Abstract
Recently, to match the emerging demands for multi-site edge clouds, the cloud-based information and communication technology (ICT) infrastructure is rapidly expanding. To protect distributed edge-based cloud assets from networking-based threats by recognizing suspicious traffic, cloud operators should monitor the overall underlying topology to categorize and identify diversified networking packet traffic, flowing through various paths among virtualized and containerized cloud nodes. Perimeter-based networking security, which employs security appliances in fixed locations, cannot address this visibility challenge. As a result, in this paper, we propose the SmartX Multi-tier Security (Multi-Sec) framework, which aims to provide intuitive and systematic visibility for multi-site edge-cloud security. SmartX Multi-Sec abstracts the underlying networking topology among multi-site edge clusters as multiple onion-ring-based tiers of physical, virtualized, and containerized cloud nodes. It also provides collective DevSecOps automation features for monitoring, visualizing, and filtering targeted networking traffic from the respective tiers of the abstracted networking topology. The resulting flow-centric visibility using SmartX Multi-Sec can be featured with extended Berkeley Packet Filter and eXpress Data Path (eBPF/XDP)-leveraged lightweight flow capture and filtering, three-dimensional onion-ring visualization, and automated deployment of DevSecOps functions. By integrating these features, the Proof-of-Concept (PoC)-version of the SmartX Multi-Sec framework is realized to verify the flexible and scalable flow-centric security for multi-site cloud-native edge clouds.
Highlights
W ITH the rapid growth of the Internet of things and 5G mobile networks, edge computing is widely adopted to address demanding resource requirements for AIleveraged edge services such as high networking bandwidth, low latency, and security improvement [1]–[4]
The complicated underlying topology naturally leads to diversified edge-cloud networking paths, which can be abused as wide attack surfaces by suspicious behavior flows
We propose the SmartX Multi-Sec framework as a flow-centric visibility framework with collective DevSecOps features that can correspond to respective monitoring, visualization, and reaction steps for edge-cloud security
Summary
W ITH the rapid growth of the Internet of things and 5G mobile networks, edge computing is widely adopted to address demanding resource requirements for AIleveraged edge services such as high networking bandwidth, low latency, and security improvement [1]–[4]. Along with this technology trend, by intensively adopting virtualization and containerization, cloud-native-style clouds are becoming popular for emerging information and communication technology (ICT) infrastructure [5], [6]. Security posts monitor and control adjacent cloud nodes and services in respective edge clusters by utilizing open-source DevSecOps automation tools. By coordinating the security posts, the playground tower can expand its management coverage to all edge clusters
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
