Providing Trusted Computing Services for Multi-access Edge Cloud Computing

Loading...
Thumbnail Image
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Date
2021-08-23
Department
Major/Subject
Security and Cloud Computing
Mcode
SCI3113
Degree programme
Master’s Programme in Security and Cloud Computing (SECCLO)
Language
en
Pages
72+10
Series
Abstract
Multi-access Edge Cloud (MEC) is an emerging solution which aims to reduce the latency between the User Equipment (UE)/Internet-of-Things (IoT) devices and the decision making nodes. MEC may incorporate other cloud computing paradigms such as fog computing, in which IoT devices share their virtualized computation and storage resources for hosting MEC applications. Recent attacks such as those against Asus and SolarWinds have proved the necessity for extending the root of trust further back into software supply chain. For this reason, our focus is on Mobile Edge Network security, specifically on container image and instance integrity by using the Trusted Computing Model. We addressed this by extending the existing container lifecycle. The proposed container image signature format includes the information about the container image configuration along with the Build Environment (BE) integrity claims. The BE integrity claims are composed during the container image build, all of which are performed within an attestation session. With the provided information about the integrity of the build platform, the user is able to prevent the existing supply chain attacks and the compromise of the target host devices. Additionally, we implemented a container instance attestation mechanism within a MEC prototype and provided its implementation details. Our system implementation architecture consists of the following: an integrity attestation mechanism based on Trusted Computing Model (attestation server, trust agent, Trusted Platform Module), container images and instances, container image registry, IoT devices, and a certificate transparency log for storing the container image signatures. The resulting modeled mechanism is practical and applicable to consumer MEC cloud deployments, whose design is based on open standards and state-of-the-art solutions.
Description
Supervisor
Gunn, Lachlan
Thesis advisor
Oliver, Ian
Keywords
cloud, attestation, containers, MEC, TPM, kubernetes
Other note
Citation