Secure Cloud-Edge Deployments, with Trust
This addresses security challenges for IoT deployments in multi-provider Cloud-Edge environments, though it appears incremental as it builds on existing declarative and trust-based approaches.
The paper tackles the problem of assessing security levels for IoT applications deployed across heterogeneous Cloud-Edge infrastructures by presenting a methodology that expresses security requirements and capabilities declaratively, enabling automatic and explainable assessments while considering trust relations among stakeholders.
Assessing the security level of IoT applications to be deployed to heterogeneous Cloud-Edge infrastructures operated by different providers is a non-trivial task. In this article, we present a methodology that permits to express security requirements for IoT applications, as well as infrastructure security capabilities, in a simple and declarative manner, and to automatically obtain an explainable assessment of the security level of the possible application deployments. The methodology also considers the impact of trust relations among different stakeholders using or managing Cloud-Edge infrastructures. A lifelike example is used to showcase the prototyped implementation of the methodology.