Abstract
Assessing security of application deployments in the Fog is a non-trivial task, having to deal with highly heterogeneous infrastructures containing many resource-constrained devices. In this paper, we introduce: (i) a declarative way of specifying security capabilities of Fog infrastructures and security requirements of Fog applications, and (ii) a (probabilistic) reasoning strategy to determine application deployments and to quantitatively assess their security level, considering the trust degree of application operators in different Cloud/Fog providers. A lifelike example is used to showcase a first proof-of-concept implementation and to illustrate how it can be used in synergy with other predictive tools to optimise the deployment of Fog applications.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Code to run the example is available at: http://pages.di.unipi.it/forti/code/secfog.pl.
- 2.
The proposed taxonomy can be easily modified, extended and refined so as to include new security categories and third-level security features as soon as normative security frameworks will get established for the Fog.
- 3.
- 4.
For the sake of readability, we omit the application requirements. The interested reader can find all the details in [8].
- 5.
A fact declared simply as f. is assumed to be true with probability 1.
- 6.
f, r and {ci} can include variable (upper-case) or constant (lower-case) terms. The OR operator \(\vee \) is denoted by a semicolon like in c1; c2.
- 7.
For the sake of simplicity, we assume here \(\omega _m = \frac{1}{|M|}\), which can be tuned differently depending on the needs of the application operator.
References
OpenFog Consortium. http://www.openfogconsortium.org/
EU Cloud SLA Standardisation Guidelines (2014). https://ec.europa.eu/digital-single-market/en/news/cloud-service-level-agreement-standardisation-guidelines
Belle, V.: Logic meets probability: towards explainable AI systems for uncertain worlds. In: Proceedings of the Twenty-Sixth International Joint Conference on Artificial Intelligence, IJCAI, pp. 19–25 (2017)
Bistarelli, S., Martinelli, F., Santini, F.: Weighted datalog and levels of trust. In: 3rd International Conference on Availability, Reliability and Security, pp. 1128–1134 (2008)
Brogi, A., Forti, S.: QoS-aware deployment of IoT applications through the fog. IEEE Internet Things J. 4(5), 1185–1192 (2017)
Brogi, A., Forti, S., Guerrero, C., Lera, I.: How to Place Your Apps in the Fog - State of the Art and Open Challenges. arXiv:1901.05717 [cs.DC] (2019)
Brogi, A., Forti, S., Ibrahim, A.: How to best deploy your Fog applications, probably. In: Rana, O., Buyya, R., Anjum, A. (eds.) Proceedings of 1st IEEE International Conference on Fog and Edge Computing (2017)
Brogi, A., Forti, S., Ibrahim, A.: Deploying fog applications: how much does it cost, by the way? In: Proceedings of the 8th International Conference on Cloud Computing and Services Science, pp. 68–77. SciTePress (2018)
Brogi, A., Forti, S., Ibrahim, A., Rinaldi, L.: Bonsai in the fog: an active learning lab with fog computing. In: 2018 Third International Conference on Fog and Mobile Edge Computing (FMEC), pp. 79–86. IEEE (2018)
Choo, K.K.R., Lu, R., Chen, L., Yi, X.: A foggy research future: advances and future opportunities in fog computing research (2018)
Dastjerdi, A.V., Buyya, R.: Fog computing: helping the internet of things realize its potential. Computer 49(8), 112–116 (2016)
De Raedt, L., Kimmig, A.: Probabilistic (logic) programming concepts. Mach. Learn. 100(1), 5–47 (2015). https://doi.org/10.1007/s10994-015-5494-z
De Raedt, L., Kimmig, A., Toivonen, H.: ProbLog: a probabilistic prolog and its application in link discovery. In: Proceedings of the 20th International Joint Conference on Artificial Intelligence, pp. 2468–2473 (2007)
Forti, S.: Supporting application deployment and management in fog computing. Papers From the 12th Advanced Summer School on Service-Oriented Computing (SummerSOC 2018), pp. 64–75 (2018)
Goettelmann, E., Dahman, K., Gateau, B., Dubois, E., Godart, C.: A security risk assessment model for business process deployment in the cloud. In: 2014 IEEE International Conference on Services Computing, pp. 307–314. IEEE (2014)
Guerrero, C., Lera, I., Juiz, C.: Resource optimization of container orchestration: a case study in multi-cloud microservices-based applications. J. Supercomput. 74(7), 2956–2983 (2018)
Guerrero, C., Lera, I., Juiz, C.: A lightweight decentralized service placement policy for performance optimization in fog computing. J. Ambient. Intell. Hum. Comput. (2018)
Gupta, H., Vahid Dastjerdi, A., Ghosh, S.K., Buyya, R.: iFogSim: a toolkit for modeling and simulation of resource management techniques in the Internet of Things, edge and fog computing environments. Softw. Pract. Exp. 47(9), 1275–1296 (2017)
Arkian, H.R., Diyanat, A., Pourkhalili, A.: MIST: fog-based data analytics scheme with cost-efficient resource provisioning for IoT crowdsensing applications. J. Netw. Comput. Appl. 82, 152–165 (2017)
Hong, H.J., Tsai, P.H., Hsu, C.H.: Dynamic module deployment in a fog computing platform. In: 2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS), pp. 1–6 (2016)
Kaur, A., Singh, M., Singh, P., et al.: A taxonomy, survey on placement of virtual machines in cloud. In: 2017 International Conference on Energy, Communication, Data Analytics and Soft Computing (ICECDS), pp. 2054–2058. IEEE (2017)
Luna, J., Taha, A., Trapero, R., Suri, N.: Quantitative reasoning about cloud security using service level agreements. IEEE Trans. Cloud Comput. 5(3), 457–471 (2017)
Mahmud, R., Ramamohanarao, K., Buyya, R.: Latency-aware application module management for fog computing environments. Trans. Internet Technol. 19, 1–21 (2018)
Mezni, H., Sellami, M., Kouki, J.: Security-aware SaaS placement using swarm intelligence. J. Softw. Evol. Process. 30(8), e1932 (2018)
Mukherjee, M., et al.: Security and privacy in fog computing: challenges. IEEE Access 5, 19293–19304 (2017)
Nacer, A.A., Goettelmann, E., Youcef, S., Tari, A., Godart, C.: Obfuscating a business process by splitting its logic with fake fragments for securing a multi-cloud deployment. In: 2016 IEEE World Congress on Services (SERVICES), pp. 18–25. IEEE (2016)
Newman, S.: Building microservices: designing fine-grained systems. O’Reilly Media Inc., Sebastopol (2015)
Ni, J., Zhang, K., Lin, X., Shen, X.: Securing fog computing for internet of things applications: challenges and solutions. IEEE Comm. Surv. Tutor. 20, 601–628 (2017)
OpenFog: OpenFog Reference Architecture (2016)
Rahbari, D., Nickray, M.: Scheduling of fog networks with optimized knapsack by symbiotic organisms search. In: 2017 21st Conference of Open Innovations Association (FRUCT), pp. 278–283 (2017)
Rodríguez, M.A., Egenhofer, M.J.: Determining semantic similarity among entity classes from different ontologies. Trans. Knowl. Data Eng. 15(2), 442–456 (2003)
Schoenen, S., Mann, Z.Á., Metzger, A.: Using risk patterns to identify violations of data protection policies in cloud systems. In: Braubach, L., Murillo, J.M., Kaviani, N., Lama, M., Burgueño, L., Moha, N., Oriol, M. (eds.) ICSOC 2017. LNCS, vol. 10797, pp. 296–307. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91764-1_24
Skarlat, O., Nardelli, M., Schulte, S., Dustdar, S.: Towards QoS-aware fog service placement. In: 2017 IEEE 1st International Conference on Fog and Edge Computing (ICFEC), pp. 89–96 (2017)
Soldani, J., Tamburri, D.A., Van Den Heuvel, W.J.: The pains and gains of microservices: a systematic grey literature review. J. Syst. Softw. 146, 215–232 (2018)
Taneja, M., Davy, A.: Resource aware placement of IoT application modules in fog-cloud computing paradigm. In: 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pp. 1222–1228 (2017)
Tang, Z., Zhou, X., Zhang, F., Jia, W., Zhao, W.: Migration modeling and learning algorithms for containers in fog computing. Trans. Serv. Comput. 12, 712–725 (2018)
Varshney, P., Simmhan, Y.: Demystifying fog computing: characterizing architectures, applications and abstractions. In: 2017 IEEE 1st International Conference on Fog and Edge Computing (ICFEC), pp. 115–124 (2017)
Wang, S., Zafer, M., Leung, K.K.: Online placement of multi-component applications in edge computing environments. IEEE Access 5, 2514–2533 (2017)
Wen, Z., Yang, R., Garraghan, P., Lin, T., Xu, J., Rovatsos, M.: Fog orchestration for Internet of Things services. IEEE Internet Comput. 21(2), 16–24 (2017)
Wen, Z., Cała, J., Watson, P., Romanovsky, A.: Cost effective, reliable and secure workflow deployment over federated clouds. Trans. Serv. Comput. 10(6), 929–941 (2017)
Zhang, P., Zhou, M., Fortino, G.: Security and trust issues in fog computing: a survey. Futur. Gener. Comput. Syst. 88, 16–27 (2018)
Acknowledgments
This work has been partly supported by the project “DECLWARE: Declarative methodologies of application design and deployment” (PRA_2018_66) funded by the University of Pisa, Italy.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Brogi, A., Ferrari, GL., Forti, S. (2020). Secure Apps in the Fog: Anything to Declare?. In: Fazio, M., Zimmermann, W. (eds) Advances in Service-Oriented and Cloud Computing. ESOCC 2018. Communications in Computer and Information Science, vol 1115. Springer, Cham. https://doi.org/10.1007/978-3-030-63161-1_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-63161-1_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63160-4
Online ISBN: 978-3-030-63161-1
eBook Packages: Computer ScienceComputer Science (R0)