Security Auditing in the Fog

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Citations (Scopus)

Abstract

Technology specific expert knowledge is often required to analyse security configurations and determine potential vulnerabilities, but it becomes difficult when it is a new technology such as Fog computing. Furthermore, additional knowledge is also required regarding how the security configuration has been constructed in respect to an organisation's security policies. Traditionally, organisations will often manage their access control permissions relative to their employees needs, posing challenges to administrators. This problem is even exacerbated in Fog computing systems where security configurations are implemented on a large amount of devices at the edges of Internet, and the administrators are required to retain adequate knowledge on how to perform complex administrative tasks. In this paper, a novel approach of translating object-based security configurations in to a graph model is presented. A technique is then developed to autonomously identify vulnerabilities and perform security auditing of large systems without the need for expert knowledge. Throughout the paper, access control configuration data is used as a case study, and empirical analysis is performed on synthetically generated access control permissions.
Original languageEnglish
Title of host publicationProceedings of the Second International Conference on Internet of Things
Subtitle of host publicationData and Cloud Computing (ICC 2017)
Place of PublicationNew York
PublisherAssociation for Computing Machinery (ACM)
Number of pages9
ISBN (Electronic)9781450347747
DOIs
Publication statusPublished - 2017
EventInternational Conference on Internet of Things, Data and Cloud Computing 2017 - University of Cambridge, Cambridge, United Kingdom
Duration: 22 Mar 201723 Mar 2017
http://icc-conference.org/ (Link to Conference Website)

Conference

ConferenceInternational Conference on Internet of Things, Data and Cloud Computing 2017
Abbreviated titleICC'17
Country/TerritoryUnited Kingdom
CityCambridge
Period22/03/1723/03/17
Internet address

Fingerprint

Dive into the research topics of 'Security Auditing in the Fog'. Together they form a unique fingerprint.

Cite this