Security Services Platform for the Protection of Edge Scenarios
Spanish Ministry of Science and Innovation (PID2019-110565RB-I00)
Since its conception, the Edge Computing paradigm has evolved very rapidly. The advantages of this hierarchical and semi-distributed infrastructure, which brings the virtualization services of Cloud Computing closer to their users, are numerous. Because of this, Edge Computing can be applied to multiple application areas, including the Internet of industrial things, or IIoT, and the Internet of Vehicles, or IoV. In addition, there are multiple companies such as Amazon, Microsoft, and Google that already offer IoT services on the Edge, and foundations such as LF EDGE that provide open source Edge infrastructures.
Security, being one of the most critical aspects of Edge Computing, has always been considered as an essential requirement since the birth of the paradigm. From the point of view of the protection of the Edge very own infrastructure, several mechanisms and tools are already available to protect communications, identify users and control access to infrastructure elements, and manage the safe operation of virtualized environments; although some aspects remain to be resolved, such as the existence of virtualization hardware with limited resources and the protection of technologies such as SDN and NFV. However, security within the Edge not only offers challenges but also opportunities – in the form of the deployment of ‘Security as a Service’ solutions.
At present, the availability of adaptive and deployable security services in the Edge that could be used by all actors (infrastructure and service providers, users) is very limited. It is necessary to create services such as credential management, trust and reputation, intrusion detection and evidence management, secure storage systems, and user privacy, which take into account how the specific features of the Edge can influence its design and integration in the infrastructure. In addition, it is necessary to have a platform that allows not only the management of the life cycle of the various deployed SecaaS, but also the interaction and cooperation between the various services.
It is then the main objective of the SecurEDGE project to provide both i) a security services platform and ii) a set of security and privacy services that can protect the interaction between entities and the management of the information cycle. As a result, within the project we will design and develop the components of a platform (SecureEDGE platform) that will provide support for both the management of the life cycle of SecaaS services deployed in the Edge, and the interactions between such services and other Edge entities. In addition, various SecaaS services deployed on the Edge will be designed and developed in the areas mentioned above. Finally, two testbeds will be specified in areas - IIoT and IoV - on which the Edge is considered a critical element. These testbeds will then be used to integrate and validate the SecureEDGE platform and the SecaaS services developed within the project.