Skip to main content
SpringerLink
Log in

Threat Modeling of Edge-Based IoT Applications

  • Conference paper
  • First Online:
Book cover Quality of Information and Communications Technology (QUATIC 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1439))

Abstract

The Multi-access Edge Computing (MEC) computing model provides on-demand cloud resources and services to the edge of the network, to offer storage and computing capacity, mobility, and context awareness support for emerging Internet of Things (IoT) applications. On the other hand, its complex hierarchical model introduces new vulnerabilities, which can influence the security of IoT applications. The use of different enabling technologies at the edge of the network, such as various wireless access and virtualization technologies, implies several threats and challenges that make the security analysis and the deployment of security mechanisms a technically challenging problem. This paper proposes a technique to model Edge-based systems and automatically extract security threats and plan possible security tests. The proposed approach is tested against a simple, but significant case study. The main contribution consists of a threat catalog that can be used to derive a threat model and perform a risk analysis process of specific MEC-based IoT scenarios.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Single-Board-Computer.

References

  1. Edge Computing Reference Architecture 2.0. Technical report, Edge Computing Consortium, November 2017

    Google Scholar 

  2. Abbas, N., Zhang, Y.: Mobile edge computing: a survey. IEEE Internet Things J. 5(1), 16 (2018)

    Article  Google Scholar 

  3. Ansari, M.T., Pandey, D., Alenezi, M.: STORE: security threat oriented requirements engineering methodology, January 2019

    Google Scholar 

  4. Casola, V., Rak, M., Villano, U.: Identity federation in cloud computing, pp. 253–259 (2010). https://doi.org/10.1109/ISIAS.2010.5604074, cited by 13

  5. Casola, V., De Benedictis, A., Rak, M., Salzillo, G.: A cloud SecDevOps methodology: from design to testing. In: Shepperd, M., Brito e Abreu, F., Rodrigues da Silva, A., Pérez-Castillo, R. (eds.) QUATIC 2020. CCIS, vol. 1266, pp. 317–331. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58793-2_26

    Chapter  Google Scholar 

  6. Casola, V., De Benedictis, A., Rak, M., Villano, U.: Toward the automation of threat modeling and risk assessment in IoT systems. Internet Things 7, 100056 (2019)

    Article  Google Scholar 

  7. Di Martino, B., Rak, M., Ficco, M., Esposito, A., Maisto, S.A., Nacchia, S.: Internet of things reference architectures, security and interoperability: a survey. Internet Things 1, 99–112 (2018)

    Article  Google Scholar 

  8. Ficco, M., Esposito, C., Xiang, Y., Palmieri, F.: Pseudo-dynamic testing of realistic edge-fog cloud ecosystems. IEEE Commun. Mag. 55, 98–104 (2017)

    Article  Google Scholar 

  9. Ficco, M., Palmieri, F., Castiglione, A.: Modeling security requirements for cloud-based system development. Concurr. Comput. 27, 2107–2124 (2015)

    Article  Google Scholar 

  10. Ficco, M., Rak, M.: Intrusion tolerance as a service: a SLA-based solution. In: Proceedings of the 2nd International Conference on Cloud Computing and Services Science, pp. 375–384 (2012)

    Google Scholar 

  11. Granata, D., Rak, M.: Design and development of a technique for the automation of the risk analysis process in IT security, p. 14 (2021)

    Google Scholar 

  12. Granata, D., Rak, M., Salzillo, G., Barbato, U.: Security in IoT pairing & authentication protocols, a threat model and a case study analysis, p. 10 (2021)

    Google Scholar 

  13. Hoque, M.A., Hasan, R.: Towards a threat model for vehicular fog computing, pp. 1051–1057 (2019)

    Google Scholar 

  14. ISO: Internet of Things Reference Architecture (IoT RA) ISO/IEC CD 30141

    Google Scholar 

  15. Jiang, Y., et al.: Security risk analysis of grid edge computing. IOP Conf. Ser. Earth Environ. Sci. 693(1), 12–34 (2021)

    Google Scholar 

  16. Khan, W.Z., Ahmed, E., Hakak, S., Yaqoob, I., Ahmed, A.: Edge computing: a survey. Futur. Gener. Comput. Syst. 97, 219–235 (2019)

    Article  Google Scholar 

  17. Kounev, S., et al.: Providing dependability and resilience in the cloud: challenges and opportunities. In: Wolter, K., Avritzer, A., Vieira, M., van Moorsel, A. (eds.) Resilience Assessment and Evaluation of Computing Systems, pp. 65–81. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29032-9_4

    Chapter  Google Scholar 

  18. Okwuibe, J., Liyanage, M., Ahmad, I., Ylianttila, M.: Cloud and MEC security, pp. 373–397, January 2018

    Google Scholar 

  19. Rak, M.: Security assurance of (multi-)cloud application with security SLA composition. In: Au, M.H.A., Castiglione, A., Choo, K.-K.R., Palmieri, F., Li, K.-C. (eds.) GPC 2017. LNCS, vol. 10232, pp. 786–799. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57186-7_57

    Chapter  Google Scholar 

  20. Rak, M., Salzillo, G., Romeo, C.: Systematic IoT penetration testing: Alexa case study 2597, 190–200 (2020)

    Google Scholar 

  21. Roman, R., Lopez, J., Mambo, M.: Mobile edge computing, Fog et al.: a survey and analysis of security threats and challenges. Future Gener. Comput. Syst. 78, 680–698 (2018)

    Article  Google Scholar 

  22. Salzillo, G., Rak, M.: A (in)secure-by-design IoT protocol: the ESP touch protocol and a case study analysis from the real market. In: Proceedings of the 2020 Joint Workshop on CPS&IoT Security and Privacy, CPSIOTSEC 2020, New York, NY, USA, pp. 37–48. Association for Computing Machinery (2020)

    Google Scholar 

  23. Salzillo, G., Rak, M., Moretta, F.: Threat modeling based penetration testing: the open energy monitor case study. In: 13th International Conference on Security of Information and Networks, SIN 2020, New York, NY, USA. Association for Computing Machinery (2020)

    Google Scholar 

  24. Shirazi, S.N., et al.: The extended cloud: review and analysis of mobile edge computing and fog from a security and resilience perspective. IEEE J. Sel. Areas Commun. 35(11), 2586–2595 (2017)

    Article  Google Scholar 

  25. Shropshire, J.: Extending the cloud with fog: security challenges & opportunities. In: 20th Americas Conference on Information Systems, AMCIS 2014, January 2014

    Google Scholar 

  26. Weyrich, M., Ebert, C.: Reference architectures for the Internet of Things. IEEE Softw. 33, 112–116 (2015)

    Article  Google Scholar 

  27. Yahuza, M., et al.: Systematic review on security and privacy requirements in edge computing: state of the art and future research opportunities. IEEE Access 8, 76541–76567 (2020)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Engineering, University of Campania Luigi Vanvitelli, via Roma 29, 81031, Aversa, CE, Italy

    Massimo Ficco, Daniele Granata, Massimiliano Rak & Giovanni Salzillo

Authors
  1. Massimo Ficco
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniele Granata
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Massimiliano Rak
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Giovanni Salzillo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daniele Granata .

Editor information

Editors and Affiliations

  1. Faculty of Engineering of the University of Porto, Porto, Portugal

    Ana C. R. Paiva

  2. Institut Polytechnique de Paris, Paris, France

    Ana Rosa Cavalli

  3. University of Algarve, Faro, Portugal

    Paula Ventura Martins

  4. University of Castila-La Mancha, Ciudad Real, Ciudad Real, Spain

    Ricardo Pérez-Castillo

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ficco, M., Granata, D., Rak, M., Salzillo, G. (2021). Threat Modeling of Edge-Based IoT Applications. In: Paiva, A.C.R., Cavalli, A.R., Ventura Martins, P., Pérez-Castillo, R. (eds) Quality of Information and Communications Technology. QUATIC 2021. Communications in Computer and Information Science, vol 1439. Springer, Cham. https://doi.org/10.1007/978-3-030-85347-1_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-85347-1_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-85346-4

  • Online ISBN: 978-3-030-85347-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation