SMOG-DEV
Security Mechanisms for Fog Computing - Advanced Security for Devices
Researchers
- Tapiador, Juan (PI)
- González-Tablas, Ana Isabel
- Peris-López, Pedro
- de Fuentes, José María
- Pastrana, Sergio
- González-Manzano, Lorena
- Cámara, Carmen
Abstract
At present, there are several interesting applications and use cases, such as outsourcing of mobile services, augmented reality systems, and several object interconnection systems (e.g., vehicular networks, cyber-physical systems) which require very specific attributes that are not provided by traditional centralized cloud services: low latency, access to local context information, and high scalability, among others. For this reason, a novel paradigm known as fog computing has emerged very recently. Fog computing is mainly based on the deployment of virtualization services on the network periphery: from Internet routers and 5G infrastructures to local servers. This allows the creation of an infrastructure that complements both the cloud infrastructure and the existing local infrastructures.
However, this semi-distributed nature of fog computing, alongside with other features such as the collaboration between entities and service/infrastructure providers, and the heterogeneity of devices and services, makes security in the context of fog computing a very complex issue that is difficult to solve; even more if we take into account the existence of attackers at all levels - from external adversaries to resources controlled by malicious users. In fact, currently, the security of fog computing has been considered in a limited and isolated manner only. On the one hand, it is necessary to protect the fog infrastructure itself, offering security services that enable secure communication between authorized items, protection of virtualized environments, and mechanisms to inspect and monitor the fog environment, among others. Moreover, it is also necessary to protect the interactions between users and their devices and the fog ecosystem, offering services that guarantee (through a contract) the outsourcing and the delegation of tasks, plus an adequate data management.
Beyond these risks, fog computing also offers a unique opportunity. The fog infrastructure itself can provide services, such as distributed decision making services through the use of cryptographic mechanisms, that can be used to support a trusted interaction between entities in a fog ecosystem. Furthermore, fog computing can be used as foundation for deploying security services (e.g., collaborative monitoring, positioning of safety and security information) that otherwise could not be used by user devices, and that could provide an added value in comparison with local security services.
Publications
Picazo-Sanchez, Pablo; Tapiador, Juan; Schneider, Gerardo. After You, Please: Browser Extensions Order Attacks and Countermeasures.
Mirzaei, Omid; de Fuentes, José María; Tapiador, Juan; González-Manzano, Lorena. AndrODet: An adaptive Android obfuscation detector. Future Generation Comp. Syst..
Calleja, Alejandro; Alejandro Martín; Menéndez, Héctor D.; Tapiador, Juan; Clark, David. Picking on the family: Disrupting android malware triage by forcing misclassification. Expert Syst. Appl..
Wang, Haoyu; Liu, Zhe; Liang, Jingyue; Vallina-Rodriguez, Narseo; Guo, Yao; Li, Li; Tapiador, Juan; Cao, Jingcun; Xu, Guoai. Beyond Google play: A large-scale comparative study of Chinese android app markets. Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC. ACM.