Abstract
The Multi-access Edge Computing (MEC) computing model provides on-demand cloud resources and services to the edge of the network, to offer storage and computing capacity, mobility, and context awareness support for emerging Internet of Things (IoT) applications. On the other hand, its complex hierarchical model introduces new vulnerabilities, which can influence the security of IoT applications. The use of different enabling technologies at the edge of the network, such as various wireless access and virtualization technologies, implies several threats and challenges that make the security analysis and the deployment of security mechanisms a technically challenging problem. This paper proposes a technique to model Edge-based systems and automatically extract security threats and plan possible security tests. The proposed approach is tested against a simple, but significant case study. The main contribution consists of a threat catalog that can be used to derive a threat model and perform a risk analysis process of specific MEC-based IoT scenarios.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Single-Board-Computer.
References
Edge Computing Reference Architecture 2.0. Technical report, Edge Computing Consortium, November 2017
Abbas, N., Zhang, Y.: Mobile edge computing: a survey. IEEE Internet Things J. 5(1), 16 (2018)
Ansari, M.T., Pandey, D., Alenezi, M.: STORE: security threat oriented requirements engineering methodology, January 2019
Casola, V., Rak, M., Villano, U.: Identity federation in cloud computing, pp. 253–259 (2010). https://doi.org/10.1109/ISIAS.2010.5604074, cited by 13
Casola, V., De Benedictis, A., Rak, M., Salzillo, G.: A cloud SecDevOps methodology: from design to testing. In: Shepperd, M., Brito e Abreu, F., Rodrigues da Silva, A., Pérez-Castillo, R. (eds.) QUATIC 2020. CCIS, vol. 1266, pp. 317–331. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58793-2_26
Casola, V., De Benedictis, A., Rak, M., Villano, U.: Toward the automation of threat modeling and risk assessment in IoT systems. Internet Things 7, 100056 (2019)
Di Martino, B., Rak, M., Ficco, M., Esposito, A., Maisto, S.A., Nacchia, S.: Internet of things reference architectures, security and interoperability: a survey. Internet Things 1, 99–112 (2018)
Ficco, M., Esposito, C., Xiang, Y., Palmieri, F.: Pseudo-dynamic testing of realistic edge-fog cloud ecosystems. IEEE Commun. Mag. 55, 98–104 (2017)
Ficco, M., Palmieri, F., Castiglione, A.: Modeling security requirements for cloud-based system development. Concurr. Comput. 27, 2107–2124 (2015)
Ficco, M., Rak, M.: Intrusion tolerance as a service: a SLA-based solution. In: Proceedings of the 2nd International Conference on Cloud Computing and Services Science, pp. 375–384 (2012)
Granata, D., Rak, M.: Design and development of a technique for the automation of the risk analysis process in IT security, p. 14 (2021)
Granata, D., Rak, M., Salzillo, G., Barbato, U.: Security in IoT pairing & authentication protocols, a threat model and a case study analysis, p. 10 (2021)
Hoque, M.A., Hasan, R.: Towards a threat model for vehicular fog computing, pp. 1051–1057 (2019)
ISO: Internet of Things Reference Architecture (IoT RA) ISO/IEC CD 30141
Jiang, Y., et al.: Security risk analysis of grid edge computing. IOP Conf. Ser. Earth Environ. Sci. 693(1), 12–34 (2021)
Khan, W.Z., Ahmed, E., Hakak, S., Yaqoob, I., Ahmed, A.: Edge computing: a survey. Futur. Gener. Comput. Syst. 97, 219–235 (2019)
Kounev, S., et al.: Providing dependability and resilience in the cloud: challenges and opportunities. In: Wolter, K., Avritzer, A., Vieira, M., van Moorsel, A. (eds.) Resilience Assessment and Evaluation of Computing Systems, pp. 65–81. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29032-9_4
Okwuibe, J., Liyanage, M., Ahmad, I., Ylianttila, M.: Cloud and MEC security, pp. 373–397, January 2018
Rak, M.: Security assurance of (multi-)cloud application with security SLA composition. In: Au, M.H.A., Castiglione, A., Choo, K.-K.R., Palmieri, F., Li, K.-C. (eds.) GPC 2017. LNCS, vol. 10232, pp. 786–799. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57186-7_57
Rak, M., Salzillo, G., Romeo, C.: Systematic IoT penetration testing: Alexa case study 2597, 190–200 (2020)
Roman, R., Lopez, J., Mambo, M.: Mobile edge computing, Fog et al.: a survey and analysis of security threats and challenges. Future Gener. Comput. Syst. 78, 680–698 (2018)
Salzillo, G., Rak, M.: A (in)secure-by-design IoT protocol: the ESP touch protocol and a case study analysis from the real market. In: Proceedings of the 2020 Joint Workshop on CPS&IoT Security and Privacy, CPSIOTSEC 2020, New York, NY, USA, pp. 37–48. Association for Computing Machinery (2020)
Salzillo, G., Rak, M., Moretta, F.: Threat modeling based penetration testing: the open energy monitor case study. In: 13th International Conference on Security of Information and Networks, SIN 2020, New York, NY, USA. Association for Computing Machinery (2020)
Shirazi, S.N., et al.: The extended cloud: review and analysis of mobile edge computing and fog from a security and resilience perspective. IEEE J. Sel. Areas Commun. 35(11), 2586–2595 (2017)
Shropshire, J.: Extending the cloud with fog: security challenges & opportunities. In: 20th Americas Conference on Information Systems, AMCIS 2014, January 2014
Weyrich, M., Ebert, C.: Reference architectures for the Internet of Things. IEEE Softw. 33, 112–116 (2015)
Yahuza, M., et al.: Systematic review on security and privacy requirements in edge computing: state of the art and future research opportunities. IEEE Access 8, 76541–76567 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Ficco, M., Granata, D., Rak, M., Salzillo, G. (2021). Threat Modeling of Edge-Based IoT Applications. In: Paiva, A.C.R., Cavalli, A.R., Ventura Martins, P., Pérez-Castillo, R. (eds) Quality of Information and Communications Technology. QUATIC 2021. Communications in Computer and Information Science, vol 1439. Springer, Cham. https://doi.org/10.1007/978-3-030-85347-1_21
Download citation
DOI: https://doi.org/10.1007/978-3-030-85347-1_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-85346-4
Online ISBN: 978-3-030-85347-1
eBook Packages: Computer ScienceComputer Science (R0)