Security Auditing in the Fog

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Technology specific expert knowledge is often required to analyse security configurations and determine potential vulnerabilities, but it becomes difficult when it is a new technology such as Fog computing. Furthermore, additional knowledge is also required regarding how the security configuration has been constructed in respect to an organisation's security policies. Traditionally, organisations will often manage their access control permissions relative to their employees needs, posing challenges to administrators. This problem is even exacerbated in Fog computing systems where security configurations are implemented on a large amount of devices at the edges of Internet, and the administrators are required to retain adequate knowledge on how to perform complex administrative tasks. In this paper, a novel approach of translating object-based security configurations in to a graph model is presented. A technique is then developed to autonomously identify vulnerabilities and perform security auditing of large systems without the need for expert knowledge. Throughout the paper, access control configuration data is used as a case study, and empirical analysis is performed on synthetically generated access control permissions.
LanguageEnglish
Title of host publicationProceedings of the Second International Conference on Internet of Things
Subtitle of host publicationData and Cloud Computing (ICC 2017)
Place of PublicationNew York
PublisherAssociation for Computing Machinery (ACM)
Number of pages9
ISBN (Electronic)9781450347747
DOIs
Publication statusPublished - 2017
EventInternational Conference on Internet of Things, Data and Cloud Computing 2017 - University of Cambridge, Cambridge, United Kingdom
Duration: 22 Mar 201723 Mar 2017
http://icc-conference.org/ (Link to Conference Website)

Conference

ConferenceInternational Conference on Internet of Things, Data and Cloud Computing 2017
Abbreviated titleICC'17
CountryUnited Kingdom
CityCambridge
Period22/03/1723/03/17
Internet address

Fingerprint

Fog
Access control
Security systems
Internet
Personnel

Cite this

Parkinson, S., Qin, Y., Khan, S., & Vallati, M. (2017). Security Auditing in the Fog. In Proceedings of the Second International Conference on Internet of Things: Data and Cloud Computing (ICC 2017) [a191] New York: Association for Computing Machinery (ACM). https://doi.org/10.1145/3018896.3056808
Parkinson, Simon ; Qin, Yongrui ; Khan, Saad ; Vallati, Mauro. / Security Auditing in the Fog. Proceedings of the Second International Conference on Internet of Things: Data and Cloud Computing (ICC 2017). New York : Association for Computing Machinery (ACM), 2017.
@inproceedings{a94bc47d36f64729acdab4ad5b5a3b01,
title = "Security Auditing in the Fog",
abstract = "Technology specific expert knowledge is often required to analyse security configurations and determine potential vulnerabilities, but it becomes difficult when it is a new technology such as Fog computing. Furthermore, additional knowledge is also required regarding how the security configuration has been constructed in respect to an organisation's security policies. Traditionally, organisations will often manage their access control permissions relative to their employees needs, posing challenges to administrators. This problem is even exacerbated in Fog computing systems where security configurations are implemented on a large amount of devices at the edges of Internet, and the administrators are required to retain adequate knowledge on how to perform complex administrative tasks. In this paper, a novel approach of translating object-based security configurations in to a graph model is presented. A technique is then developed to autonomously identify vulnerabilities and perform security auditing of large systems without the need for expert knowledge. Throughout the paper, access control configuration data is used as a case study, and empirical analysis is performed on synthetically generated access control permissions.",
keywords = "fog computing, Information security, security auditing, graph-based anomaly detection, graph-based anomaly detectio, synthetic data sets",
author = "Simon Parkinson and Yongrui Qin and Saad Khan and Mauro Vallati",
note = "Part F134890",
year = "2017",
doi = "10.1145/3018896.3056808",
language = "English",
booktitle = "Proceedings of the Second International Conference on Internet of Things",
publisher = "Association for Computing Machinery (ACM)",
address = "United States",

}

Parkinson, S, Qin, Y, Khan, S & Vallati, M 2017, Security Auditing in the Fog. in Proceedings of the Second International Conference on Internet of Things: Data and Cloud Computing (ICC 2017)., a191, Association for Computing Machinery (ACM), New York, International Conference on Internet of Things, Data and Cloud Computing 2017, Cambridge, United Kingdom, 22/03/17. https://doi.org/10.1145/3018896.3056808

Security Auditing in the Fog. / Parkinson, Simon; Qin, Yongrui; Khan, Saad; Vallati, Mauro.

Proceedings of the Second International Conference on Internet of Things: Data and Cloud Computing (ICC 2017). New York : Association for Computing Machinery (ACM), 2017. a191.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Security Auditing in the Fog

AU - Parkinson, Simon

AU - Qin, Yongrui

AU - Khan, Saad

AU - Vallati, Mauro

N1 - Part F134890

PY - 2017

Y1 - 2017

N2 - Technology specific expert knowledge is often required to analyse security configurations and determine potential vulnerabilities, but it becomes difficult when it is a new technology such as Fog computing. Furthermore, additional knowledge is also required regarding how the security configuration has been constructed in respect to an organisation's security policies. Traditionally, organisations will often manage their access control permissions relative to their employees needs, posing challenges to administrators. This problem is even exacerbated in Fog computing systems where security configurations are implemented on a large amount of devices at the edges of Internet, and the administrators are required to retain adequate knowledge on how to perform complex administrative tasks. In this paper, a novel approach of translating object-based security configurations in to a graph model is presented. A technique is then developed to autonomously identify vulnerabilities and perform security auditing of large systems without the need for expert knowledge. Throughout the paper, access control configuration data is used as a case study, and empirical analysis is performed on synthetically generated access control permissions.

AB - Technology specific expert knowledge is often required to analyse security configurations and determine potential vulnerabilities, but it becomes difficult when it is a new technology such as Fog computing. Furthermore, additional knowledge is also required regarding how the security configuration has been constructed in respect to an organisation's security policies. Traditionally, organisations will often manage their access control permissions relative to their employees needs, posing challenges to administrators. This problem is even exacerbated in Fog computing systems where security configurations are implemented on a large amount of devices at the edges of Internet, and the administrators are required to retain adequate knowledge on how to perform complex administrative tasks. In this paper, a novel approach of translating object-based security configurations in to a graph model is presented. A technique is then developed to autonomously identify vulnerabilities and perform security auditing of large systems without the need for expert knowledge. Throughout the paper, access control configuration data is used as a case study, and empirical analysis is performed on synthetically generated access control permissions.

KW - fog computing

KW - Information security

KW - security auditing

KW - graph-based anomaly detection

KW - graph-based anomaly detectio

KW - synthetic data sets

UR - http://icc-conference.org/

UR - http://www.scopus.com/inward/record.url?scp=85044678965&partnerID=8YFLogxK

U2 - 10.1145/3018896.3056808

DO - 10.1145/3018896.3056808

M3 - Conference contribution

BT - Proceedings of the Second International Conference on Internet of Things

PB - Association for Computing Machinery (ACM)

CY - New York

ER -

Parkinson S, Qin Y, Khan S, Vallati M. Security Auditing in the Fog. In Proceedings of the Second International Conference on Internet of Things: Data and Cloud Computing (ICC 2017). New York: Association for Computing Machinery (ACM). 2017. a191 https://doi.org/10.1145/3018896.3056808