Skip to main content
Springer Nature Link
Log in

Towards Secure Management of Edge-Cloud IoT Microservices Using Policy as Code

  • Conference paper
  • First Online:
Software Architecture (ECSA 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14889))

Included in the following conference series:

  • 678 Accesses

Abstract

IoT application providers increasingly use MicroService Architecture (MSA) to develop applications that convert IoT data into valuable information. The independently deployable and scalable nature of microservices enables dynamic utilization of edge and cloud resources provided by various service providers, thus improving performance. However, IoT data security should be ensured during multi-domain data processing and transmission among distributed and dynamically composed microservices. The ability to implement granular security controls at the microservices level has the potential to solve this. To this end, edge-cloud environments require intricate and scalable security frameworks that operate across multi-domain environments to enforce various security policies during the management of microservices (i.e., initial placement, scaling, migration, and dynamic composition), considering the sensitivity of the IoT data. To address the lack of such a framework, we propose an architectural framework that uses Policy-as-Code to ensure secure microservice management within multi-domain edge-cloud environments. The proposed framework contains a “control plane” to intelligently and dynamically utilise and configure cloud-native (i.e., container orchestrators and service mesh) technologies to enforce security policies. We implement a prototype of the proposed framework using open-source cloud-native technologies such as Docker, Kubernetes, Istio, and Open Policy Agent to validate the framework. Evaluations verify our proposed framework’s ability to enforce security policies for distributed microservices management, thus harvesting the MSA characteristics to ensure IoT application security needs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Data Availability Statement

As this project is funded by an industry partner, we are unable to publish the source code at this stage. To increase reproducibility, we extended an open-source framework along with open-source tools and explained the implementation of our framework in detail. High quality images of all figures used in the manuscript are available at https://doi.org/10.5281/zenodo.12524961.

Notes

  1. 1.

    https://www.docker.com/.

  2. 2.

    https://containerd.io/.

  3. 3.

    https://docs.docker.com/get-started/swarm-deploy/.

  4. 4.

    https://kubernetes.io/.

  5. 5.

    https://istio.io/latest/.

  6. 6.

    https://linkerd.io/.

  7. 7.

    https://redis.io/.

  8. 8.

    https://min.io/.

  9. 9.

    https://www.openpolicyagent.org/docs/latest/.

  10. 10.

    https://www.openpolicyagent.org/.

  11. 11.

    https://kind.sigs.k8s.io/.

References

  1. Al-Doghman, F., Moustafa, N., Khalil, I., Tari, Z., Zomaya, A.: AI-enabled secure microservices in edge computing: opportunities and challenges. IEEE Trans. Serv. Comput. 16, 1485–1504 (2022)

    Article  Google Scholar 

  2. Atieh, A.T.: The next generation cloud technologies: a review on distributed cloud, fog and edge computing and their opportunities and challenges. ResearchBerg Rev. Sci. Technol. 1(1), 1–15 (2021)

    Google Scholar 

  3. Chandramouli, R.: Implementation of DevSecOps for a microservices-based application with service mesh. NIST Spec. Publ. 800, 204C (2022)

    Google Scholar 

  4. Deng, Q., Goudarzi, M., Buyya, R.: FogBus2: a lightweight and distributed container-based framework for integration of IoT-enabled systems with edge and cloud computing. In: Proceedings of the International Workshop on Big Data in Emergent Distributed Environments, pp. 1–8 (2021)

    Google Scholar 

  5. Ermolenko, D., Kilicheva, C., Muthanna, A., Khakimov, A.: Internet of things services orchestration framework based on kubernetes and edge computing. In: Proceedings of the 2021 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (ElConRus), pp. 12–17. IEEE (2021)

    Google Scholar 

  6. Farzin, P., Azizi, S., Shojafar, M., Rana, O., Singhal, M.: FLEX: a platform for scalable service placement in multi-fog and multi-cloud environments. In: Proceedings of the 2022 Australasian Computer Science Week, pp. 106–114 (2022)

    Google Scholar 

  7. Faticanti, F., De Pellegrini, F., Siracusa, D., Santoro, D., Cretti, S.: Throughput-aware partitioning and placement of applications in fog computing. IEEE Trans. Netw. Serv. Manage. 17(4), 2436–2450 (2020)

    Article  Google Scholar 

  8. Faticanti, F., Savi, M., De Pellegrini, F., Siracusa, D.: Locality-aware deployment of application microservices for multi-domain fog computing. Comput. Commun. 203, 180–191 (2023)

    Article  Google Scholar 

  9. https://fogatlas.fbk.eu/. Accessed January 2024

  10. GitLab: What are the benefits of a microservices architecture? (2022). https://about.gitlab.com/blog/2022/09/29/what-are-the-benefits-of-a-microservices-architecture/

  11. Guerrero, C., Lera, I., Juiz, C.: Evaluation and efficiency comparison of evolutionary algorithms for service placement optimization in fog architectures. Futur. Gener. Comput. Syst. 97, 131–144 (2019)

    Article  Google Scholar 

  12. Haumer, P., Pohl, K., Weidenhaupt, K.: Requirements elicitation and validation with real world scenes. IEEE Trans. Softw. Eng. 24(12), 1036–1054 (1998)

    Article  Google Scholar 

  13. IDC: Future of industry ecosystems: Shared data and insights (2021). https://blogs.idc.com/2021/01/06/future-of-industry-ecosystems-shared-data-and-insights/

  14. Mahmud, R., Toosi, A.N.: Con-Pi: a distributed container-based edge and fog computing framework. IEEE Internet Things J. 9(6), 4125–4138 (2021)

    Article  Google Scholar 

  15. Marchese, A., Tomarchio, O.: Sophos: a framework for application orchestration in the cloud-to-edge continuum. In: Proceedings of the 13th International Conference on Cloud Computing and Services Science, CLOSER 2023, pp. 261–268 (2023)

    Google Scholar 

  16. Miller, L., Mérindol, P., Gallais, A., Pelsser, C.: Towards secure and leak-free workflows using microservice isolation. In: 2021 IEEE 22nd International Conference on High Performance Switching and Routing (HPSR), pp. 1–5. IEEE (2021)

    Google Scholar 

  17. Pahl, C., El Ioini, N., Helmer, S., Lee, B.: An architecture pattern for trusted orchestration in IoT edge clouds. In: 2018 Third International Conference on Fog and Mobile Edge Computing (FMEC), pp. 63–70. IEEE (2018)

    Google Scholar 

  18. Pallewatta, S., Kostakos, V., Buyya, R.: Placement of microservices-based IoT applications in fog computing: a taxonomy and future directions. ACM Comput. Surv. 55, 1–43 (2023)

    Article  Google Scholar 

  19. Pallewatta, S., Kostakos, V., Buyya, R.: MicroFog: a framework for scalable placement of microservices-based IoT applications in federated fog environments. J. Syst. Softw. 209, 111910 (2024)

    Article  Google Scholar 

  20. Santoro, D., Zozin, D., Pizzolli, D., De Pellegrini, F., Cretti, S.: Foggy: a platform for workload orchestration in a fog computing environment. In: Proceedings of the 2017 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), pp. 231–234. IEEE (2017)

    Google Scholar 

  21. Tuli, S., Mahmud, R., Tuli, S., Buyya, R.: FogBus: a blockchain-based lightweight framework for edge and fog computing. J. Syst. Softw. 154, 22–36 (2019)

    Article  Google Scholar 

  22. Varadharajan, V., Bansal, S.: Data security and privacy in the internet of things (IoT) environment. In: Mahmood, Z. (ed.) Connectivity Frameworks for Smart Devices. CCN, pp. 261–281. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-33124-9_11

    Chapter  Google Scholar 

  23. Wang, Z., Goudarzi, M., Aryal, J., Buyya, R.: Container orchestration in edge and fog computing environments for real-time IoT applications. In: Buyya, R., Hernandez, S.M., Kovvur, R.M.R., Sarma, T.H. (eds.) Computational Intelligence and Data Analytics. LNDECT, vol. 142, pp. 1–21. Springer, Singapore (2022). https://doi.org/10.1007/978-981-19-3391-2_1

    Chapter  Google Scholar 

  24. Xiong, J., et al.: Enhancing privacy and availability for data clustering in intelligent electrical service of IoT. IEEE Internet Things J. 6(2), 1530–1540 (2018)

    Article  Google Scholar 

  25. Yousefpour, A., et al.: FOGPLAN: a lightweight QoS-aware dynamic fog service provisioning framework. IEEE Internet Things J. 6(3), 5080–5096 (2019)

    Article  Google Scholar 

Download references

Acknowledgments

This work has been supported by the Cyber Security Cooperative Research Centre Limited whose activities are partially funded by the Australian Government’s Cooperative Research Centre Program.

Author information

Authors and Affiliations

  1. CREST - The Centre for Research on Engineering Software Technologies, Adelaide, Australia

    Samodha Pallewatta & Muhammad Ali Babar

  2. The University of Adelaide, Adelaide, Australia

    Samodha Pallewatta & Muhammad Ali Babar

  3. Cyber Security Cooperative Research Centre (CSCRC), Joondalup, Australia

    Muhammad Ali Babar

Authors
  1. Samodha Pallewatta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Ali Babar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Samodha Pallewatta .

Editor information

Editors and Affiliations

  1. University of Canterbury, Christchurch, New Zealand

    Matthias Galster

  2. University of Bergamo, Bergamo, Italy

    Patrizia Scandurra

  3. University of Helsinki, Helsinki, Finland

    Tommi Mikkonen

  4. Fraunhofer IESE, Kaiserslautern, Germany

    Pablo Oliveira Antonino

  5. University of São Paulo, São Carlos, São Paulo, Brazil

    Elisa Yumi Nakagawa

  6. University of Castilla-La Mancha, Albacete, Spain

    Elena Navarro

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Pallewatta, S., Babar, M.A. (2024). Towards Secure Management of Edge-Cloud IoT Microservices Using Policy as Code. In: Galster, M., Scandurra, P., Mikkonen, T., Oliveira Antonino, P., Nakagawa, E.Y., Navarro, E. (eds) Software Architecture. ECSA 2024. Lecture Notes in Computer Science, vol 14889. Springer, Cham. https://doi.org/10.1007/978-3-031-70797-1_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-70797-1_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-70796-4

  • Online ISBN: 978-3-031-70797-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics