Skip to content

A tool for security assessment of multi-service IoT application deployment in the Fog.

License

Notifications You must be signed in to change notification settings

di-unipi-socc/SecFog

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SecFog is a simple declarative prototype that can be used to find multi-service application deployments to Cloud-Edge infrastructures and to assess their security level based on specific application security requirements, available infrastructure security capabilities, and considering trust degrees in different Edge and Cloud providers. SecFog constitutes a first, well-founded and explainable effort towards this direction.

SecFog is written in the ProbLog2 language and it can be used together with existing approaches (e.g., FogTorchPi) that solve the problem of mapping IoT application services to Cloud-Edge infrastructures according to requirements other than security and trust.

SecFog methodology is fully described in the following journal paper:

Stefano Forti, Gian-Luigi Ferrari, Antonio Brogi
Secure Cloud-Edge Deployments, with Trust,
Future Generation Computer Systems, vol. 102, pp. 775-788, 2020.

The combined usage of default SecFog and FogTorchPi for optimising Cloud-Edge (a.k.a. Fog) application placements is illustrated in the following conference article:

Antonio Brogi, Gian-Luigi Ferrari, Stefano Forti
Secure Apps in the Fog: Anything to Declare?,
Advances in Service-Oriented and Cloud Computing (ESOCC2018). Communications in Computer and Information Science, vol 1115., Springer, 2020.

If you wish to reuse source code in this repo, please consider citing the above mentioned articles.

Example

Considering a single-service application, managing the weather data of a municipality, and an infrastructure composed of two (one Cloud and one Edge) nodes declared as follows:

%%% Application, specified by appOp
app(weatherApp, [weatherMonitor]).
securityRequirements(weatherMonitor, N) :-
    (anti_tampering(N); access_control(N)),
    (wireless_security(N); iot_data_encryption(N)).

%%% Cloud node, specified by cloudOp
node(cloud, cloudOp).
0.99::anti_tampering(cloud).
0.99::access_control(cloud).
0.99::iot_data_encryption(cloud).

%%% Edge node, specified by edgeOp
node(edge, edgeOp).
0.8::anti_tampering(edge).
0.9::wireless_security(edge).
0.9::iot_data_encryption(edge).

query(secFog(appOp,weatherApp,D)).

outputs the resulting secure deployments for the weatherApp, along with a value in the range [0,1] that represents their assessed security level (based on the declared effectiveness of infrastructure capabilities that are exploited by each possible deployment):

secFog(appOp,weatherApp,[d(weatherMonitor,cloud,cloudOp)]):    0.989901
  secFog(appOp,weatherApp,[d(weatherMonitor,edge,edgeOp)]):    0.8415

The AND-OR trees of the two ground programs that lead to the output results can be obtained automatically, by using ProbLog in ground mode.

alt text

The ProbLog engine performs an AND-OR graph search over the ground program to determine the query results. For instance, the value associated with securityRequirements(weatherMonitor,cloud) is obtained as:

alt text

As for the AND-OR graph of the ground program, also this proof can be obtained automatically, by using Problog in explain mode.

A trust network among different stakeholders can also be defined and included in the security assessment of eligible secure deployments:

%%% trust relations declared by appOp
.9::trusts(appOp, edgeOp).  
.9::trusts(appOp, ispOp).

%%% trust relations declared by edgeOp
.7::trusts(edgeOp, cloudOp1).
.8::trusts(edgeOp, cloudOp2).

%%% trust relation declared by cloudOp1
.8::trusts(cloudOp1, cloudOp2).

%%% trust relation declared by cloudOp2
.2::trusts(cloudOp2, cloudOp).

%%% trust relation declared ispOp
.8::trusts(ispOp, cloudOp).
.6::trusts(ispOp, edgeOp).

The example without considering trust can be run here, whilst the one that includes trust propagation can be run here.