Establishing trust for secure elasticity in edge-cloud microservices

Abstract

Platform services are increasingly becoming distributed to improve the availability and latency of Industrial Internet of Things (IIoT) applications. Modern infrastructure services such as Kubernetes have enabled a seamless deployment of these platform services across the distributed edge and cloud subsystems. These infrastructure services support dynamic addition and removal of resources, and thus, they enable the elasticity of the edge-cloud platform services. However, these infrastructure services currently do not have a high-level view of platform services and make elasticity decisions based on low-level configurations provided by the stakeholder.

This thesis aims to support trust establishment in the elasticity operations of these edge-cloud platform services. We present the ZETA framework that introduces Zero Trust Architecture (ZTA) secure design paradigm into these elasticity operations. ZETA ensures trusted elasticity of platform services via contextual Gaussian Process Regression (GPR) based trust computation from the ``observed'' and ``service'' knowledge. Moreover, it supports elasticity delegation capabilities through a token-based platform-agnostic interaction model. Finally, ZETA allows the stakeholder to provide custom trust policies, fine-tune the trust algorithm and even extend it.

The evaluation of the ZETA framework on multiple real-world scenarios demonstrates its ability to support zero-trust elasticity in variety of operations. Moreover, the encouraging results from the performance evaluation exhibit a low resource utilization and delineate precise resource requirements of ZETA provisioning.