Abstract
Modern ICT ecosystems such as healthcare environments (hospitals, care-centers etc.), operate in different abstraction layers (cloud, fog, extreme-edge) and comprise large numbers of network entities such as terminals, devices, sensors or even specialized appliances (virtual or physical). It is common in such environments, that several network entities with intermittent connectivity, join and leave the network in an unstructured and unsupervised manner (Wi-Fi access-points, BYOD policies, IoT, etc.). Such devices of frivolous nature, or even trusted devices/terminals, are prone to security vulnerabilities, since they are operated by regular, non-expert users who are not aware of any security aspects whatsoever. To effectively manage and proactively protect such large, complex and multilayered networks, dedicated personnel (system administrators, security specialists etc.) must be employed and specialized appliances must be deployed. On the other hand, modern cyber-warfare has become even more elaborate and insightful. Thus, ICT infrastructures must continuously evolve and adapt to the everchanging cyber-threats, which is a rather cumbersome and expensive task to accomplish. Towards addressing the above-mentioned issues, this paper proposes a cross-layered system, which leverages the Software Defined Networking (SDN) paradigm and the distributed Fog architecture, for network slicing and task offloading to provide dynamic, security-aware Vulnerability-Assessment as a service for large ICT infrastructures. The presented system provides seamless assessment for all existing and newly introduced network entities against all known security vulnerabilities, certifies them through a Common Vulnerability Scoring System (CVSS), classifies them according to the cyber-threat they introduce, and finally assigns them to a connectivity-appropriate VLAN. The presented system was preliminarily evaluated under a controlled-conditions simulation environment.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Andreassen HK , Bujnowska-Fedak MM , Chronaki CE, Dumitru RC, Pudule I, Santana S, Voss H, Wynn R (2007) European citizens’ use of E-health services: a study of seven countries. BMC Public Health 7(1):53
Pope J (2016) Ransomware: minimizing the risks. Innovations in Clinical Neuroscience 13(11-12):37–40
Stine I, Rice M, Dunlap S, John P (2017) A cyber risk scoring system for medical devices. International Journal of Critical Infrastructure Protection 19:32–46
Nist (2018) Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. Technical report, National institute of standards and technology, Gaithersburg
Cao C, Yuan L-P, Singhal A, Liu P, Sun X, Zhu S (2018) Assessing attack impact on business processes by interconnecting attack graphs and entity dependency graphs. In: Data and applications security and privacy XXXII, Springer, Cham, pp 330–348
ET, Richard Y, Seth D (2017) Barrier free internet access: evaluating the cyber security risk posed by the adoption of bring your own devices to e-learning network infrastructure. Int J Comput Appl 176(3):53–62
Ficco M, Choraś M, Kozik R (2017) Simulation platform for cyber-security and vulnerability analysis of critical infrastructures. J Comput Sci 22:179–186
Furfaro A, Argento L, Parise A, Antonio P (2017) Using virtual environments for the assessment of cybersecurity issues in IoT scenarios. Simul Model Pract Theory 73:43–54
Vilalta R, Ciungu R, Mayoral A, Casellas R, Martinez R, Pubill D, Serra J, Munoz R, Christos V (2016) Improving security in internet of things with software defined networking. In: IEEE global communications conference (GLOBECOM), IEEE, pp 1–6
Markakis EK, Karras K, Sideris A, Alexiou G, Pallis E (2017) Computing, caching, and communication at the edge: the cornerstone for building a versatile 5G ecosystem. IEEE Commun Mag 55(11):152–157
Stuart J (2011) Engineering Information Security. John Wiley, Hoboken
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the Topical Collection: Special issue on Fog Computing for Healthcare
Guest Editors: Han-Chieh Chao, Sana Ullah, Christos Verikoukis, and Ki-Il Kim
Rights and permissions
About this article
Cite this article
Nikoloudakis, Y., Pallis, E., Mastorakis, G. et al. Vulnerability assessment as a service for fog-centric ICT ecosystems: A healthcare use case. Peer-to-Peer Netw. Appl. 12, 1216–1224 (2019). https://doi.org/10.1007/s12083-019-0716-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-019-0716-y