we have explored the challenges at the intersection of federated clouds and identity management [11]. We also focused on social cloud scenarios where users provide the resources themselves. In such scenarios, users may not know each other, and then it becomes essential to have a mechanism that tells them which cloud provider is the most appropriate to collaborate with. In this context, we proposed a development framework [12] on which developers can implement trust-aware social cloud applications.

References

  1. Rodrigo Roman and Javier Lopez and Masahiro Mambo (2018): Mobile edge computing, Fog et al.: A survey and analysis of security threats and challenges. In: Future Generation Computer Systems, vol. 78, pp. 680-698, 2018, ISSN: 0167-739X.
  2. Ana Nieto and Antonio Acien and Gerardo Fernandez (2018): Crowdsourcing analysis in 5G IoT: Cybersecurity Threats and Mitigation. In: Mobile Networks and Applications (MONET), pp. 881-889, 2018, ISSN: 1383-469X.
  3. Rodrigo Roman and Ruben Rios and Jose A. Onieva and Javier Lopez (2019): Immune System for the Internet of Things using Edge Technologies. In: IEEE Internet of Things Journal, vol. 6, pp. 4774-4781, 2019, ISSN: 2327-4662.
  4. Jose A. Onieva and Ruben Rios and Rodrigo Roman and Javier Lopez (2019): Edge-Assisted Vehicular Networks Security. In: IEEE Internet of Things Journal, vol. 6, pp. 8038-8045, 2019, ISSN: 2327-4662.
  5. Ruben Rios and Jose A. Onieva and Rodrigo Roman and Javier Lopez (2022): Personal IoT Privacy Control at the Edge. In: IEEE Security & Privacy, vol. 20, pp. 23 – 32, 2022, ISSN: 1540-7993.
  6. David Nuñez and Carmen Fernandez-Gago and Siani Pearson and Massimo Felici (2013): A Metamodel for Measuring Accountability Attributes in the Cloud. In: 2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013), pp. 355-362, IEEE IEEE, Bristol, UK, 2013, ISBN: 978-0-7685-5095-4.
  7. Isaac Agudo and David Nuñez and Gabriele Giammatteo and Panagiotis Rizomiliotis and Costas Lambrinoudakis (2011): Cryptography Goes to the Cloud. In: Lee, Changhoon; Seigneur, Jean-Marc; Park, James J.; Wagner, Roland R. (Ed.): 1st International Workshop on Security and Trust for Applications in Virtualised Environments (STAVE 2011), pp. 190-197, Springer Springer, 2011, ISBN: 978-3-642-22364-8.
  8. David Nuñez and Isaac Agudo and Javier Lopez (2012): Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services. In: IEEE CloudCom 2012, pp. 241 – 248, IEEE Computer Society IEEE Computer Society, Taipei, Taiwan, 2012, ISSN: 978-1-4673-4509-5.
  9. David Nuñez and Isaac Agudo (2014): BlindIdM: A Privacy-Preserving Approach for Identity Management as a Service. In: International Journal of Information Security, vol. 13, pp. 199-215, 2014, ISSN: 1615-5262.
  10. David Nuñez and Isaac Agudo and Javier Lopez (2013): Leveraging Privacy in Identity Management as a Service through Proxy Re-Encryption. In: Ph.D Symposium of the European Conference on Service-Oriented and Cloud Computing (ESOCC) 2013, Málaga, Spain, 2013.
  11. David Nuñez and Isaac Agudo and Prokopios Drogkaris and Stefanos Gritzalis (2011): Identity Management Challenges for Intercloud Applications. In: 1st International Workshop on Security and Trust for Applications in Virtualised Environments (STAVE 2011), pp. 198-204, Crete (Greece), 2011.
  12. Francisco Moyano and Carmen Fernandez-Gago and Javier Lopez (2013): A Framework for Enabling Trust Requirements in Social Cloud Applications. In: Requirements Engineering, vol. 18, pp. 321-341, 2013, ISSN: 0947-3602.