research-article

Public Access

Towards security-as-a-service in multi-access edge

Authors:

Satyajayant Misra,

Flavio EspositoAuthors Info & Claims

SEC '19: Proceedings of the 4th ACM/IEEE Symposium on Edge Computing

Pages 358 - 363

https://doi.org/10.1145/3318216.3363335

Published: 07 November 2019 Publication History

Abstract

The prevailing network security measures are often implemented on proprietary appliances that are deployed at fixed network locations with constant capacity. Such a rigid deployment is sometimes necessary, but undermines the flexibility of security services in meeting the demands of emerging applications, such as augmented/virtual reality, autonomous driving, and 5G for industry 4.0, which are provoked by the evolution of connected and smart devices, their heterogeneity, and integration with cloud and edge computing infrastructures.

To loosen these rigid security deployments, in this paper, we propose a data-centric SECurity-as-a-Service (SECaaS) framework for elastic deployment and provisioning of security services at the Multi-Access Edge Computing (MEC) infrastructure. In particular, we discuss three security services that are suitable for edge deployment: (i) an intrusion detection and prevention system (IDPS), (ii) an access control enforcement system (ACE), and (iii) a communication anonymization service (CA). We benchmark the common security microservices along with the design and implementation of a proof of concept communication anonymization application.

References

[1]

M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, A. Halderman, L. Invernizzi, and M. Kallitsis. Understanding the mirai botnet. In USENIX Security Symposium, pages 1092--1110, 2017.

Digital Library

[2]

P. Garcia Lopez, A. Montresor, D. Epema, A. Datta, T. Higashino, A. Iamnitchi, M. Barcellos, P. Felber, and E. Riviere. Edge-centric computing: Vision and challenges. ACM SIGCOMM Computer Communication Review, 45(5):37--42, 2015.

Digital Library

[3]

T. Yu, S. K. Fayaz, M. P. Collins, V. Sekar, and S. Seshan. Psi: Precise security instrumentation for enterprise networks. In Network and Distributed System Security Symposium, 2017.

[4]

H. Li, H. Hu, G. Gu, G. J. Ahn, and F. Zhang. vnids: Towards elastic security with safe and efficient virtualization of network intrusion detection systems. In Proceedings of ACM SIGSAC Conference on Computer and Communications Security, pages 17--34, 2018.

Digital Library

[5]

K. Bhardwaj, J. C. Miranda, and A. Gavrilovska. Towards iot-ddos prevention using edge computing. In {USENIX} Workshop on Hot Topics in Edge Computing, 2018.

[6]

A. Mtibaa, R. Tourani, S. Misra, J. Burke, and L. Zhang. Towards edge computing over named data networking. In International Conference on Edge Computing (EDGE), pages 117--120. IEEE, 2018.

[7]

L. Zhang, A. Afanasyev, J. Burke, V. Jacobson, P. Crowley, C. Papadopoulos, L. Wang, B. Zhang, et al. Named data networking. ACM SIGCOMM CCR, 44(3):66--73, 2014.

Digital Library

[8]

C. Tschudin and M. Sifalakis. Named functions and cached computations. In Consumer Communications and Networking Conference (CCNC), pages 851--857. IEEE, 2014.

[9]

M. Sifalakis, B. Kohler, C. Scherb, and C. Tschudin. An information centric network for computing the distribution of computations. In Proceedings of the Conference on Information-Centric Networking, pages 137--146. ACM, 2014.

Digital Library

[10]

M. Król and I. Psaras. Nfaas: named function as a service. In Proceedings of the Conference on Information-Centric Networking, pages 134--144. ACM, 2017.

Digital Library

[11]

X. Marchal, T. Cholez, and O. Festor. µ NDN: an orchestrated microservice architecture for named data networking. In ACM Conference on Information-Centric Networking.

[12]

M. Sardara, L. Muscariello, J. Augé, M. Enguehard, A. Compagno, and G. Carofiglio. Virtualized icn (vicn): towards a unified network virtualization framework for icn experimentation. In Conference on Information-Centric Networking, pages 109--115. ACM, 2017.

Digital Library

[13]

T. Combe, W. Mallouli, T. Cholez, G. Doyen, B. Mathieu, and E. M. De Oca. An sdn and nfv use case: Ndn implementation and security monitoring. In Guide to Security in SDN and NFV, pages 299--321. Springer, 2017.

[14]

C. Liang, F. Yu, H. Yao, and Z. Han. Virtual resource allocation in information-centric wireless networks with virtualization. IEEE Transactions on Vehicular Technology, 65(12):9902--9914, 2016.

[15]

V. Varadharajan and U. Tupakula. Security as a service model for cloud environment. IEEE Transactions on network and Service management, 11(1):60--75, 2014.

[16]

D. Migault, M. Simplicio, B. Barros, M. Pourzandi, T. Almeida, E. Andrade, and T. Carvalho. A framework for enabling security services collaboration across multiple domains. In International Conference on Distributed Computing Systems (ICDCS), pages 999--1010. IEEE, 2017.

[17]

T. Mauro. Adopting microservices at netflix: Lessons for architectural design. [online], 2015. https://www.nginx.com/blog/microservices-at-netflix-architectural-best-practices/.

[18]

A. Boudi, I. Farris, M. Bagaa, and T. Taleb. Lightweight virtualization based security framework for network edge. In Conference on Standards for Communications and Networking (CSCN), pages 1--6. IEEE, 2018.

[19]

A. Karami and M. Guerrero-Zapata. A fuzzy anomaly detection system based on hybrid pso-kmeans algorithm in content-centric networks. Neurocomputing, 149:1253--1269, 2015.

[20]

R. Tourani, S. Misra, T. Mick, and G. Panwar. Security, privacy, and access control in information-centric networking: A survey. IEEE Communications Surveys & Tutorials, 20(1):566--600, 2018.

[21]

L. Deri and A. Del Soldato. An architecture for distributing and enforcing iot security at the network edge. In International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pages 211--218. IEEE, 2018.

[22]

R. S. Da Silva and S. D. Zorzo. An access control mechanism to ensure privacy in named data networking using attribute-based encryption with immediate revocation of privileges. In Consumer Communications and Networking Conference, pages 128--133. IEEE, 2015.

[23]

R. Tourani, R. Stubbs, and S. Misra. TACTIC: Tag-based access control framework for the information-centric wireless edge networks. In International Conference on Distributed Computing Systems, pages 456--466. IEEE, 2018.

[24]

E. Erdin, C. Zachor, and M. H. Gunes. How to find hidden users: A survey of attacks on anonymity networks. Communications Surveys & Tutorials, 17(4):2296--2316, 2015.

[25]

R. Tourani, S. Misra, J. Kliewer, S. Ortegel, and T. Mick. Catch Me If You Can: A Practical Framework to Evade Censorship in Information-Centric Networks. In Proceedings of the International Conference on Information-Centric Networking, pages 167--176. ACM, 2015.

Digital Library

[26]

S. DiBenedetto, P. Gasti, G. Tsudik, and E. Uzun. Andana: Anonymous named data networking application. Arxiv preprint arXiv:1112.2205, 2011.

[27]

S. Yi, C. Li, and Q. Li. A survey of fog computing: concepts, applications and issues. In Proceedings of the 2015 workshop on mobile big data, pages 37--42. ACM, 2015.

Digital Library

[28]

M. Satyanarayanan. The emergence of edge computing. Computer, 50(1):30--39, 2017.

Digital Library

[29]

N. Akhtar, I. Matta, A. Raza, L. Goratti, T. Braun, and F. Esposito. Virtual function placement and traffic steering over 5g multi-technology networks. In Conference on Network Softwarization and Workshops (NetSoft), pages 114--122. IEEE, 2018.

Cited By

Mahadevappa PAl-amri RAlkawsi GAlkahtani AAlghenaim MAlsamman M(2024)Analyzing Threats and Attacks in Edge Data Analytics within IoT EnvironmentsIoT10.3390/iot50100075:1(123-154)Online publication date: 5-Mar-2024
https://doi.org/10.3390/iot5010007
Oztoprak KTuncel YButun I(2023)Technological Transformation of Telco Operators towards Seamless IoT Edge-Cloud ContinuumSensors10.3390/s2302100423:2(1004)Online publication date: 15-Jan-2023
https://doi.org/10.3390/s23021004
Öztoprak KTuncel Y(2023)Holistic Security Approach in Cybersecurity Services for Datacenters and Telecommunication Operators2023 IEEE International Performance, Computing, and Communications Conference (IPCCC)10.1109/IPCCC59175.2023.10253840(470-474)Online publication date: 17-Nov-2023
https://doi.org/10.1109/IPCCC59175.2023.10253840
Show More Cited By

Recommendations

Towards Secure Cloud Orchestration for Multi-Cloud Deployments
CrossCloud'18: Proceedings of the 5th Workshop on CrossCloud Infrastructures & Platforms

Cloud orchestration frameworks are commonly used to deploy and operate cloud infrastructure. Their role spans both vertically (deployment on infrastructure, platform, application and microservice levels) and horizontally (deployments from many distinct ...
Security and Privacy Issues in Cloud, Fog and Edge Computing
Abstract
The advent of technologies like IoT and 5G brought a new computing paradigm called cloud computing into the world. Cloud computing has become the main platform for data warehousing and processing. However, storing data into the cloud has its own ...
Supporting Multi-Provider Serverless Computing on the Edge
ICPP Workshops '18: Workshop Proceedings of the 47th International Conference on Parallel Processing

Serverless computing has recently emerged as a new execution model for cloud computing, in which service providers offer compute runtimes, also known as Function-as-a-Service (FaaS) platforms, allowing users to develop, execute and manage application ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SEC '19: Proceedings of the 4th ACM/IEEE Symposium on Edge Computing

November 2019

455 pages

ISBN:9781450367332

DOI:10.1145/3318216

General Chairs:
Songqing Chen
George Mason University
,
Ryokichi Onishi
Toyota
,
Program Chairs:
Ganesh Ananthanarayanan
Microsoft Research
,
Qun Li
College of William & Mary

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

In-Cooperation

IEEE-CS\DATC: IEEE Computer Society

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

SEC '19

Sponsor:

SIGMOBILE

SEC '19: The Fourth ACM/IEEE Symposium on Edge Computing

November 7 - 9, 2019

Virginia, Arlington

Acceptance Rates

SEC '19 Paper Acceptance Rate 20 of 59 submissions, 34%;

Overall Acceptance Rate 40 of 100 submissions, 40%

Upcoming Conference

SEC '24

Sponsor:
sigmobile

The Nineth ACM/IEEE Symposium on Edge Computing

December 4 - 7, 2024

Rome , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
1,090
Total Downloads

Downloads (Last 12 months)212
Downloads (Last 6 weeks)15

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Mahadevappa PAl-amri RAlkawsi GAlkahtani AAlghenaim MAlsamman M(2024)Analyzing Threats and Attacks in Edge Data Analytics within IoT EnvironmentsIoT10.3390/iot50100075:1(123-154)Online publication date: 5-Mar-2024
https://doi.org/10.3390/iot5010007
Oztoprak KTuncel YButun I(2023)Technological Transformation of Telco Operators towards Seamless IoT Edge-Cloud ContinuumSensors10.3390/s2302100423:2(1004)Online publication date: 15-Jan-2023
https://doi.org/10.3390/s23021004
Öztoprak KTuncel Y(2023)Holistic Security Approach in Cybersecurity Services for Datacenters and Telecommunication Operators2023 IEEE International Performance, Computing, and Communications Conference (IPCCC)10.1109/IPCCC59175.2023.10253840(470-474)Online publication date: 17-Nov-2023
https://doi.org/10.1109/IPCCC59175.2023.10253840
Torres GTourani RMtibaa AStelmakh DMisra SSrikanteswara SZhang YHoque S(2022)uDiscover: User-Driven Service Discovery in Pervasive Edge Computing using NDN2022 IEEE International Conference on Edge Computing and Communications (EDGE)10.1109/EDGE55608.2022.00022(77-82)Online publication date: Jul-2022
https://doi.org/10.1109/EDGE55608.2022.00022
Karimov AOlimov IBerdiyev KTojiakbarova UTursunov O(2021)Cloud Computing Security Challenges and Solutions2021 International Conference on Information Science and Communications Technologies (ICISCT)10.1109/ICISCT52966.2021.9670220(1-6)Online publication date: 3-Nov-2021
https://doi.org/10.1109/ICISCT52966.2021.9670220

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents