A secure framework for containerized IoT applications in integrated edge–cloud computing environments

IF 6.2 2区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS

Future Generation Computer Systems-The International Journal of Escience Pub Date : 2025-07-13 DOI:10.1016/j.future.2025.108010

Qifan Deng , Mohammad Goudarzi , Arash Shaghaghi , Majid Sarvi , Rajkumar Buyya

{"title":"A secure framework for containerized IoT applications in integrated edge–cloud computing environments","authors":"Qifan Deng , Mohammad Goudarzi , Arash Shaghaghi , Majid Sarvi , Rajkumar Buyya","doi":"10.1016/j.future.2025.108010","DOIUrl":null,"url":null,"abstract":"<div><div>The integration of edge and cloud computing combines low latency with high computational power, addressing the constraints of edge resources and high access latency inherent in cloud environments. This is essential for deploying Internet of Things (IoT) applications, which are mainly developed by Containers within these heterogeneous environments. However, the open, multi-user nature of edge computing, compounded by a lack of standardized practices, introduces substantial security challenges with severe economic implications. In response, we propose SecConEC, an economically driven framework designed to secure the deployment and execution of containerized IoT applications. We conducted systematic threat modeling using the STRIDE framework, explicitly incorporating quantitative economic risk assessment to identify and prioritize security threats based on their potential economic impacts. We particularly focus on tampering and resource hijacking threats. SecConEC implements robust yet lightweight mitigation and detection mechanisms informed by the MITRE ATT&CK framework through a Security Information and Event Management (SIEM) system. Also, SecConEC introduces a dynamic, security-aware scheduling mechanism that balances performance and security considerations, proactively mitigating economic risks associated with potential security threats. Extensive performance evaluation shows that SecConEC significantly mitigates prioritized threats, effectively securing IoT application deployment and execution in edge-cloud environments, while maintaining low service latency with a minimal performance overhead of 1.7%.</div></div>","PeriodicalId":55132,"journal":{"name":"Future Generation Computer Systems-The International Journal of Escience","volume":"174 ","pages":"Article 108010"},"PeriodicalIF":6.2000,"publicationDate":"2025-07-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Future Generation Computer Systems-The International Journal of Escience","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167739X2500305X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

The integration of edge and cloud computing combines low latency with high computational power, addressing the constraints of edge resources and high access latency inherent in cloud environments. This is essential for deploying Internet of Things (IoT) applications, which are mainly developed by Containers within these heterogeneous environments. However, the open, multi-user nature of edge computing, compounded by a lack of standardized practices, introduces substantial security challenges with severe economic implications. In response, we propose SecConEC, an economically driven framework designed to secure the deployment and execution of containerized IoT applications. We conducted systematic threat modeling using the STRIDE framework, explicitly incorporating quantitative economic risk assessment to identify and prioritize security threats based on their potential economic impacts. We particularly focus on tampering and resource hijacking threats. SecConEC implements robust yet lightweight mitigation and detection mechanisms informed by the MITRE ATT&CK framework through a Security Information and Event Management (SIEM) system. Also, SecConEC introduces a dynamic, security-aware scheduling mechanism that balances performance and security considerations, proactively mitigating economic risks associated with potential security threats. Extensive performance evaluation shows that SecConEC significantly mitigates prioritized threats, effectively securing IoT application deployment and execution in edge-cloud environments, while maintaining low service latency with a minimal performance overhead of 1.7%.

查看原文本刊更多论文

集成边缘云计算环境中容器化物联网应用的安全框架

边缘和云计算的集成结合了低延迟和高计算能力，解决了边缘资源的限制和云环境中固有的高访问延迟。这对于部署物联网（IoT）应用程序至关重要，这些应用程序主要由容器在这些异构环境中开发。然而，边缘计算的开放性、多用户特性，加上缺乏标准化实践，带来了巨大的安全挑战，并带来了严重的经济影响。作为回应，我们提出SecConEC，这是一个经济驱动的框架，旨在确保容器化物联网应用的部署和执行。我们使用STRIDE框架进行了系统的威胁建模，明确结合定量经济风险评估，根据其潜在的经济影响识别和优先考虑安全威胁。我们特别关注篡改和资源劫持威胁。SecConEC通过安全信息和事件管理（SIEM）系统，实现了由MITRE att&ck框架通知的强大而轻量级的缓解和检测机制。此外，SecConEC还引入了一种动态的、安全感知的调度机制，可以平衡性能和安全考虑，主动降低与潜在安全威胁相关的经济风险。广泛的性能评估表明，SecConEC显著减轻了优先级威胁，有效地保护了物联网应用程序在边缘云环境中的部署和执行，同时以最低的1.7%的性能开销保持了较低的服务延迟。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Future Generation Computer Systems-The International Journal of Escience 工程技术-计算机：理论方法

CiteScore

19.90

自引率

2.70%

发文量

376

审稿时长

10.6 months

期刊介绍： Computing infrastructures and systems are constantly evolving, resulting in increasingly complex and collaborative scientific applications. To cope with these advancements, there is a growing need for collaborative tools that can effectively map, control, and execute these applications. Furthermore, with the explosion of Big Data, there is a requirement for innovative methods and infrastructures to collect, analyze, and derive meaningful insights from the vast amount of data generated. This necessitates the integration of computational and storage capabilities, databases, sensors, and human collaboration. Future Generation Computer Systems aims to pioneer advancements in distributed systems, collaborative environments, high-performance computing, and Big Data analytics. It strives to stay at the forefront of developments in grids, clouds, and the Internet of Things (IoT) to effectively address the challenges posed by these wide-area, fully distributed sensing and computing systems.