Edge-cloud services are rapidly adopted. However, the increase in cyberattacks on these services presents significant challenges, including service interruptions, data breaches, and privacy violations. There is also an increased risk associated with Kubernetes, a widely-used container orchestration system, including Docker API abuse, exploitation of third-party applications, and shadow worm attacks. Further, the interconnection of edge-cloud networks makes them prone to network attacks like Distributed Denial of Service (DDoS) or Man-in-the-Middle (MitM) attacks that threaten data during transfers between pods, nodes, edge devices, and cloud servers. Additionally, navigating the complex landscape of regional and industry-specific regulations like the GDPR adds to the challenges in maintaining compliance across multiple data locations.

To address these issues, the Autopoietic Cognitive Edge-Cloud Services (ACES) aim to provide robust security measures alongside their core mission of providing a smart Edge-Cloud system. Our solution features a multi-layered, metric aggregation-based anomaly detection system designed to profile and monitor the behavior of entire systems as well as individual components such as containers, pods, and nodes. By integrating data across network, system, and application layers, ACES enhances its capacity to detect abnormal behaviors and quickly respond to malicious activities. The Technische Universität Darmstadt (TUDa) and Instituto de Engenharia de Sistemas e Computadores, Investigação e Desenvolvimento em Lisboa (INESC-ID) collaborate to build the security component of ACES. To do that, we propose several approaches to tackle various cyber threats on edge-cloud services as follows:

Authentication: We develop anonymous authentication schemes leveraging public key encryption that will explore the introduction of pseudonyms for efficiency. The methods to be deployed should also preserve client privacy after possible revocation, introducing a new abstraction of non-revocation proofs.

Audit: We introduce auditing tools to assess the correct level of ACES replication at the edge. In response to this challenge, we will develop storage-proof mechanisms designed to audit the location of data in distributed settings, such as the edge environment. The cryptographic proof should pinpoint data locality with millisecond precision despite the variations in network delays at the edge, and it should be able to detect SLA violations. This auditing tool further enables distributed entities to build trust at the edge.

Network and hardware security: We develop an ML-based attack detector that can detect attacks under encrypted traffic and unknown (zero-day) attacks. To address the main performance of existing systems—the overhead of the ML pipeline processing—we will develop a cross-platform malicious traffic detector. We aim to run the ML feature computation in a network switch. The ACES switch should process a diverse set of flow statistics as ML features of types without the need to inspect packet payloads. By computing features in the switch, we avoid the required packet sampling of state-of-the-art detectors to improve detection performance in the ACES Terabit network.

Container and Kubernetes Security: We build a framework that involves a systematic method to effectively analyze and evaluate anomaly detection models. We will develop novel defense approaches to detect cyberattacks on container and Kubernetes systems. Our approach will leverage advanced techniques, such as vulnerability scanning and dynamic deep-learning-based anomaly detection, to detect not only vulnerabilities but also attacks in real-time.

Distributed Machine Learning (ML) Security: We propose several security mechanisms to defend against data and model poisoning attacks, as well as inference attacks, in distributed learning systems like federated learning and split learning.

The collaborative efforts of TUDa and INESC-ID ensure comprehensive security coverage, from containers and Kubernetes to distributed machine learning, alongside dedicated components for authentication, auditing, and network security. This integrated approach enhances securing edge-cloud services and micro data centers against cyber threats, ensuring compliance and safeguarding data privacy across diverse regulatory landscapes.