Security Assessment and Hardening of Fog Computing Systems
Carmine Cesarano
TL;DR
The paper addresses security challenges in fog/edge computing, where decentralization expands the attack surface across heterogeneous hardware and multi-tenant environments. It presents a structured approach consisting of secure middleware configuration and debloating, rigorous testing of secure inter-environment communication, and automated rehosting of embedded firmware to accelerate security testing. Key contributions include methodologies for Kubernetes debloating, fuzzing-based assessment of secure communications, and a data-driven peripheral emulation pipeline for embedded firmware, aided by hypervisor introspection. These efforts aim to improve the security posture of fog computing deployments, enabling safer adoption in cyber-physical systems and IoT domains with tangible tooling and workflows.
Abstract
In recent years, there has been a shift in computing architectures, moving away from centralized cloud computing towards decentralized edge and fog computing. This shift is driven by factors such as the increasing volume of data generated at the edge, the growing demand for real-time processing and low-latency applications, and the need for improved privacy and data locality. Although this new paradigm offers numerous advantages, it also introduces significant security and reliability challenges. This paper aims to review the architectures and technologies employed in fog computing and identify opportunities for developing novel security assessment and security hardening techniques. These techniques include secure configuration and debloating to enhance the security of middleware, testing techniques to assess secure communication mechanisms, and automated rehosting to speed up the security testing of embedded firmware.