Policy-aware Secure Collaboration in Fog Computing

Project: Research project

Project Details


Policy-aware Secure Collaboration in Fog Computing Policy aware Secure Collaboration in Fog Computing Project Description Policy-aware Secure Collaboration in Fog Computing Fog Computing is a highly virtualized platform that provides compute, storage, and networking services between end devices and traditional Cloud Computing Data Centers, typically, but not exclusively located at the edge of network. Fog Computing is a way of delivering a seemingly infinite collection of hardware and software resources to customers as needed, with support for elastic resource provisioning and release, and ubiquitous access to the resources. Even though Fog Computing is an emerging computing architecture supporting the future IoT applications, Edge of the Network implies a number of characteristics that make the Fog a non-trivial extension of the Cloud. Our vision for Fog Computing is that future applications will increasingly interact with multiple entities, and will utilize and synthesize capabilities from multiple sources. Applications, devices and network resources from different organizations will establish collaborative relationships and share information dynamically in Fog Computing. Users will demand execution of sophisticated, complex applications on a Fog Computing platform that will require applications to share data and programs, cooperate on joint ventures, and conduct collaborative activities. Security is a major challenge in this new paradigm of Fog Computing that demands advanced, efficient, and innovative mechanisms/ solutions for effective security and protection of the data and applications. Interoperability is the ability of disparate and diverse entities, components or systems to interact towards a mutually beneficial and agreed common goals by exchanging information in a meaningful manner. Interoperation among Fog nodes leads to an ecosystem that we term as a collaborative Fog Computing environment, where collaboration encompasses the notions of communication, coordination and cooperation. A collaborative Fog Computing environment abstracts the underlying differences in the offerings from multiple Fog nodes by supporting interoperation features like migration, redundancy and combination of complimentary resources and services. While cloud standardizations will promote collaboration, there are several hurdles to the adoption of Fog Computing and face deployment barriers similar to that of provider-centric approaches. A viable solution for Fog Computing collaboration must be progressively deployable alongside existing cloud technologies without significant barriers or overheads. Thus, deployment must not require ubiquitous uptake by CSPs, support of (potentially) uncooperative third parties (like Internet service providers) and construction of expensive/ extensive infrastructure (that will likely act as a financial barrier). To achieve this, we need a clientcentric approach to collaboration, where clients are given complete control over development, deployment, configuration, maintenance and operation of the resources and services that are used for collaboration. The solution must be flexible, extensible and adaptable to support addition of new collaborative features, respond to varying client needs and changes in its environment, and accommodate future technological changes and advances. A recent survey shows that security remains among the primary factors influencing organizations in their decision to outsource their business applications and data into the cloud. As security remains one of the biggest obstacles facing cloud computing, identifying and addressing security issues must be among the first and foremost tasks accompanying any innovation in the Fog ecosystem. Thus, the development of mechanisms for collaboration across multiple highly-virtualized Fog Computing platforms must be accompanied by a rigorous and in-depth security analysis to identify new threats and concerns resulting from collaboration, and by subsequent development of innovative, systematic and usable mechanisms for effective security (including privacy protection) of the data and applications. Security mechanisms to support collaboration among multiple entities is essential for gaining the trust of the general public and business organizations in adopting this new paradigm. In this project, the PI will investigate the following important and challenging issue to support a client-centric 1 approach to secure sharing and collaboration among services offered by FogComputing: whenmultiple Fog Computing platforms with different security approaches and mechanisms collaborate to provide various services, how do we address heterogeneity among their policies so that when we compose multiple services to enable a large-scale application service, policy anomalies are effectively monitored, minimizing security breaches? Policy analysis generally includes policy property verification, policy conflict detection, and analysis of difference between policy versions. Most existing approaches are based on graph, model checking or SATsolver techniques. Graph-based approaches are suitable for being a specification method but not an execution method. Model-checking-based approaches are good at thoroughly analyzing one or multiple policies by examining all possible inputs. However, they have difficulties in representing some policies with complex conditions, like conditions containing linear functions. SAT-solver-based approaches usually deal with policy conflict detection by checking the satisfiability of Boolean expressions corresponding to different policies. A common characteristic shared by the existing approaches is that they solely focus on the quality of the analysis result and have relatively high computation complexity. This is mainly due to the design philosophy which assumes that the policy analysis task is off-line while efficiency is not the main concern. Therefore, this project investigates mechanisms to ensure that security breaches such as policy conflicts are effectively monitored during the collaboration process. For a collaborative Fog Computing environment, a Fog node needs to deal with several registered services from multiple Fog nodes. This requires policy integration and decomposition to be conducted locally at different proxy nodes. Therefore, it is necessary to articulate the possible policy anomalies including policy inconsistency and policy inefficiency. Policy integration aims to generate agreement on access rights for each party involved in a collaborative project. Compared to the existing work, our approach will focus on the following research tasks. Research Tasks: Designing and managing policies are often error-prone due to the lack of effective analysis mechanisms and tools. We propose an innovative policy anomaly analysis approach to establish secure collaborative Fog Computing environments. We will further investigate the following research avenues: 1. We will formally devise the patterns of policy anomalies and corresponding anomaly detection mechanisms will be designed and developed. Based on the identified patterns of policy anomalies, we will also investigate how the notion of warrant in multi-Fog-nodes can be accommodated in our detection mechanisms. The objective of this task is to develop a set of mechanisms for efficiently detecting policy anomalies using our segmentation discovery approach and Fog nodes in collaborative Fog Computing environments. 2. Once policy anomalies are identified, it is necessary to resolve those anomalies through a Fog node. Existing conflict resolution mechanisms are too restricted to resolve all identified conflicts among policies with a single resolution algorithm. Hence, in this project, we will also design and develop a flexible anomaly resolution approach using a strategy-based fine-grained resolution, which allows us to adaptively apply different resolution algorithms to resolve different anomalies in composite policies. 3. Policy management module should bea modular component in a Fog node so that we can support the integration, decomposition, and analysis of policies in multi-clouds. We will investigate an effective way to seamlessly integrate the proposed policy anomaly detection and resolution modules with Fog nodes. Hence, the outcome of our policy management modules will be interoperable with existing cloud-based mechanisms. In addition, we will evaluate our modules based on real-world business scenarios as part of collaborative activities with CISCO team. The PI will utilize his research laboratory called Security Engineering for Future Computing (SEFCOM, /seifcom/,http://sefcom.asu.edu) for carrying out the proposed research tasks. SEFCOMhas an isolated network research facility that includes Honeynet Testbed and Cloud Testbed. Also, as one of leading research engineering schools (http://www.fulton.asu.edu/fulton/facts/), Ira A. Fulton Schools of engineering hosts various research facilities including embedded system lab and information assurance lab. The PI will also utilize those facilities for this project.
Effective start/end date7/2/135/31/15


  • INDUSTRY: Domestic Company: $110,910.00


Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.