علوم رایانش و فناوری اطلاعات

امنیت در پردازش لبه‌ای: مروری بر چالش‌ها و راه‌کارهای موجود

نویسندگان

دانشکده مهندسی کامپیوتر، دانشگاه صنعتی شریف ، تهران، ایران

چکیده

 در دنیای امروزپردازش ابری در گسترش کاربردهای اینترنت اشیا سهم قابل توجهی دارد. برخورداری از منابع نامحدود و پشتیبانی از دستگاه‌های ناهمگون ویژگی‌هایی از پردازش ابری بوده که برای اینترنت اشیا بسیار سودمند هستند. با گسترش کاربردهای اینترنت اشیا، ویژگی‌هایی چون تاخیر زمان پاسخ و پهنای باند شبکه بیش از پیش اهمیت پیدا کرده‌اند. از جمله این کاربردها می‌توان به واقعیت مجازی/افزوده و بازی‌های برخط گروهی اشاره کرد. معماری کنونی پردازش ابری به طور کامل پاسخ‌گوی این نیازها (تاخیر و پهنای باند مورد نیاز) نیست. برای رفع این محدودیت‌ها، رویکرد جدیدی به نام پردازش لبه‌ای مطرح شده است. در این رویکرد یک لایه از دستگاه‌ها با قابلیت ذخیره‌سازی، مدیریت و پردازش اطلاعات، بین مرکز داده و دستگاه‌های کاربر قرار می‌گیرد. این لایه قبل از ارسال داده‌ به ابر مرکزی، قسمتی یا تمام فرآیند پردازش داده‌ را انجام می‌دهد. به دلیل نزدیکی این لایه به کاربر، در صورتی که پردازش در این لایه انجام شود، به طور میانگین تاخیر انتقال و پردازش داده کاهش می‌یابد. از سویی دیگر، ترافیک شبکه گسترده نیز به دلیل ارسال داده پس از پردازش اولیه به سمت ابر مرکزی، کاهش پیدا خواهد کرد. علی‌رغم مزایا و بهبودهای پردازش لبه‌ای نسبت به پردازش ابری، این رویکرد به دلیل ماهیت توزیع‌شده و عواملی همچون پشتیبانی از کاربران متحرک با چالش‌های فراوانی رو‌به‌رو است. از جمله‌ی این چالش‌ها می‌توان به مجازی‌سازی، مدیریت منابع، برون‌سپاری وظایف، امنیت، حریم خصوصی و توزیع گره‌های پردازشی اشاره کرد. در این پژوهش علاوه بر معرفی پردازش لبه‌ای، معماری، ویژگی‌ها و کاربردهای این رویکرد بررسی می‌شوند. در ادامه، به چالش‌های امنیتی پردازش لبه‌ای و راه‌حل‌های موجود برای پاسخ‌گویی به این مسائل پرداخته شده‌است.

کلیدواژه‌ها

  • [1] N. Alhebaishi, L. Wang, S. Jajodia, and A. Singhal, "Threat Modeling for Cloud Data Center Infrastructures," In International Symposium on Foundations and Practice of Security. Springer, Cham, pp. 302-319, 2016.
  • [2] P. Liu, D. Willis, and S. Banerjee, "ParaDrop: Enabling Lightweight Multi-tenancy at the Network’s Extreme Edge," in IEEE/ACM Symposium on Edge Computing, washingtion DC, pp. 1-13 , 2016.
  • [3] S. Nastic, H.L. Truong, and S. Dustdar, "A Middleware Infrastructure for Utility-based Provisioning of IoT Cloud Systems," in IEEE/ACM Symposium on Edge Computing, washington DC, pp. 28-40, 2016.
  • [4] M. Satyanarayanan, "The Emergence of Edge Computing," Computer, vol. 50, no. 1, pp. 30 - 39, 2017.
  • [5] M. Satyanarayanan, G. Lewis , E. Morris, S. Simanta, J. Boleng, and K. Ha, "The role of cloudlets in hostile environments," IEEE Pervasive Computing, vol. 12, no. 4, pp. 40-49, 2013.
  • [6] پریسا حسنی‌زاده، خالد دغلاوی، محمد حسین فرزام، علی رسایی، سیاوش بیات سرمدی، "ﻧﮕﺎﻫﻲ ﺑﺮ ﭘﺮدازش ﻟﺒﻪ: ﻣﺰاﻳﺎ، ﭼﺎﻟﺶ‌ها و اﻣﻨﻴت،" در مجموعه مقالات بیست و سومین کنفرانس ملی سالانه انجمن کامپیوتر ایران, تهران, 1396.
  • [7] T.D. Dang and D. Hoang, "A data protection model for fog computing," in Second International Conference on Fog and Mobile Edge Computing (FMEC), pp. 32-38 , 2017.
  • [8] I. Stojmenovic, SH. Wen, X. Huang and H. Luan, "An overview of Fog computing and its security issues," Concurrency and Computation: Practice and Experience, vol. 28, no. 10, pp. 2991-3005, 2016.
  • [9] R. Roman, J. Lopez, and M. Mambo., "Mobile edge computing, fog et al.: A survey and analysis of security threats and challenges," Future Generation Computer Systems, vol. 78, pp. 680-698, 2018.
  • [10] S. YiEmail, Zh. Qin, and Q. Li, "Security and Privacy Issues of Fog Computing: A Survey," in International Conference on Wireless Algorithms, Systems, and Applications, pp. 685-695, 2015.
  • [11] P. Hu, S. Dhelim, H. Ning, and T. Qiu., "Survey on fog computing: architecture, key technologies, applications and open issues," Journal of Network and Computer Applications, vol. 98 , pp. 27-42, 2017.
  • [12] A. Yousefpour, C. Fung, T. Nguyen, K. Kadiyala, F. Jalali, A. Niakanlahiji, J. Kong, and J.P. Jue., "All one needs to know about fog computing and related edge computing paradigms: A complete survey," Journal of Systems Architecture, Elsevier, 2019.
  • [13] M. Satyanarayanan, P. Bahl, R. Caceres, and N. Davies, "The Case for VM-Based Cloudlets in Mobile Computing," IEEE Pervasive Computing , vol. 8, no. 4, pp. 1-10 , 2009.
  • [14] F. Bonomi, R. Milito, J. Zhu, and S. Addepalli, "Fog computing and its role in the internet of things," in MCC "12 Proceedings of the first edition of the MCC workshop on Mobile cloud computing, pp. 13-16, 2012.
  • [15] Y. Ch. Hu, M. Patel, D. Sabella, N. Sprecher, and V. Young, "Mobile Edge Computing a key technology towards 5G," ETSI (European Telecommunications Standards Institute), pp. 1-16 , 2015.
  • [16] H.T. Dinh, C. Lee, D. Niyato, and P. Wang, "A survey of mobile cloud computing: architecture, applications, and approaches," Wireless communications and mobile computing, vol. 13, no. 18, pp. 1587-1611, 2013.
  • [17] Open Edge Computing Initiative, [Online]. Available: http://openedgecomputing.org.
  • [18] SH. Mortazavi, M. Salehe, CS. Gomes, and C. Phillips, "CloudPath: A Multi-Tier Cloud Computing Framework," in IEEE/ACM Symposium on Edge Computing, p. 20 , 2017.
  • [19] C. Streiffer, A. Srivastava, V. Orlikowski, N. Raval, A. Machanavajjhala, L. P. Cox, Y. Velasco, and V. Martin, "ePrivateEye: To the Edge and Beyond!," in IEEE/ACM Symposium on Edge Computing, p. 18 , 2017.
  • [20] K. Bhardwaj, M. Shih, P. Agarwal, A. Gavrilovska, T. Kim, and K. Schwan, "Fast, scalable and secure onloading of edge functions using AirBox," in IEEE/ACM Symposium on Edge Computing, pp. 14-27 , 2016.
  • [21] G Grassi, K Jamieson, P Bahl, and G Pau, "ParkMaster: An in–vehicle, edge–based video analytics service for detecting open parking spaces in urban environments," in IEEE/ACM Symposium on Edge Computing, p. 16, 2017.
  • [22] B. Qi, L. Kang, and S. Banerjee, "A Vehicle-based Edge Computing Platform for Transit and Human Mobility Analytics," in IEEE/ACM Symposium on Edge Computing, p. 1 , 2017.
  • [23] G. Kar, S. Jain, M. Gruteser, J. Chen, F. Bai, and R Govindan, "PreDriveID: Pre-Trip Driver Identification from In-Vehicle Data," in IEEE/ACM Symposium on Edge Computing, p. 2 , 2017.
  • [24] S. Echeverría, D. Klinedinst, K. Williams, and G. A. Lewis, "Establishing Trusted Identities in Disconnected Edge Environments," in IEEE/ACM Symposium on Edge Computing, pp. 51-63, 2016.
  • [25] Z. Chen, W. Hu, J. Wang, S. Zhao, B. Amos, G. Wu, K. Ha, K. Elgazzar, P. Pillai, R. Klatzky, and D. Siewiorek, "An Empirical Study of Latency in an Emerging Class of Edge Computing Applications for Wearable Cognitive Assistance," in IEEE/ACM Symposium on Edge Computing, p. 14 , 2017.
  • [26] P. Hua, S. Dhelima, H. Ninga, and T. Qiud, "Survey on fog computing: architecture, key technologies, applications and open issues," Journal of Network and Computer Applications, vol. 98, pp. 27-42, 2017.
  • [27] S. Khan, S. Parkinson, and Y. Qin, "Fog computing security: a review of current applications and security solutions," Journal of Cloud Computing, vol. 6, no. 1, p. 19, 2017.
  • [28] M. B. Mollah, M. A. K. Azad, and A. Vasilakos, "Security and privacy challenges in mobile cloud computing: Survey and way ahead," Journal of Network and Computer Applications, vol. 84, pp. 38-54, 2017.
  • [29] Z. Kozhirbayev and R.O. Sinnott, "A performance comparison of container-based technologies for the cloud," Future Generation Computer Systems, vol. 68, pp. 175-182, 2017.
  • [30] Y. Guan, J. Shao, G. Wei, and M. Xie, "Data Security and Privacy in Fog Computing," IEEE Network, vol. 99, pp. 1-6, 2018.
  • [31] M. Almorsy, J. Grundy, and I. Müller, "An analysis of the cloud computing security problem," arXiv preprint, 2016.
  • [32] P. Li, J. Li , Z. Huang, CZ. Gao, WB. Chen , and K. Chen, "Privacy-preserving outsourced classification in cloud computing," Cluster Computing, vol. 21 , no. 1, pp. 277-286, 2017.
  • [33] J. Li, X. Tan, X. Chen, DS. Wong, and F. Xhafa, "OPoR: enabling proof of retrievability in cloud computing with resource-constrained devices," EEE Transactions on cloud computing , vol. 3, no. 2, pp. 195-205, 2015.
  • [34] S. Mangard, E. Oswald, and T. Popp, Power analysis attacks: Revealing the secrets of smart cards, Springer Science & Business Media, 2008.
  • [35] D. Fu and X. Peng, "TPM-based remote attestation for Wireless Sensor Networks," Tsinghua Science and Technology, vol. 21, no. 3, pp. 312-321, 2016.
  • [36] T. C. Group, "Trusted Platform Module TPM Summary," 2008. [Online]. Available: https://trustedcomputinggroup.org/trusted-platform-module-tpm-summary/. [Accessed 2017].
  • [37] A. Gosain, M. Berman, M. Brinn, T. Mitchell, C. Li, Y. Wang, H. Jin, J. Hua, and H. Zhang, "Enabling Campus Edge Computing using GENI Racks and Mobile Resources," in IEEE/ACM Symposium on Edge Computing, pp. 41-50, 2016.
  • [38] X. Huang, Y. Xiang, E. Bertino, J. Zhou, and L. Xu, "Robust Multi-Factor Authentication for Fragile Communications," IEEE Transactions on Dependable and Secure Computing, vol. 11, no. 6, pp. 568–581, 2014.
  • [39] V. Vassilakis, I. P. Chochliouros, A. S. Spiliopoulou, E. Sfakianakis, M. Belesioti, N. Bompetsis, M. Wilson, C. Turyagyenda, and A. Dardamanis, "Security Analysis of Mobile Edge Computing in Virtualized Small Cell Networks," in Ch. 12th IFIP International Conference on Artificial Intelligence Applications and Innovations (AIAI 2016), pp. 653-665, 2016.
  • [40] C. Dsouza, G. J. Ahn, and M. Taguinod, "Policy-driven Security Management for Fog Computing: Preliminary Framework and a Case Study," in Proceedings of the IEEE 15th International Conference on Information Reuse and Integration (IRI), pp. 16-23, 2014.
  • [41] S. Shin, and G. Gu, "CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?)," in 20th IEEE International Conference on Network Protocols (ICNP), pp. 1-6 , 2012.
  • [42] N. Bizanis and F. Kuipers, "SDN and Virtualization Solutions for the Internet of Things: A Survey," IEEE Access, vol. 4, pp. 5591 - 5606, 2016.
  • [43] A. Mtibaa, K. Harras, and H. Alnuweiri, "Friend or Foe? Detecting and Isolating Malicious Nodes in Mobile Edge Computing Platforms," in IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom’15) , pp. 42-49 , 2015.
  • [44] K. Gai, M. Qiu, L. Tao and Y. Zhu, "Intrusion detection techniques for mobile cloud computing in heterogeneous 5G," Security and Communication Networks, vol. 9, no. 16, pp. 3049-3058, 2016.
  • [45] Y. Shi, S. Abhilash, and K. Hwang, "Cloudlet mesh for securing mobile clouds from intrusions and network attacks," in 3rd IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud), pp. 109-118, 2015.
  • [46] R. Perez., R. Sailer, and L. van Doorn, "vTPM: virtualizing the trusted platform module," in Proc. 15th Conf. on USENIX Security Symposium, pp. 305-320, 2006.
  • [47] N. Paladi, C. Gehrmann, and A. Michalas, "Providing user security guarantees in public infrastructure clouds," IEEE Transactions on Cloud Computing, vol. 5, no. 3, pp. 405-419, 2017.
  • [48] S. Jin, J. Ahn, J. Seol, S. Cha, J. Huh, and S. Maeng, "H-svm: Hardware-assisted secure virtual machines under a vulnerable hypervisor," IEEE Transactions on Computers, vol. 64, no. 10, pp. 2833-2846, 2015.
  • [49] M. Zolotukhin, and T. Hamalainen, "Detection of zero-day malware based on the analysis of opcode sequences," in IEEE 11th Consumer Communications and Networking Conference (CCNC), pp. 386-391, 2014.
  • [50] P.M. Comar, L. Liu, S. Saha, P.N. Tan, and A. Nucci, "Combining supervised and unsupervised learning for zero-day malware detection," in Proceedings of IEEE INFOCOM, pp. 2022-2030, 2013.
  • [51] D. Kirat, G. Vigna, and C. Kruegel, "BareCloud: Bare-metal Analysis-based Evasive Malware Detection," in USENIX Security Symposium, pp. 287-301, 2014.
  • [52] G. Suarez-Tangil, J. E. Tapiador, P. Peris-Lopez, and A. Ribagorda, "Evolution, detection and analysis of malware for smart devices," IEEE Communications Surveys & Tutorials, vol. 16, no. 2, pp. 961-987, 2014.
  • [53] S. Suguna and A. Suhasini, "Overview of data backup and disaster recovery in cloud," in International Conference on Information Communication and Embedded Systems (ICICES), pp. 1-7, 2014.
  • [54] L. Zeng, S. Xu, and Y. Wang, "VMBackup: an efficient framework for online virtual machine image backup and recovery," Concurrency and Computation: Practice and Experience, vol. 28, no. 9, pp. 2630-2643, 2016.
  • [55] "Security on Arm TrustZone," Arm, 2018. [Online]. Available: https://www.arm.com/products/security-on-arm/trustzone. [Accessed 2018].
  • [56] I. Anati, S. Gueron, S. Johnson, and V. Scarlata, "Innovative technology for CPU based attestation and sealing," in Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy, pp. 1-6 , 2013.
  • [57] J. Jang, C. Choi, J. Lee, , N. Kwak, S. Lee, Y. Choi. and B. Kang, "PrivateZone: Providing a Private Execution Environment using ARM TrustZone," IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 5, pp. 797-810, 2016.
  • [58] L. Guan, P. Liu, X. Xing, X. Ge, S. Zhang, M. Yu, and T. Jaeger, "TrustShadow: Secure execution of unmodified applications with ARM trustzone," in Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services. ACM, pp. 488-501 , 2017.
علوم رایانش و فناوری اطلاعات
دوره 17، شماره 1
بهار و تابستان
اردیبهشت 1398