Today's Internet is seeing a massive shift from traditional client-server applications towards real-time, context-sensitive, and highly immersive applications. The fusion between Cyber-physical systems, The Internet of Things (IoT), Augmented/Virtual-Reality (AR/VR), and the Tactile Internet with the Human-in-the-Loop (TaHIL) means that Ultra-Reliable Low Latency Communication (URLLC) is a key functional requirement.
Mobile Edge Computing (MEC) has emerged as a network architectural paradigm to address such ever-increasing resource demands. MEC leverages networking and computational resource pools that are closer to the end-users at the far edge of the network, eliminating the need to send and process large volumes of data over multiple distant hops at central cloud computing data centers. Multiple 'cloudlets' are formed at the edge, and the access to resources is shared and federated across them over multiple network domains that are distributed over various geographical locations.
However, this federated access comes at the cost of a fuzzy and dynamically-changing network security perimeter because there are multiple sources of mobility. Not only are the end users mobile, but the applications themselves virtually migrate over multiple network domains and cloudlets to serve the end users, bypassing statically placed network security middleboxes and firewalls. This work aims to address this problem by proposing adaptive network security measures that can be dynamically changed at runtime, and are decoupled from the ever-changing network topology. In particular, we: 1) use the state of the art in programmable networking to protect MEC networks from internal adversaries that can adapt and laterally move, 2) Automatically infer application security contexts, and device vulnerabilities, then evolve the network access control policies to segment the network in such a way that minimizes the attack surface with minimal impact on its utility, 3) propose new metrics to assess the susceptibility of edge nodes to a new class of stealthy attacks that bypasses traditional statically placed Intrusion Detection Systems (IDS), and a probabilistic approach to pro-actively protect them.:Acknowledgments
Acronyms & Abbreviations
1 Introduction
1.1 Prelude
1.2 Motivation and Challenges
1.3 Aim and objectives
1.4 Contributions
1.5 Thesis structure
2 Background
2.1 A primer on computer networks
2.2 Network security
2.3 Network softwarization
2.4 Cloudification of networks
2.5 Securing cloud networks
2.6 Towards Securing Edge Cloud Networks
2.7 Summary
I Adaptive security in consumer edge cloud networks
3 Automatic microsegmentation of smarthome IoT networks
3.1 Introduction
3.2 Related work
3.3 Smart home microsegmentation
3.4 Software-Defined Secure Isolation
3.5 Evaluation
3.6 Summary
4 Smart home microsegmentation with user privacy in mind
4.1 Introduction
4.2 Related Work
4.3 Goals and Assumptions
4.4 Quantifying the security and privacy of SHIoT devices
4.5 Automatic microsegmentation
4.6 Manual microsegmentation
4.7 Experimental setup
4.8 Evaluation
4.9 Summary
II Adaptive security in enterprise edge cloud networks
5 Adaptive real-time network deception and isolation
5.1 Introduction
5.2 Related work
5.3 Sandnet’s concept
5.4 Live Cloning and Network Deception
5.5 Evaluation
5.6 Summary
6 Localization of internal stealthy DDoS attacks on Microservices
6.1 Introduction
6.2 Related work
6.3 Assumptions & Threat model
6.4 Mitigating SILVDDoS
6.5 Evaluation
6.6 Summary
III Summary of Results
7 Conclusion
7.1 Main outcomes
7.2 Future outlook
Listings
Bibliography
List of Algorithms
List of Figures
List of Tables
Appendix
| Identifer | oai:union.ndltd.org:DRESDEN/oai:qucosa:de:qucosa:84006 |
| Date | 07 March 2023 |
| Creators | Osman, Amr |
| Contributors | Strufe, Thorsten, Conti, Mauro, Fetzer, Christof, Schill, Alexander, Wollschlaeger, Martin, Technische Universität Dresden, KIT Karlsruhe |
| Source Sets | Hochschulschriftenserver (HSSS) der SLUB Dresden |
| Language | English |
| Detected Language | English |
| Type | info:eu-repo/semantics/publishedVersion, doc-type:doctoralThesis, info:eu-repo/semantics/doctoralThesis, doc-type:Text |
| Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0128 seconds