FogAware is a research project that faces two topics in the domain of Fog Computing: resource orchestration and security. With fog computing, many heterogeneous devices, e.g., from Arduino-like microcontrollers to smart cameras or System On Chip computers, will be enrolled in a unique pool of abstract resources that have to be efficiently managed. This is translated into the need for designing and testing new application-aware resource management algorithms, which is exactly the first main focus of the project. The other main topic of the project concerns security. With fog computing, the edge devices that are part of the platform may become the Achille's heel of a whole application. These devices can in fact often much more easily hacked than a cloud server. For example, smart plugs use a fully flagged web server exposing REST end-points for the switch on/off commands and a simple port scan attack may reveal important information of the device. FogAware will address this issue by studying new algorithms for security monitoring and device attestation.
The aim of objective 1 (Design cooperative distributed orchestration algorithms for fog computing) is designing new management algorithms that are application-aware. By this term, we mean algorithms that take management decisions based on the Quality of Service required by the application. The expected results of the project will contribute to advance the current state- of-the-art in the way cooperation has to be addressed in the context of Fog Computing.
More specifically, in scheduling optimizations at the local fog node, there is a significant gap in terms of consideration of latency/reliability constraints, possibly expressed at the application layer. Moreover, there is a need to consider lightweight virtualization technology e.g., container-based, and focus on the management and representation of resource-limited hosting nodes (most of the works are concentrated on VMs and on datacenter-like execution nodes such as the ones expected in ETSI-MEC deployment environments). To achieve the goal of the objective, we will concentrate on devising new proactive migration strategies (anticipated task replication/movement to reduce latency and increase reliability), and on to the more technically challenging stateful migration with differentiated strategies for different state layers ¿ see above. As an addon, we will rely on the new emergent Function-as-a-Service paradigm, exploiting the fine-grained scaling and resource usage benefits it embodies.
The major breakthrough of Objective 2, lies in modeling and studying fog-to-fog cooperation as a distributed system of autonomous entities, taking online, task-optimal scheduling decisions. Though the model resembles cooperation in peer-to-peer systems, the fog computing model has its own peculiarities, like trusting that the result of an offloaded task is indeed the outcome of execution. For example, in the case of object recognition, this means to trust that all the objects are correctly analyzed with the accuracy required. This activity will continue the results reported in [ber18]. One promising approach is to exploit randomization algorithms for their lack of centralized control entities [ber20]. These algorithms will take migration costs, such as energy transmission, delay, execution speed as well as application-specific deployment criteria into account[gon18].
Objective 3 aims to develop new security protocols for Fog Networks. In particular, we propose new swarm attestation protocols, tailored for Fog Networks and novel approaches for attack triage that leverages state-of-the-art process mining techniques [ses04] to support security analysts in the identification and analysis of malevolent behaviours.
We will propose to analyse logs consisting of incoming (observed) attacks and discover a process model representing an up-to-date picture of the attacks recorded in the log that changes over time as soon as new attacks are recorded. New observed traces can be prioritized by aligning them to the model and then calculating their fitness score (the smaller the score, the larger the priority). We argue that this novel approach allows building accurate attack detection models that can be used both to recognize known behaviours and to quickly identify new attack patterns, correctly categorizing them with respect to what the model contains.
[ber18] R. Beraldi, A. Mtibaa, H.Alnuweiri, ¿CICO: A Credit-Based Incentive Mechanism for COoperative Fog Computing Paradigms¿ IEEE Global Communications Conference (GLOBECOM), 2018
[ber20] R. Beraldi, G. Proietti Mattia, ¿Power of random choices made efficient for fog computing¿, in Transaction on Cloud Computing 2020. Early access available
[gon18] D. Gonçalves, K. Velasquez, M. Curado, L. Bittencourt and E. Madeira, "Proactive Virtual Machine Migration in Fog Environments," 2018 IEEE Symposium on Computers and Communications (ISCC), Natal, 2018, pp. 00742-00745, doi: 10.1109/ISCC.2018.8538655.
[ses04] A. Seshadri, A. Perrig, L. Van Doorn, and P. Khosla. ¿SWATT: Software-based attestation for embedded devices¿, In Proceedings of the 2004 IEEE Symposium on Security & Privacy, IEEE S&P ¿04, 2004.