Fog computing is a new paradigm that extends the Cloud platform model by providing computing resources on the edges of a network. It can be described as a cloud-like platform having similar data, computation, storage and application services, but is fundamentally different in that it is decentralized. In addition, Fog systems are capable of processing large amounts of data locally, operate on-premise, are fully portable, and can be installed on heterogeneous hardware. These features make the Fog platform highly suitable for time and location-sensitive applications. For example, Internet of Things (IoT) devices are required to quickly process a large amount of data. This wide range of functionality driven applications intensifies many security issues regarding data, virtualization, segregation, network, malware and monitoring. This paper surveys existing literature on Fog computing applications to identify common security gaps. Similar technologies like Edge computing, Cloudlets and Micro-data centres have also been included to provide a holistic review process. The majority of Fog applications are motivated by the desire for functionality and end-user requirements, while the security aspects are often ignored or considered as an afterthought. This paper also determines the impact of those security issues and possible solutions, providing future security-relevant directions to those responsible for designing, developing, and maintaining Fog systems.
The Internet of Vehicles (IoV) is the network of connected vehicles and transport infrastructure units (Roadside Units (RSU)), which utilizes emerging wireless systems (4G, 5G, LTE) for the communication and sharing of information. The network of connected vehicles enables users to disseminate critical information about events happening on the road (for example accidents, traffic congestions, and hazards). The exchange of information between vehicles and roadside units could improve the driving experience and road safety, as well as help drivers to identify the hazardous and safe routes in a timely manner. The sharing of critical information between vehicles is advantageous to the driver; however, at the same time, malicious actors could mislead drivers by spreading fraudulent and fake messages. Fraudulent messages can have a negative impact on the infrastructure, and more significantly, have potential to cause threats to life. It is therefore essential that vehicles can evaluate the credibility of those who send messages (vehicles or roadside units) before taking any action. In this paper, we present TrustVote, a collaborative crowdsourcing-based vehicle reputation system that enables vehicles to evaluate the credibility of other vehicles in a connected vehicular network. The TrustVote system allows participating vehicles to hide their rating/feedback scores and the list of interacted vehicles under a homomorphic cryptographic layer, which can only be unfolded as an aggregate. The proposed approach also considers the trust weight of a vehicle providing the rating scores while computing the aggregate reputation of the vehicles. A prototype of TrustVote is developed and its performance is evaluated in terms of the computational and communication overheads.
Vulnerability assessment and security configuration activities are heavily reliant on expert knowledge. This requirement often results in many systems being left insecure due to a lack of analysis expertise and access to specialist resources. It has long been known that a system's event logs provide historical information depicting potential security breaches, as well as recording configuration activities. However, identifying and utilising knowledge within the event logs is challenging for the non-expert. In this paper, a novel technique is developed to process security event logs of a computer that has been assessed and configured by a security professional, extract key domain knowledge indicative of their expert decision making, and automatically apply learnt knowledge to previously unseen systems by non-experts.The technique converts event log entries into an object-based model and dynamically extracts associative rules. The rules are further improved in terms of quality using a temporal metric to autonomously establish temporal-association rules and acquire a domain model of expert configuration tasks. The acquired domain model and problem instance generated from a previously unseen system can then be used to produce a plan-of-action, which can be exploited by non-professionals to improve their system's security. Empirical analysis is subsequently performed on 20 event logs, where identified plan traces are discussed in terms of accuracy and performance.
It is well established that file system permissions in large, multi-user environments can be audited to identify vulnerabilities with respect to what is regarded as standard practice. For example, identifying that a user has an elevated level of access to a system directory which is unnecessary and introduces a vulnerability. Similarly, the allocation of new file system permissions can be assigned following the same standard practices. On the contrary, and less well established, is the identification of potential vulnerabilities as well as the implementation of new permissions with respect to a system's current access control implementation. Such tasks are heavily reliant on expert interpretation. For example, the assigned relationship between users and groups, directories and their parents, and the allocation of permissions on file system resources all need to be carefully considered.This paper presents the novel use of statistical analysis to establish independence and homogeneity in allocated file system permissions. This independence can be interpreted as potential anomalies in a system's implementation of access control. The paper then presents the use of instance-based learning to suggest the allocation of new permissions conforming to a system's current implementation structure. Following this, both of the presented techniques are then included in a tool for interacting with Microsoft's New Technology File System permissions (NTFS). This involves experimental analysis on six different NTFS directories structures within different organisations. From using this tool we can establish the effectiveness of the developed techniques by evaluating the true positive and true negative instances. The presented results demonstrate the potential of the proposed techniques for overcoming complexities with real-world file system administration.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.