Providing Trusted Computing Services for Multi-access Edge Cloud Computing

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.advisorOliver, Ian
dc.contributor.authorTurcanu, Victor
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.supervisorGunn, Lachlan
dc.date.accessioned2021-08-29T17:08:42Z
dc.date.available2021-08-29T17:08:42Z
dc.date.issued2021-08-23
dc.description.abstractMulti-access Edge Cloud (MEC) is an emerging solution which aims to reduce the latency between the User Equipment (UE)/Internet-of-Things (IoT) devices and the decision making nodes. MEC may incorporate other cloud computing paradigms such as fog computing, in which IoT devices share their virtualized computation and storage resources for hosting MEC applications. Recent attacks such as those against Asus and SolarWinds have proved the necessity for extending the root of trust further back into software supply chain. For this reason, our focus is on Mobile Edge Network security, specifically on container image and instance integrity by using the Trusted Computing Model. We addressed this by extending the existing container lifecycle. The proposed container image signature format includes the information about the container image configuration along with the Build Environment (BE) integrity claims. The BE integrity claims are composed during the container image build, all of which are performed within an attestation session. With the provided information about the integrity of the build platform, the user is able to prevent the existing supply chain attacks and the compromise of the target host devices. Additionally, we implemented a container instance attestation mechanism within a MEC prototype and provided its implementation details. Our system implementation architecture consists of the following: an integrity attestation mechanism based on Trusted Computing Model (attestation server, trust agent, Trusted Platform Module), container images and instances, container image registry, IoT devices, and a certificate transparency log for storing the container image signatures. The resulting modeled mechanism is practical and applicable to consumer MEC cloud deployments, whose design is based on open standards and state-of-the-art solutions.en
dc.format.extent72+10
dc.format.mimetypeapplication/pdfen
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/109313
dc.identifier.urnURN:NBN:fi:aalto-202108298549
dc.language.isoenen
dc.programmeMaster’s Programme in Security and Cloud Computing (SECCLO)fi
dc.programme.majorSecurity and Cloud Computingfi
dc.programme.mcodeSCI3113fi
dc.subject.keywordclouden
dc.subject.keywordattestationen
dc.subject.keywordcontainersen
dc.subject.keywordMECen
dc.subject.keywordTPMen
dc.subject.keywordkubernetesen
dc.titleProviding Trusted Computing Services for Multi-access Edge Cloud Computingen
dc.typeG2 Pro gradu, diplomityöfi
dc.type.ontasotMaster's thesisen
dc.type.ontasotDiplomityöfi
local.aalto.electroniconlyyes
local.aalto.openaccessyes
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
master_Turcanu_Victor_2021.pdf
Size:
4.7 MB
Format:
Adobe Portable Document Format