Edge computing brings processing and storage capabilities closer to the data sources, to reduce network latency, save bandwidth, and preserve data locality. Despite the clear benefits, this paradigm brings unprecedented cyber risks due to the combination of the security issues and challenges typical of cloud and Internet of Things (IoT) worlds. Notwithstanding an increasing interest in edge security by academic and industrial communities, there is still no discernible industry consensus on edge computing security best practices, and activities like threat analysis and countermeasure selection are still not well established and are completely left to security experts.In order to cope with the need for a simplified yet effective threat modeling process, which is affordable in presence of limited security skills and economic resources, and viable in modern development approaches, in this paper, we propose an automated threat modeling and countermeasure selection strategy targeting edge computing systems. Our approach leverages a comprehensive system model able to describe the main involved architectural elements and the associated data flow, with a focus on the specific properties that may actually impact on the applicability of threats and of associated countermeasures.
Casola V., Benedictis A.D., Mazzocca C., Montanari R. (2021). Toward automated threat modeling of edge computing systems. 345 E 47TH ST, NEW YORK, NY 10017 USA : Institute of Electrical and Electronics Engineers Inc. [10.1109/CSR51186.2021.9527937].
Toward automated threat modeling of edge computing systems
Mazzocca C.;Montanari R.
2021
Abstract
Edge computing brings processing and storage capabilities closer to the data sources, to reduce network latency, save bandwidth, and preserve data locality. Despite the clear benefits, this paradigm brings unprecedented cyber risks due to the combination of the security issues and challenges typical of cloud and Internet of Things (IoT) worlds. Notwithstanding an increasing interest in edge security by academic and industrial communities, there is still no discernible industry consensus on edge computing security best practices, and activities like threat analysis and countermeasure selection are still not well established and are completely left to security experts.In order to cope with the need for a simplified yet effective threat modeling process, which is affordable in presence of limited security skills and economic resources, and viable in modern development approaches, in this paper, we propose an automated threat modeling and countermeasure selection strategy targeting edge computing systems. Our approach leverages a comprehensive system model able to describe the main involved architectural elements and the associated data flow, with a focus on the specific properties that may actually impact on the applicability of threats and of associated countermeasures.| File | Dimensione | Formato | |
|---|---|---|---|
|
IEEECSR2021.pdf
accesso aperto
Tipo:
Postprint
Licenza:
Licenza per accesso libero gratuito
Dimensione
475.79 kB
Formato
Adobe PDF
|
475.79 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
