Toward Automated Threat Modeling of Edge Computing Systems

Abstract

Edge computing brings processing and storage capabilities closer to the data sources, to reduce network latency, save bandwidth, and preserve data locality. Despite the clear benefits, this paradigm brings unprecedented cyber risks due to the combination of the security issues and challenges typical of cloud and Internet of Things (IoT) worlds. Notwithstanding an increasing interest in edge security by academic and industrial communities, there is still no discernible industry consensus on edge computing security best practices, and activities like threat analysis and countermeasure selection are still not well established and are completely left to security experts.In order to cope with the need for a simplified yet effective threat modeling process, which is affordable in presence of limited security skills and economic resources, and viable in modern development approaches, in this paper, we propose an automated threat modeling and countermeasure selection strategy targeting edge computing systems. Our approach leverages a comprehensive system model able to describe the main involved architectural elements and the associated data flow, with a focus on the specific properties that may actually impact on the applicability of threats and of associated countermeasures.