TY - JOUR
T1 - Vulnerability assessment as a service for fog-centric ICT ecosystems
T2 - A healthcare use case
AU - Nikoloudakis, Yannis
AU - Pallis, Evangelos
AU - Mastorakis, George
AU - Mavromoustakis, Constandinos X.
AU - Skianis, Charalabos
AU - Markakis, Evangelos K.
PY - 2019/1/1
Y1 - 2019/1/1
N2 - Modern ICT ecosystems such as healthcare environments (hospitals, care-centers etc.), operate in different abstraction layers (cloud, fog, extreme-edge) and comprise large numbers of network entities such as terminals, devices, sensors or even specialized appliances (virtual or physical). It is common in such environments, that several network entities with intermittent connectivity, join and leave the network in an unstructured and unsupervised manner (Wi-Fi access-points, BYOD policies, IoT, etc.). Such devices of frivolous nature, or even trusted devices/terminals, are prone to security vulnerabilities, since they are operated by regular, non-expert users who are not aware of any security aspects whatsoever. To effectively manage and proactively protect such large, complex and multilayered networks, dedicated personnel (system administrators, security specialists etc.) must be employed and specialized appliances must be deployed. On the other hand, modern cyber-warfare has become even more elaborate and insightful. Thus, ICT infrastructures must continuously evolve and adapt to the everchanging cyber-threats, which is a rather cumbersome and expensive task to accomplish. Towards addressing the above-mentioned issues, this paper proposes a cross-layered system, which leverages the Software Defined Networking (SDN) paradigm and the distributed Fog architecture, for network slicing and task offloading to provide dynamic, security-aware Vulnerability-Assessment as a service for large ICT infrastructures. The presented system provides seamless assessment for all existing and newly introduced network entities against all known security vulnerabilities, certifies them through a Common Vulnerability Scoring System (CVSS), classifies them according to the cyber-threat they introduce, and finally assigns them to a connectivity-appropriate VLAN. The presented system was preliminarily evaluated under a controlled-conditions simulation environment.
AB - Modern ICT ecosystems such as healthcare environments (hospitals, care-centers etc.), operate in different abstraction layers (cloud, fog, extreme-edge) and comprise large numbers of network entities such as terminals, devices, sensors or even specialized appliances (virtual or physical). It is common in such environments, that several network entities with intermittent connectivity, join and leave the network in an unstructured and unsupervised manner (Wi-Fi access-points, BYOD policies, IoT, etc.). Such devices of frivolous nature, or even trusted devices/terminals, are prone to security vulnerabilities, since they are operated by regular, non-expert users who are not aware of any security aspects whatsoever. To effectively manage and proactively protect such large, complex and multilayered networks, dedicated personnel (system administrators, security specialists etc.) must be employed and specialized appliances must be deployed. On the other hand, modern cyber-warfare has become even more elaborate and insightful. Thus, ICT infrastructures must continuously evolve and adapt to the everchanging cyber-threats, which is a rather cumbersome and expensive task to accomplish. Towards addressing the above-mentioned issues, this paper proposes a cross-layered system, which leverages the Software Defined Networking (SDN) paradigm and the distributed Fog architecture, for network slicing and task offloading to provide dynamic, security-aware Vulnerability-Assessment as a service for large ICT infrastructures. The presented system provides seamless assessment for all existing and newly introduced network entities against all known security vulnerabilities, certifies them through a Common Vulnerability Scoring System (CVSS), classifies them according to the cyber-threat they introduce, and finally assigns them to a connectivity-appropriate VLAN. The presented system was preliminarily evaluated under a controlled-conditions simulation environment.
KW - Cloud
KW - Fog
KW - Healthcare
KW - Vulnerability-Assessment
UR - http://www.scopus.com/inward/record.url?scp=85060703947&partnerID=8YFLogxK
U2 - 10.1007/s12083-019-0716-y
DO - 10.1007/s12083-019-0716-y
M3 - Article
AN - SCOPUS:85060703947
SN - 1936-6442
JO - Peer-to-Peer Networking and Applications
JF - Peer-to-Peer Networking and Applications
ER -