Secure Cloud-Edge Deployments, with Trust

Assessing the security level of IoT applications to be deployed to heterogeneous Cloud-Edge infrastructures operated by different providers is a non-trivial task. In this article, we present a methodology that permits to express security requirements for IoT applications, as well as infrastructure security capabilities, in a simple and declarative manner, and to automatically obtain an explainable assessment of the security level of the possible application deployments. The methodology also considers the impact of trust relations among different stakeholders using or managing Cloud-Edge infrastructures. A lifelike example is used to showcase the prototyped implementation of the methodology

Sustaining a federation of future internet experimental facilities

C

Hybrid clouds for data-Intensive, 5G-Enabled IoT applications: an overview, key issues and relevant architecture

Hybrid cloud multi-access edge computing (MEC) deployments have been proposed as efficient means to support Internet of Things (IoT) applications, relying on a plethora of nodes and data. In this paper, an overview on the area of hybrid clouds considering relevant research areas is given, providing technologies and mechanisms for the formation of such MEC deployments, as well as emphasizing several key issues that should be tackled by novel approaches, especially under the 5G paradigm. Furthermore, a decentralized hybrid cloud MEC architecture, resulting in a Platform-as-a-Service (PaaS) is proposed and its main building blocks and layers are thoroughly described. Aiming to offer a broad perspective on the business potential of such a platform, the stakeholder ecosystem is also analyzed. Finally, two use cases in the context of smart cities and mobile health are presented, aimed at showing how the proposed PaaS enables the development of respective IoT applications.Peer ReviewedPostprint (published version

Towards trustworthy end-to-end communication in industry 4.0

Industry 4.0 considers integration of IT and control systems with physical objects, software, sensors and connectivity in order to optimize manufacturing processes. It provides advanced functionalities in control and communication for an infrastructure that handles multiple tasks in various locations automatically. Automatic actions require information from trustworthy sources. Thus, this work is focused on how to ensure trustworthy communication from the edge devices to the backend infrastructure. We derive a meta-model based on RAMI 4.0, which is used to describe an end-to-end communication use case for an Industry 4.0 application scenario and to identify dependabilities in case of security challenges. Furthermore, we evaluate secure messaging protocols and the integration of Trusted Platform Module (TPM) as a root of trust for dataexchange. We define a set of representative measurable indicator points based on existing standards and use them for automated dependability detection within the whole system

From the Internet of Things to the social innovation and the economy of data

Historically, cities and their citizens have led the largest changes that have been taking place continuously, especially since the transition from an agricultural economy to an industrial one. This phenomenon is especially significant from the mid-eighteenth century and it will become more intense if the predictions that establish that, around the year 2050, approximately 70% of the world population will concentrate in some type of city finally come true. With these boundary conditions, it is evident that the achievement of more efficient and sustainable cities is an unavoidable objective for which politicians, managers and technicians must work in order to guarantee the quality of life of their citizens. Although this paradigm of sustainability and efficiency has always been present in the managers of cities, it has not been until very recently that technology has made available to the responsible parties a plethora of possibilities that, when properly employed, translate into significant savings. At the same time, the day-to-day improvement of the citizens is consolidating a new urban concept in which the different processes and systems that occur in it are continuously monitored in both time and space. This paper reviews the evolution of one of the pioneering examples of such cities, Santander, where an Internet of the Things infrastructure was deployed a decade ago. In this time, multiple technologies and services have been developed and deployed in smart city pilots. The paper discusses the key lessons learnt from the digitalization of the city and the new challenges that have arisen as we were paving the way for a smarter and more liveable city.This work has been funded by the Spanish Government (MINECO) under Grant Agreement No. RTI2018-093475-A-I00 FIERCE (Future Internet Enabled Resilient smart CitiEs) project

An Integrated Framework for the Methodological Assurance of Security and Privacy in the Development and Operation of MultiCloud Applications

x, 169 p.This Thesis studies research questions about how to design multiCloud applications taking into account security and privacy requirements to protect the system from potential risks and about how to decide which security and privacy protections to include in the system. In addition, solutions are needed to overcome the difficulties in assuring security and privacy properties defined at design time still hold all along the system life-cycle, from development to operation.In this Thesis an innovative DevOps integrated methodology and framework are presented, which help to rationalise and systematise security and privacy analyses in multiCloud to enable an informed decision-process for risk-cost balanced selection of the protections of the system components and the protections to request from Cloud Service Providers used. The focus of the work is on the Development phase of the analysis and creation of multiCloud applications.The main contributions of this Thesis for multiCloud applications are four: i) The integrated DevOps methodology for security and privacy assurance; and its integrating parts: ii) a security and privacy requirements modelling language, iii) a continuous risk assessment methodology and its complementary risk-based optimisation of defences, and iv) a Security and Privacy Service Level AgreementComposition method.The integrated DevOps methodology and its integrating Development methods have been validated in the case study of a real multiCloud application in the eHealth domain. The validation confirmed the feasibility and benefits of the solution with regards to the rationalisation and systematisation of security and privacy assurance in multiCloud systems

Liability-aware security management for 5G

​© 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Multi-party and multi-layer nature of 5G networks implies the inherent distribution of management and orchestration decisions across multiple entities. Therefore, responsibility for management decisions concerning end-to-end services become blurred if no efficient liability and accountability mechanism is used. In this paper, we present the design, building blocks and challenges of a Liability-Aware Security Management (LASM) system for 5G. We describe how existing security concepts such as manifests and Security-by-Contract, root cause analysis, remote attestation, proof of transit, and trust and reputation models can be composed and enhanced to take risk and responsibilities into account for security and liability management