Securing combined Fog-to-Cloud systems: challenges and directions

Nowadays, fog computing is emerged for providing computational power closer to the users. Fog computing brings real-time processing, lowlatency, geo-distributed and etc. Although, fog computing do not come to compete cloud computing, it comes to collaborate. Recently, Fog-To-Cloud (F2C) continuum system is introduced to provide hierarchical computing system and facilitates fog-cloud collaboration. This F2C continuum system might encounter security issues and challenges due to their hierarchical and distributed nature. In this paper, we analyze attacks in different layer of F2C system and identify most potential security requirements and challenges for the F2C continuum system. Finally, we introduce the most remarkable efforts and trends for bringing secure F2C system.This work is supported by the H2020 projects mF2C (730929). It is also supported by the Spanish Ministry of Economy and Competitiveness and the European Regional Development Fund both under contract RTI2018-094532-B-100.Peer ReviewedPostprint (author's final draft

Towards a resilient control architecture for combined fog-to-cloud systems

© 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.The capacity to efficiently manage the whole set of resources from the edge up to the cloud paves the way to a new landscape of innovative opportunities for all involved actors, be it on the research or industrial sides. Fog-to-Cloud (F2C) has been recently proposed as a management solution particularly tailored to manage the stack of resources from the edge up to the cloud in a coordinated way. However, beyond the benefits brought by considering all the spectrum of resources to run a service, resilience, as a concept must be reflected in the F2C design. In this paper, we address a particular scenario where a specific node failure in the F2C architecture will substantially impact on the whole system performance, and analyse three tentative strategies to efficiently manage such scenario.This work was partially supported by the H2020 mF2C project 730929 and for the UPC authors also by the Spanish Ministry of Economy and Competitiveness and by the European Regional Development Fund, under contract RTI2018-094532-B-I00.Peer ReviewedPostprint (author's final draft

A multidimensional control architecture for combined fog-to-cloud systems

The fog/edge computing concept has set the foundations for the deployment of new services leveraging resources deployed at the edge paving the way for an innovative collaborative model, where end-users may collaborate with service providers by sharing idle resources at the edge of the network. Combined Fog-to-Cloud (F2C) systems have been recently proposed as a control strategy for managing fog and cloud resources in a coordinated way, aimed at optimally allocating resources within the fog-to-cloud resources stack for an optimal service execution. In this work, we discuss the unfeasibility of the deployment of a single control topology able to optimally manage a plethora of edge devices in future networks, respecting established SLAs according to distinct service requirements and end-user profiles. Instead, a multidimensional architecture, where distinct control plane instances coexist, is then introduced. By means of distinct scenarios, we describe the benefits of the proposed architecture including how users may collaborate with the deployment of novel services by selectively sharing resources according to their profile, as well as how distinct service providers may benefit from shared resources reducing deployment costs. The novel architecture proposed in this paper opens several opportunities for research, which are presented and discussed at the final section.This work was supported by the H2020 EU mF2C project, ref. 730929 and for UPC authors, also by the Spanish Ministry of Economy and Competitiveness and the European Regional Development Fund under contract RTI2018-094532-B-I00.Peer ReviewedPostprint (author's final draft

Mechanisms for service-oriented resource allocation in IoT

Albeit several IoT applications have been recently deployed in several fields, including environment and industry monitoring, Smart Home, Smart Hospital and Smart Agriculture, current deployments are mostly host-oriented, which is undoubtedly limiting the attained benefits brought up by IoT. Indeed, future IoT applications shall benefit from service-oriented communications, where the communication establishment between end-points is not dependent on prior knowledge of the host devices in charge of providing the service execution. Rather, an end-user service execution request is mapped into the most suitable resources able to provide the requested service. Furthermore, this model is a key enabler for the design of future services in Smart Cities, e-Health, Intelligent Transportation Systems, among other smart scenarios. Recognized the benefits of this model in future applications, considerable research effort must be devoted for addressing several challenges yet unsolved, such as the ones brought up by the high dynamicity and heterogeneity inherent to these scenarios. In fact, service-oriented communication requires an updated view of available resources, mapping service requests into the most suitable resources taking several constraints and requirements into account, resilience provisioning, QoS-aware service allocation, just to name a few. This thesis aims at proposing and evaluating mechanisms for efficient resource allocation in service-oriented IoT scenarios through the employment of two distinct baseline technologies. In the first approach, the so-called Path Computation Element (PCE), designed to decouple the host-oriented routing function from GMPLS switches in a centralized element, is extended to the service-oriented PCE (S-PCE) architecture, where a service identifier (SID) is used to identify the service required by an end-user. In this approach, the service request is mapped to one or a set of resources by a 2-steps mapping scheme that enables both selection of suitable resources according to request and resources characteristics, and avoidance of service disruption due to possible changes on resources¿ location. In the meantime, the inception of fog computing, as an extension of the cloud computing concept, leveraging idle computing resources at the edge of the network through their organization as highly virtualized micro data centers (MDC) enabled the reduction on the network latency observed by services launched at edge devices, further reducing the traffic at the core network and the energy consumption by network and cloud data center equipment, besides other benefits. Envisioning the benefits of the distributed and coordinated employment of both fog and cloud resources, the Fog-to-Cloud (F2C) architecture has been recently proposed, further empowering the distributed allocation of services into the most suitable resources, be it in cloud, fog or both. Since future IoT applications shall present strict demands that may be satisfied through a combined fog-cloud solution, aligned to the F2C architecture, the second approach for the service-oriented resource allocation, considered in this thesis, aims at providing QoS-aware resource allocation through the deployment of a hierarchical F2C topology, where resource are logically distributed into layers providing distinct characteristics in terms of network latency, disruption probability, IT power, etc. Therefore, distinct strategies for service distribution in F2C architectures, taking into consideration features such as service transmission delay, energy consumption and network load. Concerning the need for failure recovery mechanisms, distinct demands of heterogeneous services are considered in order to assess distinct strategies for allocation of protection resources in the F2C hierarchy. In addition, the impact of the layered control topology on the efficient allocation of resources in F2C is further evaluated. Finally, avenues for future work are presented.Aunque son ya varias las aplicaciones que se han desarrollado en el área de IoT, especialmente en el campo ambiental, Smart Home o Smart Health, las implementaciones actuales son en su mayoría ¿host-oriented¿, lo que sin duda limita sus potenciales beneficios. Una posible estrategia para reducir esos efectos negativos se centra en que las futuras aplicaciones se beneficien de las comunicaciones orientadas a servicios, ¿service-oriented¿, donde el establecimiento de comunicación entre puntos finales no depende del conocimiento previo de los hosts a cargo de proporcionar la ejecución del servicio. En este escenario, una solicitud de ejecución de servicio se asigna a los recursos más adecuados capaces de proporcionar el servicio solicitado. Este modelo se considera clave para el despliegue de futuros servicios en Smart Cities, e-Health, Intelligent Transportation Systems, etc. Reconocidos los beneficios de este modelo en las aplicaciones futuras, un substancial esfuerzo de investigación es necesario para abordar varios desafíos aún no resueltos, como los surgidos por la alta dinámica y heterogeneidad inherente a estos escenarios. De hecho, la comunicación service-oriented requiere una vista actualizada de los recursos disponibles, así como la asignación de solicitudes de servicio en los recursos más adecuados teniendo en cuenta varias restricciones y requisitos. Esta tesis tiene como objetivo proponer y evaluar mecanismos para la asignación eficiente de recursos en escenarios IoT orientados a servicios a través del empleo de dos tecnologías básicas distintas. En el primer enfoque, el llamado Path Computation Element (PCE), diseñado para desacoplar la función de enrutamiento de los conmutadores GMPLS hacia un elemento centralizado, se extiende generando la arquitectura service-oriented PCE (S-PCE). En S-PCE se utiliza un identificador de servicio (SID) para identificar el servicio requerido por un usuario final, y la solicitud se asigna, bien a uno o bien a un conjunto de recursos, mediante un esquema de asignación de 2 pasos que permite la selección de los recursos adecuados, evitando la interrupción del servicio debido a posibles cambios en la ubicación de los recursos. Mientras tanto, el inicio de Fog computing, como una extensión de Cloud computing, basado conceptualmente en aprovechar la infraestructura y los recursos inactivos en el extremo de la red a través de su organización como micro data centers (MDC), ha supuesto la reducción de la latencia de la red para los servicios lanzados por dispositivos localizados en el extremo de la red, reduciendo el tráfico en el centro de la red (backbone) así como el consumo de energía, además de otros beneficios. Asumiendo las ventajas de la utilización distribuida y coordinada de los recursos fog y cloud, la arquitectura Fog-to-Cloud (F2C) ha sido recientemente propuesta, destinada a potenciar la asignación distribuida de servicios en los recursos más adecuados, sea en cloud, fog o ambos. Dado que las futuras aplicaciones IoT deben presentar demandas que podrían ser satisfechas a través de una solución alineada con la arquitectura F2C, el segundo enfoque para la asignación de recurso orientado a servicio, considerado en esta tesis, tiene como objetivo proporcionar una asignación de recursos mediante el despliegue de una topología F2C, donde los recursos se distribuyen lógicamente en capas que proporcionan características distintas en términos de latencia de red, probabilidad de interrupción, etc. Así, se proponen distintas estrategias para la distribución de servicios, teniendo en cuenta características tales como QoS y consumo de energía. Con respecto a la necesidad de mecanismos de recuperación de fallos, se evalúan distintas estrategias para la asignación de recursos de protección en la jerarquía F2C. Además, se evalúa el impacto de la topología de control en capas sobre la asignación eficiente de recursos en F2C. Finalmente, las sugerencias para trabajos futuros son presentadas