Establishing trust for secure elasticity in edge-cloud microservices

Thumbnail Image

Files

master_Raj_Rohit_2021.pdf (3.39 MB)

URL

Journal Title

Journal ISSN

Volume Title

Perustieteiden korkeakoulu | Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.

Authors

Date

2021-10-18

Department

Major/Subject

Security and Cloud Computing

Mcode

SCI3113

Degree programme

Master’s Programme in Security and Cloud Computing (SECCLO)

Language

en

Pages

103+3

Series

Abstract

Platform services are increasingly becoming distributed to improve the availability and latency of Industrial Internet of Things (IIoT) applications. Modern infrastructure services such as Kubernetes have enabled a seamless deployment of these platform services across the distributed edge and cloud subsystems. These infrastructure services support dynamic addition and removal of resources, and thus, they enable the elasticity of the edge-cloud platform services. However, these infrastructure services currently do not have a high-level view of platform services and make elasticity decisions based on low-level configurations provided by the stakeholder. This thesis aims to support trust establishment in the elasticity operations of these edge-cloud platform services. We present the ZETA framework that introduces Zero Trust Architecture (ZTA) secure design paradigm into these elasticity operations. ZETA ensures trusted elasticity of platform services via contextual Gaussian Process Regression (GPR) based trust computation from the ``observed'' and ``service'' knowledge. Moreover, it supports elasticity delegation capabilities through a token-based platform-agnostic interaction model. Finally, ZETA allows the stakeholder to provide custom trust policies, fine-tune the trust algorithm and even extend it. The evaluation of the ZETA framework on multiple real-world scenarios demonstrates its ability to support zero-trust elasticity in variety of operations. Moreover, the encouraging results from the performance evaluation exhibit a low resource utilization and delineate precise resource requirements of ZETA provisioning.

Description

Supervisor

Truong, Hong-Linh

Thesis advisor

Truong, Hong-Linh

Keywords

distributed systems, cloud computing, edge computing, cloud security, microservice security, zero-trust architecture

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-202110249685

Collections

[dipl] Perustieteiden korkeakoulu / SCI