Biblio

SUMMARY & CONCLUSIONSA Multi-access Edge Computing (MEC) micro data center (MEDC) consists of multiple MEC hosts close to endpoint devices. MEC service is delivered by instantiating a virtualization system (e.g., Virtual Machines or Containers) on a MEC host. MEDC faces more new security risks due to various device connections in an open environment. When more and more IoT/CPS systems are connected to MEDC, it is necessary for MEC service providers to quantitatively analyze any security loss and then make defense-related decision. This paper develops a CTMC model for quantitatively analyzing the security and dependability of a vulnerable MEDC system under lateral movement attacks, from the adversary’s initial successful access until the MEDC becomes resistant to the attack. The proposed model captures the behavior of the system in a scenario where (i) the rate of vulnerable MEC servers being infected increases with the increasing number of infected MEC servers, (ii) each infected MEC server can perform its compromising activity independently and randomly, and (iii) any infected MEC may fail and then cannot provide service. We also introduce the formulas for computing metrics. The proposed model and formula are verified to be approximately accurate by comparing numerical results and simulation results.

Lateral movement attack performs malicious activities by infecting part of a network system first and then moving laterally to the left system in order to compromise more computers. It is widely used in various sophisticated attacks and plays a critical role. This paper aims to quantitatively analyze the transient security and dependability of a critical network system under lateral movement attacks, whose intruding capability increases with the increasing number of attacked computers. We propose a survivability model for capturing the system and adversary behaviors from the time instant of the first intrusion launched from any attacked computer to the other vulnerable computers until defense solution is developed and deployed. Stochastic Reward Nets (SRN) is applied to automatically build and solve the model. The formulas are also derived for calculating the metrics of interest. Simulation is carried out to validate the approximate accuracy of our model and formulas. The quantitative analysis can help network administrators make a trade-off between damage loss and defense cost.

Fog-Cloud framework is being regarded as a more promising technology to provide performance guarantee for IoT applications, which not only have higher requirements on computation resources, but also are delay and/or security sensitive. In this framework, a delay and security-sensitive computation task is usually divided into several sub-tasks, which could be offloaded to either fog or cloud computing servers, referred to as offloading destinations. Sub-tasks may exchange information during their processing and then have requirement on transmission bandwidth. Different destinations produce different completion delays of a sub-task, affecting the corresponding task delay. The existing offloading approaches either considered only a single type of offloading destinations or ignored delay and/or security constraint. This paper studies a computation offloading problem in the fog-cloud scenario where not only computation and security capabilities of offloading destinations may be different, but also bandwidth and delay of links may be different. We first propose a joint offloading approach by formulating the problem as a form of Mixed Integer Programming Multi-Commodity Flow to maximize the fog-cloud provider's revenue without sacrificing performance and security requirements of users. We also propose a greedy algorithm for the problem. Extensive simulation results under various network scales show that the proposed computation offloading mechanism achieves higher revenue than the conventional single-type computation offloading under delay and security constraints.