Advances, Systems and Applications
From: Fog computing security: a review of current applications and security solutions
Attack category | Possible threats | Possible solutions | Impact |
---|---|---|---|
Virtualization issues | Hypervisor attacks VM-based attacks Weak or no Logical Segregation Side channel attacks Privilege Escalation Service abuse Privilege escalation attacks Inefficient resource policies | Multi-factor Authentication Intrusion Detection System User data isolation Attribute/identity based encryption Role-Based Access Control model User-based permissions model Process isolation | As all services and VMs are executing in a virtualized environment, its compromise will have adverse effect on all Fog services, data and users |
Web security issues | SQL injection Cross-site scripting Cross-site request forgery Session/Account hijacking Insecure direct object references Malicious redirections Drive-by attacks | Secure code Find and patch vulnerabilities Regular software updates Periodic auditing Firewall Anti-virus protection Intrusion Prevention System | Exposure of sensitive information, attacker can become legitimate part of network, and enable malicious applications to install |
Internal/external communication issues | Man-in-the-Middle attack Inefficient rules/policies Poor access control Session/Account hijacking Insecure APIs and services Application vulnerabilities Single-point of failure | Encrypted communication Mutual/Multi-factor authentication Partial encryption Isolating compromised nodes Certificate pinning Limiting number of connections Transport layer security (TLS) | Attacker can acquire sensitive information by eavesdropping and get access to unauthorized Fog resources |
Data security related issues | Data replication and sharing Data altering and erasing attacks Illegal data access Data ownership issues Low attack tolerance Malicious Insiders Multi-tenancy issues Denial of Service attacks | Policy enforcement Security inside design architecture Encryption Secure key management Obfuscation Data Masking Data classification Network monitoring | High probability of illegal file and database access, where attacker can compromise both user and Fog system’s data |
Wireless security issues | Active impersonation Message replay attacks Message distortion issues Data loss Data breach Sniffing attacks Illegal resource consumption | Authentication Encrypted communication Key management service Secure routing Private network Wireless security protocols | Vulnerable wireless access points can compromise communication privacy, consistency, accuracy, availability and trustworthiness |
Malware protection | Virus Trojans Worms Ransomware Spyware Rootkits Performance reduction | Anti-malware programs Intrusion Detection System Rigorous data backups Patching vulnerabilities System restore points | Malware infected nodes will lower the performance of the entire Fog platform, allow back-doors to the system and corrupt/damage data permanently |