The Case for Robust Adaptation: Autonomic Resource Management is a Vulnerability

Autonomic resource management for distributed edge computing systems provides an effective means of enabling dynamic placement and adaptation in the face of network changes, load dynamics, and failures. However, adaptation in-and-of-itself offers a side channel by which malicious entities can extract valuable information. An attacker can take advantage of autonomic resource management techniques to fool a system into misallocating resources and crippling applications. Using a few scenarios, we outline how attacks can be launched using partial knowledge of the resource management substrate - with as little as a single compromised node. We argue that any system that provides adaptation must consider resource management as an attack surface. As such, we propose ADAPT2, a framework that incorporates concepts taken from Moving-Target Defense and state estimation techniques to ensure correctness and obfuscate resource management, thereby protecting valuable system and application information from leaking.

[1]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[2]  Renata Teixeira,et al.  SIOTOME: An Edge-ISP Collaborative Architecture for IoT Security , 2018 .

[3]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[4]  Raheem A. Beyah,et al.  Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems , 2016, NDSS.

[5]  Niraj K. Jha,et al.  A Comprehensive Study of Security of Internet-of-Things , 2017, IEEE Transactions on Emerging Topics in Computing.

[6]  Prashant J. Shenoy,et al.  Private Memoirs of IoT Devices: Safeguarding User Privacy in the IoT Era , 2018, 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS).

[7]  Ahmad-Reza Sadeghi,et al.  Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[8]  Biplab Sikdar,et al.  Physically secure mutual authentication for IoT , 2017, 2017 IEEE Conference on Dependable and Secure Computing.

[9]  Sibin Mohan,et al.  Securing Real-Time Internet-of-Things , 2017, Sensors.

[10]  Jun Kyun Choi,et al.  IoT gadget control on wireless AP at home , 2014, 2014 IEEE 11th Consumer Communications and Networking Conference (CCNC).

[11]  Matthias Lange,et al.  Cellpot: A Concept for Next Generation Cellular Network Honeypots , 2014 .

[12]  Morteza Zadimoghaddam,et al.  Overcommitment in Cloud Services Bin packing with Chance Constraints , 2016, SIGMETRICS.

[13]  Rodrigo Roman,et al.  Mobile Edge Computing, Fog et al.: A Survey and Analysis of Security Threats and Challenges , 2016, Future Gener. Comput. Syst..

[14]  Jie Xu,et al.  Socially trusted collaborative edge computing in ultra dense networks , 2017, SEC.

[15]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[16]  Dario Pompili,et al.  Maestro: Orchestrating Concurrent Application Workflows in Mobile Device Clouds , 2016, 2016 IEEE International Conference on Autonomic Computing (ICAC).

[17]  Zhe Liu,et al.  Securing Edge Devices in the Post-Quantum Internet of Things Using Lattice-Based Cryptography , 2018, IEEE Communications Magazine.

[18]  Ravishankar Borgaonkar,et al.  Weaponizing Femtocells: The Effect of Rogue Devices on Mobile Telecommunications , 2012, NDSS.

[19]  Emanuele Garone,et al.  False data injection attacks against state estimation in wireless sensor networks , 2010, 49th IEEE Conference on Decision and Control (CDC).

[20]  Daniel Dinu,et al.  EM Analysis in the IoT Context: Lessons Learned from an Attack on Thread , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[21]  Michael Tunstall,et al.  SoC It to EM: ElectroMagnetic Side-Channel Attacks on a Complex System-on-Chip , 2015, CHES.

[22]  Erik Elmroth,et al.  Calvin Constrained — A Framework for IoT Applications in Heterogeneous Environments , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[23]  Asaf Shabtai,et al.  Advanced Security Testbed Framework for Wearable IoT Devices , 2016, ACM Trans. Internet Techn..

[24]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[25]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[26]  J. Doug Tygar,et al.  Adversarial machine learning , 2019, AISec '11.