Int. J. Internet Technology and Secured Transactions, Vol. 5, No. 3, 2014
Secure the edge? Understanding the risk towards
wireless grids Edgeware technology
Tyson Brooks*, Michelle Kaarst-Brown,
Carlos Caicedo, Joon Park and
Lee W. McKnight
School of Information Studies,
Syracuse University,
Syracuse, NY, 13244, USA
E-mail: ttbrooks@syr.edu
E-mail: mlbrow03@syr.edu
E-mail: ccaicedo@syr.edu
E-mail: jspark@syr.edu
E-mail: lmcknigh@syr.edu
*Corresponding author
Abstract: This article contributes to the foundational understanding of the
security vulnerabilities and risk towards wireless grid Edgeware technology.
Since communication networks and devices are subject to becoming the target
of exploitation by hackers (e.g., individuals who attempt to gain unauthorised
access to computer systems), these individuals are gaining ever-increasing
knowledge of the often widely-reported exploitable vulnerabilities in these
types of innovative technologies; and thus are able to craft increasingly
effective computer network attacks (CNA) against such technologies. This
research responds to the overall proposition: what security vulnerability
enumerations would contribute to the degradation and risk in using a wireless
grid Edgeware application in a virtualised cloud environment? Using
supporting research pertaining to cyber-attacks and vulnerabilities towards a
wireless cloud (e.g., the integration of a cloud computing and a wireless grid
architecture), security vulnerabilities in virtualisation environments and specific
vulnerabilities exploited against a wireless grid Edgeware application, this
research provides a greater understanding of the practical ways wireless grid
Edgeware technology can be attacked and the risk in utilising this technology.
Keywords: wireless grids; Edgeware; information security; risk management;
hacking; cyber-attack; edge computing; cloud computing; virtualisation
Reference to this paper should be made as follows: Brooks, T.,
Kaarst-Brown, M., Caicedo, C., Park, J. and McKnight, L.W. (2014) ‘Secure
the edge? Understanding the risk towards wireless grids Edgeware technology’,
Int. J. Internet Technology and Secured Transactions, Vol. 5, No. 3,
pp.191–222.
Biographical notes: Tyson Brooks works for the US Department of Defense
(DoD), is a co-Director for the Wireless Grids Testbed (WiGiT) at Syracuse
University and is an IEEE senior member. He has more than 20 years of
professional experience in the design, development and production of complex
information systems/architectures, as well as leading the effort to develop
secure information systems architectures for the US DoD. His research interests
are in the fields of cyber-security, information assurance, information security
architecture and internet of things architectures. He received his Doctorate in
Information Management from Syracuse University.
Copyright © 2014 Inderscience Enterprises Ltd.
191
192
T. Brooks et al.
Michelle Kaarst-Brown is an Assistant Professor at the School of Information
Studies at Syracuse University and has over 20-years in management and
consulting in the financial services industry. Her prior work experience in
organisational development, human resources management, marketing, project
management, quality business, research, and strategic management provide her
with a holistic view of organisations and their strategic problems. She has
received her PhD in Organisational Theory/Organisational Behaviour, and
Management Information Systems from York University. She has published in
a number of top academic and professional journals including MIS
Quarterly, MIS Quarterly Executive, Information Technology and People,
Journal of Strategic Information Systems, Journal of Organisational Change
Management, Journal of Global Information Management, and CIO Canada.
She currently serves on the editorial board of MIS Quarterly Executive, and is a
former AE for MIS Quarterly and the Journal of Enterprise Architecture.
Carlos Caicedo is an Assistant Professor at the School of Information Studies at
Syracuse University and Director of the Center for Convergence and Emerging
Network Technologies (CCENT). He received his PhD in Information Science
from the University of Pittsburgh and holds MSc in Electrical Engineering
from the University of Texas at Austin and from the Universidad de los Andes,
Colombia. He has been a Teaching Fellow at the University of Pittsburgh as
well as an Instructor Professor at the Universidad de los Andes in Colombia.
His research interests are in the areas of new wireless markets and technologies
and also in security for future data environments.
Joon Park has been involved with theoretical/practical research and education
in Cybersecurity, publishing more than 90 peer-refereed research papers in the
area. He is Syracuse University’s Point of Contact (POC) at the Center of
Academic Excellence (CAE) in Information Assurance (IA)/Cyber Defense
(CD) and CAE-R (Research), which are designated by the National Security
Agency (NSA) and the Department of Homeland Security (DHS). He has been
the lead faculty member in developing the security curriculum at the iSchool,
including the Certificate of Advanced Study (CAS) in Information Security
Management (ISM). He served as the Founding Director of the CAS ISM
programme for the last decade (2003 to 2013). During his sabbatical (Fall 2011
to Summer 2013), his research in Cybersecurity was sponsored by the US
National Research Council (NRC), National Academies, as an NRC Fellow.
Lee W. McKnight is a Kauffman Professor of Entrepreneurship and Innovation
and an Associate Professor in the iSchool (The School of Information Studies),
Syracuse University; Founder and member of the Board of Directors of
Wireless Grids Corporation; as well as a founding member of the Board of
Directors of Summerhill Biomass Systems. His research focuses on virtual
markets and wireless grids, the global information economy, national and
international technology policy, and internet governance and policy. He was an
Associate Professor and Director of the Edward R. Murrow Center at the
Fletcher School of Law and Diplomacy, Tufts University; Principal Research
Associate and Lecturer at MIT, and Founder of the Internet Telephony
Consortium, also at MIT. He received his PhD in 1989 from MIT.
This paper is a revised and expanded version of a paper entitled ‘A failure to
communicate: security vulnerabilities in the GridStreamX Edgeware
application’ presented at 8th International Conference for Internet Technology
and Secured Transactions (ICITST-2013), London, UK, 9–12 December 2013.
Secure the edge?
1
193
Introduction
Complex computing architectures are an operational imperative and challenge throughout
an organisation. Evolving information systems and information technology (IT)
architectures challenge existing approaches to information security. With the evolution
and adoption of new and innovative forms of IT (e.g., virtualisation, cloud computing,
wireless grids, etc.), new architectures using this IT may render many existing
information security techniques ineffective. As organisations adopt new enterprise
computing business models with the integration of intelligent mobile devices (e.g.,
Smartphone’s, iPads, etc.) and social media (e.g., Facebook, Twitter, etc.), these
architectures will become highly control dependent on automated networks and systems
with open, less secure architectures. Organisations seek to control these new systems and
networks through the development and use of new technologies, including IT
[Kaarst-Brown and Robey, (1999), p.192]. Often, support for these architectures requires
the connection of IT for interoperability with varying degrees of threats (e.g., a negative
event to cause harm to a computer system), vulnerabilities (e.g., weakness in computer
networks/systems) and risks (e.g., possibility of harm or loss) (Gelbstein and Kamāl,
2002). Such connectivity and interoperability is often done without a sound
understanding of the hostile environment in which each system is operating, the
vulnerabilities existing within each system, the additional vulnerabilities caused by the
connectivity amongst the operating environment, or the full magnitude of the
consequences to support operations that can result from a successful exploitation
(Lang et al., 2006). In short, the actual threats, vulnerabilities and risk being incurred
from these environments, whether autonomously or separately, are still not well
understood.
‘Distributed’ computing, a computing methodology that harnesses the power of many
machines linked together for a common purpose, gives unlimited computing power to
individual users (Sloman, 1994). As complex computing environments increase, the
nature of these distributed systems and their associated vulnerabilities are known to an
increasing set of malicious individuals (e.g., hackers) who want to break into and exploit
their vulnerabilities [Thomas, (2003), p.3]. Today, access to these complex systems,
exploitation tools, and the ability, or lack thereof, to detect exploitation are factors
placing these information systems using IT at ever increasing risks (Thomas, 2003).
Because of the abundance of hardware, software and computing devices needed for these
multi-connected complex systems, the concept of end-to-end security becomes critical.
Known as the ‘C-I-A’ triad of information security, the major security issues of
confidentiality (or loss of authorisation), integrity (or loss of information accuracy), and
availability (or uninterrupted use of information) for these types of environments also
require an unprecedented dependence on secure information communication (Bernard
and Ho, 2009; Tipton, 2010). One form of distributed computing through a dynamic
virtual network that exists only while it’s in use is known as a wireless grid.
McKnight et al. (2004) define wireless grids as an ad-hoc dynamic sharing of
physical and virtual resources among heterogeneous devices [see Figure 1(a)]. Wireless
grid architectures and platforms enable heterogeneous resource discovery and sharing
through the formation of wireless grid virtual networks (McKnight et al., 2012). The
wireless grid or ‘grid’ is software-driven, serverless, infrastructureless (in the sense of
dedicated infrastructure) and is made possible by the ‘grid core’ which is a piece of
194
T. Brooks et al.
software that is installed on any grid-enabled device consisting of a common core library
with binding for the local environment (Treglia et al., 2011) [see Figure 1(b)]. Radio
components support the connectivity for wireless grid, and also carry the information
exchanging functionalities among heterogeneous nodes (McKnight et al., 2013). Each
communication node has at least one radio and this radio provides the connectivity
between the service request node and service nodes, or between the service request node
and one access point (AP) to wired networks, which connects the service nodes
(McKnight et al., 2013). The radio components may support both remote access
(supported with cellular networks or Wi-Fi networks) and local access (supported with
shorter-range wireless standards, such as Bluetooth and Zigbee) (Treglia et al., 2011;
McKnight et al., 2013). Ad hoc or mesh networks are an option for connectivity when
hierarchical systems are not available or a different option is preferred and coexistence
mechanisms among multiple radios may be defined by each system (McKnight et al.,
2013). Through the radio components, wireless grids can intelligently and dynamically
interconnect users at multiple sites, transfer digital media, assume and respond to
different equipment types, and adapt to low power conditions and diminished
communications capabilities (McKnight et al., 2012).
Figure 1
The wireless grid Edgeware, (a) WiGiT open framework (b) Edgeware grid core
(see online version for colours)
(a)
(b)
Source: Wireless Grid Innovation Testbed [WiGiT] and Wireless Grids
Corporation
Edgeware is similar to ‘edge computing’, where the data and computing power is
processed away from a centralised point to the edges of a network (Lin et al., 2007).
Edgeware is a new class of software applications enabling ad hoc connection of people,
devices, software and services in a personal cloud, supported by a personal cyber
infrastructure (Treglia et al., 2011). The vertical boxes, in Figure 1(b) represent
‘Edgeware’ applications that reside on a user interface (UI), which in turn reside on an
application programme interface (API), and may represent dozens or hundreds of
different sorts of mini-programmes that enable different kinds of resource sharing and
functionality (Treglia et al., 2010). Edgeware technology is specifically designed for
Secure the edge?
195
software applications deployed on wireless grids utilising virtualisation and cloud
technologies and refers to the software capability to deploy network ‘edge’ devices (e.g.,
nodes1) without the dependency of a central server for processing (McKnight et al.,
2012).
Edge devices are routers, switches, routing switches, integrated access devices (IAD),
multiplexers, and a variety of metropolitan area network (MAN)/wide area network
(WAN) access devices that provide entry points into enterprise or carrier/service provider
core networks which translate between one type of network protocol and another
(Sheldon, 2012). Edgeware applications can dynamically make use of content and
resources present in devices – Smartphone’s, laptops, personal computer’s (PC), cameras,
printers, screens, etc. – through connectivity via a wireless grid (McKnight et al., 2012).
Edgeware applications are typically delivered as a service on wireless grid platforms and
come in two primary varieties: GRiDLET’s (i.e., proprietary Edgeware applications) and
WiGLET’s (i.e., non-proprietary open Edgeware applications).
This article presents the information security risk for implementing wireless grid
Edgeware technology in an organisation’s virtualised cloud environment. Although
highly innovative, this new information system model alters the security models of
traditional security policies and presents a growing concern regarding the C-I-A triad
threat to information security from hackers (e.g., individuals who attempt to gain
unauthorised access to computer systems) gaining ever-increasing knowledge of
exploitable vulnerabilities in this type of technology.
2
Background
In today’s hostile cyber environment, hacker’s are continuously evolving their attack
methodologies and targets. With the increasing growth of these new and innovative
technologies, such as cloud computing, virtualisation, wireless grids, etc., dependency on
the ‘the cloud’ makes it an increasingly attractive target for hackers. Hackers are creating
entirely new classes of attacks that are even more difficult to discover. Hackers
opportunistically scan the internet to find and infect computer systems that are
mis-configured or lack current software security patches (Wilson, 2003). These new
classes of attacks are emerging rapidly as with the evolution of network technologies and
with each new ‘killer’ application that comes along. Since hackers have grown adept at a
wide range of attacks, including theft of confidential information, implanting and
remotely executing malicious code and launching denial-of-service (DoS) attacks
(von Hippel and Paradiso, 2008). Highly-skilled hacker’s use automated tools that are
also very sophisticated, and their effects are initially much more difficult for computer
security staff and security technology products to detect (Wilson, 2003). Hackers
are gaining ever-increasing knowledge of the often widely-reported exploitable
vulnerabilities in innovative technologies and thus are able to craft increasingly effective
attacks against these applications which incorporate these technologies.
Unfortunately, the unique properties of the cloud make it difficult to counter these
attacks. The high processing speed and tight coupling of these systems enables attacks to
progress much faster than humans can react; the large scale, coupled with the ability of
hacker’s to encrypt and hide sensitive information, makes it difficult to observe and
attribute a hacker’s activities. The process of running multiple services on the same
196
T. Brooks et al.
servers and network elements (i.e., virtualisation) means that compromising one
(perhaps) less secure service enables hackers to attack another.
Through the cohesion of understanding the vulnerabilities of a wireless cloud,
virtualisation and a wireless grid Edgeware application (i.e., GridStreamX), this article
sets the foundation for discovering new compromises on wireless grid Edgeware
technology and contributes to the foundational understanding of the technology and
architecture of the vulnerabilities and risk towards potentially implementing wireless
grids Edgeware technology in an organisational virtual cloud environment. By examining
cyber-attacks, vulnerabilities, the likelihood of a hacker(s) attack, their potential impact
and countermeasures to mitigate this threat is also taken into consideration. In addition to
the increase in complexity and availability wireless grids Edgeware technology provides,
today the risk of hackers being caught is relatively low and attacks are often not detected.
The rapid proliferation of innovative technologies, such as virtualisation, cloud
computing, wireless grid Edgeware, etc., the increased availability of sophisticated tools,
and the lack of sufficiently developed and deployed effective information security
protections, make this architecture an increasingly lucrative target for hackers.
3
Related work
While there has been much work on detecting vulnerabilities and cyber-attacks in cloud,
virtualisation, wireless and grid systems (Löhr et al., 2007; Chen et al., 2010; Kotsovinos,
2010), research on the security of wireless grid Edgeware is beginning to increase
(Brooks and McKnight, 2013; Brooks et al., 2013). Like any complex system, wireless
grid Edgeware networks are subject to mistakes in the form of implementation errors and
misconfigurations of devices. All the vulnerabilities that exist in conventional wired and
wireless networks will apply to wireless grid Edgeware technology as well. For example,
hackers may gain unauthorised access in virtualised environments by simply installing a
new version of the hypervisor on the client machine which copies all subsequent users’
decrypted disk images to the attacker’s machine (Garcés-Erice and Rooney, 2012).
Hackers may be able to gain connectivity to cloud-based infrastructure-as-a-service
(IaaS) network management controls and thereby disable or disrupt operations (Grobauer
et al., 2011). Handheld devices used in wireless networks could be attached to the
organisations network with malware, viruses or other malicious code which may corrupt
data on a device and subsequently be introduced into the network connection (Raymond
and Midkiff, 2008). Cybercriminals’ growing preference toward the use of low-volume,
targeted attacks in wireless environments are stealing information and data from
compromised devices (Saha et al., 2001). These attack threats are concerning which still
need to be addressed for leveraging wireless grid Edgeware as a secure data
communications method.
Grid computing is often regarded as the predecessor of cloud computing and many
authors claim that cloud computing and grid computing are quite similar (Foster et al.,
2006; Garfinkel, 2007; Foster et al., 2008). Grid computing enables virtualisation of
distributed computing and data resources such as processing, network bandwidth and
storage capacity to create a single system image, granting users and applications seamless
access to vast IT capabilities (Foster, 2002; Foster et al., 2006). Consequently, grids
typically provide services to authenticate and authorise users to access resources on a
remote set of machines on the same grid (Foster et al., 2003). Grid computing can also be
Secure the edge?
197
wireless or mobile where computing loads must be allocated dynamically to respond to
changing conditions and information generated by required at critical nodes. Wireless
grids are ad hoc dynamic sharing of physical and virtual resources among heterogeneous
devices, which utilise ‘Edgeware’, as a platform that enables heterogeneous resource
discovery and sharing through the formation of wireless grid virtual networks (McKnight
et al., 2012). Although the security research on wireless grids is fairly new, computer
network attacks (CNA) on grid and wireless sensor networks have been prevalent in
research literature for years (Chan and Perrig, 2003; Rehana, 2009; Padmavathi and
Shanmugapriya, 2009).
Edge computing has emerged as an important technique for delivering web content,
services and diverse service interfaces over the internet and has its roots in content
delivery networks (CDNs) that deliver content by moving it from centralised servers to
the edge of the network, closer to end-users (Lin et al., 2007). Using edge computing,
parts of a Web application – and in some cases the entire application – can be distributed
across networks and many client requests can be processed completely at the edge,
avoiding WAN communication altogether (Davis et al., 2004). In practice, pushing
application logic to edge servers introduces a number of technical challenges which can
lead to cyber-attacks, one of which is data security; for applications that run on a
database, edge computing entails the distribution of (parts of) the database, to edge
servers that perform query processing on behalf of the central database management
systems (DBMS) (Pang and Tan, 2004). Since the edge servers are not necessarily as
secure as the corporate data centre, the query results produced by them must be checked
for integrity; specifically, a recipient must be able to verify that the values in his query
result have not been tampered with, and that no spurious tuples are introduced (Pang and
Tan, 2004).
Although there has been research pertaining to edge computing (Davis et al., 2004;
Pang and Tan, 2004, Lin et al., 2007), there is not a significant body of related work
towards CNAs against Edge computing (or Edgeware in general). Goh et al. (2006)
performed research ensuring data security in an edge computing platform through three
schemes that enable users to check the correctness of query results produced by the edge
servers. Their research proposes two new schemes for verifying the query results
produced by the unsecured edge servers. The schemes are based on the observation that if
necessary a group of edge servers can be running different operating systems and
protected by different security products, thus increasing the difficulty for attackers to
compromise all the edge servers concurrently without being detected (Goh et al., 2006).
Goh et al. (2006) research is important because it shows that each scheme offers different
security features (e.g., verifiability, unforgeability, identifiability, undeniability, and
prevention of misuse) and imposes different demands on the edge servers, user machines,
and interconnecting network.
With the new paradigms of cloud computing, virtualisation, wireless grids, etc., these
dynamics will cause certain key challenges to rise in prominence in protecting against
certain CNA attacks. Rajanna and Gyani’s (2012) publication on cloud and grid
computing security solutions identified CNA attacks consisting of cross-site scripting,
structure query language (SQL) injections, DoS, internet protocol (IP) spoofing, address
resolution protocol (ARP) poisoning and physical access of hardware components.
Rajanna and Gyani (2012) further researched the processing of data coming back from
the cloud and how it may be vulnerable to these certain types of CNA attacks. Rajanna
198
T. Brooks et al.
and Gyani’s (2012) research is significant because it discusses how cloud computing
offers its users services and applications, which are provided through the internet, and
thus, a large number of computers will be in the path of the data when the data is sent to
the cloud for analysis which makes to data susceptible to attacks.
Jansen’s (2011) research on the technical security issues in cloud computing
identified the various distinct web services technologies used to build cloud computing
systems and depending on the type of cloud – either IaaS, platform-as-a-service (PaaS) or
software-as-a-service (SaaS), the different security issues that pertain to those
infrastructures. Jansen’s (2011) research identified CNA attacks on protocols using
extensible mark-up language (XML) signature element wrapping, browser-based cloud
authentication, cloud malware injection, metadata spoofing, flooding and DoS. The
important aspect of this study is the threat of flooding attacks on cloud systems
using IaaS, which also integrates virtualisation and workplace-as-a-service (WPaaS)
technologies. Neither Rajanna and Gyani’s (2012) nor Jansen’s (2011) research on the
identification of cloud computing attacks and mitigation strategies for those attacks
provide attack specifics regarding different cloud computing deployment models (e.g.,
SaaS, PaaS, and IaaS) from the perspective of using virtualisation technologies. Although
an IaaS private cloud computing infrastructure utilises the concept of virtualisation and
virtualisation is important to the cloud, CNA attacks against virtualisation technology
itself is also a concern.
Virtualisation can expand the utilisation of existing computing infrastructures through
the hypervisor [e.g., the software layer which allows multiple operating systems to be
installed concurrently on the same machine with total isolation from each other; also
known as a virtual machine (VM) manager]. Ristenpart et al. (2009) research on
a cloud platform which multiplexes many customers’ VM’s across a shared physical
infrastructure identified the introduction of new vulnerabilities, such as cross-VM
side-channel attacks (extracting information from a target VM on the same host machine)
in third-party clouds. This research demonstrated how to penetrate the isolation between
VMs (e.g., via a vulnerability that allows an ‘escape’ to the hypervisor or via
side-channels between VMs) to violate customer confidentiality. The importance of this
research is that it shows how improperly protected end-user machines could spread
malware to the VM, and in turn spread to other users as they connect to the VM. It is also
emphasises the importance of virtualisation technologies in the context of cloud
computing security; however, the research only states attacks resulting from virtualisation
technologies.
Another potential attack point within a virtualisation environment is the
communications link between VMs. Tsai et al. (2012) research identified specific attacks
to the VM in the form of VM hyperjacking, VM escape, VM hopping, VM monitoring,
VM DoS and VM mobility. Through a network testbed, these researchers’ identified
security impacts of these attacks when introducing such modern virtualisation
technologies into a network testbed environment. Their experiments showed that
hypervisor-based virtualisation technologies introduce a hypervisor to manage and
control the resource allocation, but make the hypervisor a new attacking target (Tsai
et al., 2012). The testbeds showed that they were still vulnerable to attacks like VM
hyperjacking, VM escape, VM hopping, VM monitoring and VM DoS; and an attacker
may try to obtain root access to the host operating system, in order to inject virus or
malware and damage the fundamental requirements of the hypervisor-based virtualisation
(Tsai et al., 2012). Although highly relevant, their research does not discuss how these
Secure the edge?
199
attacks affect the control of communications between VMs in compromising the
confidentiality, integrity, and availability of data exchanged across a virtual network
within an organisation. As cloud users connect to resources distributed across multiple
VMs, the use of grid, specifically, wireless grid computing will also create separation
securing against the attacks to this new form of distributed computing.
4
Theoretical framework
Through the foundational theory of risk management and CNAs, the theoretical
framework2 (see Figure 2) used for this research dealt with identifying the security
implications to wireless grid Edgeware to address the overall research question – what
security vulnerabilities enumerations would contribute to the degradation and risk in
using a wireless grid Edgeware application in a virtualised cloud? This research
framework supports the identification of threats to and vulnerabilities towards wireless
grids Edgeware technology and the potential impact resulting from the loss of
information or capabilities of this technology. The framework also supports the practice
of generating relevant risk-reducing countermeasures by balancing risk reduction against
these attributes for implementing wireless grids Edgeware technology. As these attributes
change over time, it is necessary to periodically revisit the current understanding of the
risks incurred within the current and projected operating environments and determine if a
change in protection approach (e.g., technology, procedures, personnel) is warranted.
Figure 2
The conceptual Edgeware security risk framework (see online version for colours)
Additionally, the framework focuses on gaining insight into the risk that are being
incurred (or will be incurred) based upon the operational usage wireless grids Edgeware
technology, future architectural designs and hostile operating environments for wireless
grids Edgeware technology. At the core of this approach is the underlying theory about
the elements of risk management, its definition and relationship. In addition, this
theoretical foundation was grouped into the following specific areas or factors:
200
T. Brooks et al.
1
threats (e.g., cyber-attacks targeting computer networks/systems)
2
vulnerabilities (e.g., weaknesses of an attack)
3
likelihood (e.g., probability of occurrence)
4
impact (e.g., impact from a cyber-attack), countermeasures (e.g., mitigating
techniques against a cyber-attack) and overall risk (e.g., overall potential harm or
loss).
The overall risk takes all of these attributes into consideration. This framework influences
understanding of the information security risk to wireless grids Edgeware technology and
is consistent with the theoretical elements of risk management.
The framework for this research supported the threat, vulnerability, likelihood, impact
and countermeasures research needed to provide insight and meaning to the information
pertaining to the concept of a wireless cloud, virtualisation technology, and data from a
laboratory experiment regarding the degradation of the GridStreamX Edgeware
application operating environment (Brooks et al., 2012a, 2013; Brooks, 2014). From the
analysis of threats, the potential for a threat-source to exercise (accidentally trigger or
intentionally exploit) a specific vulnerability was determined (Jajodia et al., 2005; NIST,
2012). This research determined which set of attacks hackers would more than likely
invest in to attack wireless grids Edgeware applications. Vulnerabilities were identified
for wireless grids Edgeware technology through the discovering of weaknesses that could
be exploited by threats to its operational environment and technologies in order to
determine the immediate objective of an attack (i.e., defeat of confidentiality, integrity or
availability) (NIST, 2012; Gortney, 2012).
5
Literature review
5.1 Risk management
Discussions and research on wireless grids and Edgeware have been on the rise in
academia (Treglia et al., 2011; McKnight et al., 2013; Brooks and McKnight, 2013).
Although literature dates back for decades in the areas of cloud computing, virtualisation,
wireless networks and grid computing (Goldberg, 1973; Borden et al., 1989; Foster et al.,
2003; Padmavathi and Shanmugapriya, 2009), publications on wireless grids and
Edgeware are beginning to increase. Recent research defines Edgeware as “a new class of
software specifically designed for software applications deployed on wireless grids”
(McKnight et al., 2013; Brooks and McKnight, 2013). According to Treglia et al. (2010),
‘Edgeware’ is software that resides beyond the cloud, across edge network devices (e.g.,
routers, switches, etc.), both wired and wireless. These definitions lead to the general
purpose on the identification of cyber-attacks on wireless grid Edgeware with the
consequence that there is a lack of clarity of the concept of a secure wireless grid
Edgeware architecture. Nevertheless, a common understanding of the term Edgeware
itself is beginning to emerge.
Risk, as defined in the American Heritage Dictionary3, is the ‘possibility of suffering
harm or loss’. Risk is the net negative impact of the exercise of a vulnerability,
considering both the probability and the impact of occurrence (NIST, 2012). Risk
management theory is described as the performance of activities designed to minimise the
Secure the edge?
201
negative impact (cost) of uncertainty (risk) regarding possible losses (Schmit and Roth,
1990). The contributions of literature findings for this article first takes into consideration
risk management theory, in which several authors from academia could be attributed to
identifying the origins of risk management theory (Mehr and Hedges, 1963; Williams and
Heins, 1964; Horrigan, 1969). The theory could also be attributed to publications from
the Journal of Risk Management and Risk Management (formerly The National Insurance
Buyer) from the 1950 to 1980s (Crockford, 1982). Campbell and Sands (1979) developed
one of the earliest risk management approaches, which developed a structured
methodology based on a set of concepts that subsisted in the later approaches, such as
vulnerability analysis, threat analysis, risk analysis, and control implementation. These
early researchers tended to agree that institutional specialisation in risk management gave
it a valued position in business education [Schmit and Roth, (1990), p.456].
Risk management theory in the context of IT and information system security is not a
new research domain (Bandyopadhyay et al., 1999; Fenz et al., 2011). Gruschka and
Jensen (2010) performed risk management in their research to identify the threat of
criminal hackers performing cloud malware injection attacks, direct DoS attacks and
flood attacks in determining these as a significant concern to cloud environments.
Chakrabarti (2007) performed a comprehensive risk analysis of existing grid computing
security issues identifying countermeasures to grid security issues at the host level (e.g.,
data protection, job starvation), architecture level (e.g., policy mapping, DoS, information
security) and credential level. Cody et al. (2008) risk management research on
computational grids, data grids and service grids identifies specific types of
vulnerabilities that could exist for each grid computing system. Van Cleeff et al. (2009)
risk management research on virtualisation environments identified how the threat of
hackers could originate from security parameters from five different components using
virtualisation:
1
hardware
2
other VMs
3
the virtual machine monitor (VMM)
4
the virtual machine monitors’ management (VMMMs)
5
network.
Grobauer et al. (2011) identified four cloud-specific technology vulnerabilities – web
applications and services, virtualisation, and cryptography – which include such
vulnerabilities as VM escape, session riding and hijacking, and insecure or obsolete
cryptography through risk management analysis. These researchers’ were particularly
instrumental in establishing the foundation for identifying risk in grids, clouds and
virtualisation technologies.
5.2 Computer network attacks
Computer and network security aim to provide confidentiality, data integrity, and service
availability (Raymond and Midkiff, 2008). Information security is the protection of
information and the systems and hardware that use, store and transit that information
[Whitman and Mattord, (2011), p.8]. An important aspect of information security is to
202
T. Brooks et al.
ensure the confidentiality, integrity and availability of the data being processed as
information [Whitman and Mattord, (2011), p.8]. In the early days of computing, the
emphasis was on computer security because of the nature of the threats, such as physical
theft of equipment, espionage against the products of the systems and sabotage
(Von Solms, 1999). Developments in networking, software, engineering and architecture
changed all of this throughout the years and one of the biggest threats to information
security became known as a CNA (Wilson, 2003). A computer attack may be defined as
actions directed against computer systems to disrupt equipment operations, change
processing control or corrupt stored data (Wilson, 2003). Computer attacks can be
classified into three areas:
1
physical attacks, which involve conventional weapons directed against a computer
facility or its transmission lines
2
electronic attacks which involve the use of power of an electromagnetic energy as a
weapon (more commonly known as electromagnetic pulse – EMP) to overload
computer circuitry
3
CNA involving malicious code as a weapon to inject computers to exploit weakness
[Wilson, (2003), p.3].
Cyber as a prefix was used for the first time in the word ‘cybernetics’, which was coined
and used by Norbert Wiener in his book of the same name published in 1948 [Wiener,
1948; Sen, (2004), p.116]. Cyber, as defined in the American Heritage Dictionary4, is a
combining form meaning ‘computer’, ‘computer network’ or ‘virtual reality’. A
cyber-attack is an attack, via cyberspace (e.g., internet) targeting an enterprise’s use of
cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling
a computing environment/infrastructure; or destroying the integrity of the data or stealing
controlled information (CNSS, 2010). Cyber-attacks are performed through CNA
consisting of five steps: reconnaissance (surveillance for data gathering), vulnerability
scanning (discovery a technical weakness), gaining access (inside the system),
maintaining access (privilege escalation) and covering tracks (hiding evidence of
intrusions or activities) (Tutănescu and Sofron, 2003). Research has been written on
CNAs throughout the 1970s (Whiteside, 1978), the 1980s (Perry and Wallich, 1984),
1990s (BloomBecker, 1990) and in the 2000s (Hansman and Hunt, 2005).
In the CNA literature, the major research findings for this research pertained to
hackers/hacking (Thomas, 2003) and the history of CNAs (Tyagi and Vyas, 2008).
Hacking has existed, in various forms, since the late 1950s (Thomas, 2003). Hackers can
be external (no access) or internal (authorised access) to the systems they plan to attack.
Hacking is intrinsically linked with network security and the existence of hacking gave
rise to the network security industry. Recently, the term hacker has taken on a new
meaning as defined by Farsole et al. (2010) as someone who maliciously breaks into
systems for personal gain. Technically, these criminals are ‘crackers’ or ‘black hat’
hackers (criminal hackers) who break into systems with malicious intent are ‘external’ to
the systems they are attempting to attack; are out for personal gain, fame, profit and even
revenge; and modify, delete and steal critical information often making other people
miserable [Farsole et al., (2010), p.15]. Hackers conduct CNA’s on systems for a variety
of reasons. Some hackers attack information systems simply for the challenge of
penetrating an important system based on the value of the information within the network
(Hartmann et al., 2008). Other hackers attack information systems for the purpose of
Secure the edge?
203
revealing vulnerabilities and weaknesses in popular software applications and hardware
(Wallner, 2008). Lastly, some hackers may attack information systems out of a sense of
financial or personal gain, effectively using their skills to steal money, or otherwise
valuable data, which they can either sell or use to blackmail their victims (Smith and
Rupp, 2002). Hacker’s accessing networks that are considered important (or regarded as
difficult to penetrate) satisfies the egos of these hackers who determine their targets based
on the degree of difficulty involved in performing CNA attacks (Jordan and Taylor,
1998).
The recent emergence of innovative technologies, such as cloud computing,
virtualisation, wireless grids, edge computing, etc., utilising web applications/services to
process information are common to CNAs. Rajanna and Gyani’s (2012) publication on
cloud and grid computing security solutions identified CNA attacks consisting of
cross-site scripting, SQL injections, DoS, IP spoofing, ARP poisoning and physical
access of hardware components. Jansen’s (2011) research on the technical security issues
in cloud computing identified the various distinct web services technologies used to build
cloud computing systems and depending on the type of cloud – either IaaS, PaaS or SaaS,
the different security issues that pertain to those infrastructures. Tsai et al. (2012)
research identified specific attacks to the VM in the form of VM hyperjacking, VM
escape, VM hopping, VM monitoring, VM DoS and VM mobility. Lee et al. (2011)
published a comparative study on the nature and complexities that grid computing
introduces regarding the vulnerabilities in middleware, web services and portals for grids.
The relevance this literature has to wireless grids Edgeware technology is that
understanding the concept of CNA and how similar technologies are attacked, it’s easier
to understand methods and techniques to protect the application and its network against
security loopholes.
6
Cloud, virtualisation and Edgeware vulnerabilities
Technology vulnerabilities take many forms and are fundamental failures in network and
software designs meaning that the technology always will have a problem no matter how
well it is implemented. Unmitigated vulnerabilities require risk management planning
and analysis to deal with impacts to organisational assets. Whether the vulnerabilities are
exploited intentionally (malicious) or unintentionally (non-malicious), the net result is
that the confidentiality, integrity, and/or availability of the organisation’s assets may be
impacted.
There are a number of known vulnerabilities documented throughout cloud,
virtualisation and wireless grid Edgeware literature (Yi et al., 2001; Löhr et al., 2007;
Chen et al., 2010; Kotsovinos, 2010; Brooks et al., 2013). They range from the obvious
(failure to authenticate) to the subtle (key management). When performing known
vulnerability analysis, security engineers/specialist must consider the technology as it has
been described in the artefacts that were reviewed for asset identification. Classifying
vulnerabilities allows for pattern recognition of vulnerability types. This in turn may
enable the security development teams to recognise and develop countermeasures to deal
with classes of vulnerabilities by dealing with the vulnerabilities at a higher level of
abstraction. For example, the Brooks et al. (2012b) article detailed four cyber-attack
classes for a wireless cloud (i.e., wireless grid, cloud computing, data-in-transit, and
204
T. Brooks et al.
insider) contributing to the identification of 37 specific vulnerabilities, such as
inconsistent parameter validations, implicit sharing of privileged/confidential data,
inadequate identification/authentication/authorisation and exploitable programme logic
errors enabling circumvention of access control. Since the wireless cloud applications are
device and location independent and compatible with many device types (including
mobile and nomadic devices, phones, tablets, laptops, and network computers), it is
important to understand the vulnerabilities to this infrastructure. The wireless grid
Edgeware applications will use a cloud infrastructure to enable users to share and
communicate with data wirelessly; however, managing security cyber-attacks and
vulnerabilities in architecture assets are two fundamental challenges for any organisation
(Onwubiko and Lenaghan, 2007).
Additionally, the common exploits of security properties in virtualised computing
environments and their security vulnerabilities from the perspective of cyber-attacks
contributes to the combination of threats and vulnerabilities that Edgeware technology
is exposed to. Research performed by Brooks (2014) identified six virtualisation
cyber-attacks areas (i.e., footprinting, botnets, hypervisor, virtual code, virtual desktop
infrastructure, others) with 24 specific attacks towards virtualisation technology
contributing to the risks that involve unauthorised change and reception of malicious
information stored in virtualised computing environments. This research recognised the
importance of hypervisor attacks, which could be especially devastating within the cloud,
if penetrated. A compromised hypervisor exposes all VMs on a single physical server to
attack and hackers could use this as a launching point to access VM’s; initiate a DoS
which could prevent a VM’s access to host resources such as CPU, memory, and devices;
and delete or disable VM’s to prevent user access. Control of communications between
VM’s would compromise the confidentiality, integrity, and availability of data exchanged
across a virtual network. Through the identification of the cyber-attacks and
vulnerabilities to these virtualised computing environments, the impact of integrating
wireless grid Edgeware technology with virtualisation in a wireless cloud environment is
realised.
Finally, CNA research performed by Brooks et al. (2013) identified nine major
categories of vulnerabilities (e.g., authentication, misconfiguration, information
disclosure, cryptographic, DoS, hijacking, race condition, infrastructure and input
manipulation) and 55 specific security vulnerabilities in a wireless grid Edgeware
application called the GridStreamX Edgeware application; which could compromise
communications between the user and the wireless cloud provider and could allow
hackers to intercept data (e.g., passwords, encryption keys, and files); redirect web
browsers to compromised sites (e.g., cross-site scripting [XSS], etc.); and impersonate
applications on the virtual network (e.g., principal spoofing, etc.), thus inhibiting secure
communications. The combination of threats and vulnerabilities illustrates the risks that
this wireless grid Edgeware technology is exposed to. Since this technology plans to
provide a more interoperable, scalable and flexible approach to provide ways for
intelligent devices to provide communication, the research performed by Brooks (2014)
Brooks et al. (2012a, 2012b) uncovered a significant high risk due to the number of
vulnerabilities and its increase dependence on cloud and virtualisation technology making
it an increasingly attractive target for hackers.
Secure the edge?
205
6.1 Risk assessment5
As stated in NIST SP 800-30, a risk assessment is used to “identify, estimate, and
prioritize risk to organizational operations (i.e., mission, functions, image, and
reputation), organizational assets, individuals, other organizations, and the Nation,
resulting from the operation and use of information systems” [NIST, (2012), p.1]. To
understand the risk that wireless grids Edgeware technology posed in a virtualised cloud
environment, a thorough risk analysis on each threat category to define the likelihood of
an attack occurring, along with the consequence of what will happen if the attack occurs,
was performed. The NIST SP 800-30 assessment framework was used because it was
clear, concise and contained a sound approach to performing risk assessments.
Additionally, the framework was originally developed by the Joint Task Force
Transformation Initiative Interagency Working Group with representatives from the
Civil, Defense, and Intelligence Communities (i.e., US Department of Defense [DoD],
Office of the Director of National Intelligence, Committee on National Security Systems)
in an ongoing effort to produce a unified information security framework (NIST, 2012).
This framework also provided a solid description of information system level
assessments and provides a succinct qualitative/quantitative nature in performing
assessments during the risk management process for any organisation and/or information
system.
Using a qualitative and quantitative risk analysis approach, this research assessed
wireless grid Edgeware technology from the identification of:
1
threats
2
vulnerabilities
3
likelihood
4
impact
5
countermeasures.
The risk towards wireless grid Edgeware technology was expressed as a function of the
likelihood of a given threat exploiting a given vulnerability, the magnitude of the impact
should a threat successfully exploit a vulnerability and its data being attacked, and the
adequacy and effectiveness of the security controls in place to protect the system. The
adequacy of planned or existing security countermeasures was also accounted for when
assessing the overall risk of a particular threat/vulnerability pair. If a potential threat was
found to likely to exploit an identified vulnerability, the wireless grids Edgeware
technology was subject to a certain level of risk. The assessment of the degree of that risk
was based on the criticality of the wireless grid Edgeware technology is an organisational
operating environment and the information that it would process and store and on the
probability of loss of data or functionality due to the expected impact to the
organisation’s operating environment.
6.2 Analysis
In addressing the overall research question for this research – what security
vulnerabilities enumerations would contribute to the degradation and risk in using a
wireless grid Edgeware application in a virtualised cloud? – this research acknowledged
206
T. Brooks et al.
that the security vulnerabilities towards wireless grid Edgeware technology is not
difficult to identify and analyse. This is due to the fact that the data needed for this
analysis is not too complex or hard to come by with the right tools, although the
technology may be constantly changing. The data needed for this risk assessment
required an in-depth understanding of hackers, their goals, objectives and an appreciation
of the types of attack tools they use to perform cyber-attacks and vulnerability
enumerations (e.g., BackTrack5 r3). The results of this research needed to be considered
along with the vulnerabilities, cyber-attack and impact analysis’s in order to assess the
overall risk in using wireless grids Edgeware technology. This coordinated analysis of
risk, using all the risk components (e.g., threat, vulnerabilities, likelihood, impact,
countermeasures) was accomplished by actively involving threat, vulnerability,
likelihood and impact analysis, as well as those who will eventually be responsible for
deriving insights into the ways to protect against cyber-attacks and developing effective
ways to provide the requisite responses to those attacks.
Having determined what threats are important and what vulnerabilities might exist to
be exploited, it can be useful to estimate the likelihood and impact of the various possible
risks. Likelihood determination indicates the probability that the vulnerability may be
exercised given the threat and vulnerability and can be described as a rating of high,
medium or low (NIST, 2012). In information security, ‘likelihood’ is a qualitative
estimate of how likely a successful attack will be, based on analysis and past experience.
Independent of likelihood and controls, the risk’s impact must be determined. That is,
impacts are consequences that an organisation must face if there is a successful attack.
The operational impact to the loss of information (or services) is essentially determined,
by several factors determined by threats and vulnerabilities, by looking at what the
ultimate operational impact might be, given that attacks of various types by various
threats are successful (NIST, 2012). Therefore, the likelihood of successful exploitation is
determined based on the resources required to exploit the vulnerability, the threat’s
motivation and opportunity to do so (i.e., willingness), and the adequacy of the planned
or existing security safeguards to repel the exploitation attempt. The magnitude of impact
should a threat successfully exploit a vulnerability is determined based on the expected
impact that an attack could cause and the planned or current countermeasures that would
mitigate the impact. Together, likelihood and impact provide the overall risk in
determining the likelihood of a cyber-attack occurring and its predicted degree of harm if
the attack is successful.
The findings from the wireless grid Edgeware application laboratory experiment
further supported the research framework with the integration of the cyber-attacks
identified from the wireless cloud and virtualisation research (Brooks, 2014). The
likelihood and impact analysis used a systematic analytical approach that provided a
straightforward description of wireless grids Edgeware being analysed and risk to using
the application in an organisational setting. Research of this kind is significant to
information security specialists who will be responsible for implementing and securing
wireless grids Edgeware technology within their organisation. Understanding the threat
and vulnerabilities will assist organisations in developing security policies to address this
issue.
In all, Brooks (2014) identified 116 cyber-attacks (i.e., wireless cloud – 37,
virtualisation – 24, GridStreamX Edgeware application – 55), which suggested that a
cyber-attack will occur upon implementation of wireless grid Edgeware technology over
a period of time or as a percentage change of occurrence. This research used a qualitative
Secure the edge?
207
and quantitative method of data analysis. To facilitate the analysis, the likelihood and
impact factors were based on a subjective analysis of the relative priority of specific
threat’s exploiting vulnerabilities from the researcher’s extensive experience in analysing
cyber-attacks and performing vulnerability exploitations. The descriptive statistics, as
displayed in Table 1, such as mean and standard deviation were used to describe the basic
features of the data and to provide simple summaries about the risk from the data.
Descriptive statistics from the wireless grid Edgeware risk assessment6
Table 1
Descriptive
N
Valid
Missing
Likelihood
Impact
116
116
0
0
Mean
6.9138
6.9741
Std. error of mean
0.23918
0.24594
Median
8.0000
8.0000
8.00
8.00
Mode
Std. deviation
2.57604
2.64891
Variance
6.636
7.017
Skewness
–0.909
–0.843
Std. error of skewness
0.225
0.225
Kurtosis
–0.373
–0.497
Std. error of kurtosis
0.446
0.446
Range
8.00
8.00
Minimum
2.00
2.00
Maximum
10.00
10.00
The sample of the likelihood and impact descriptive statistics displayed in Table 1 was
calculated using IBM’s statistical package for social sciences (SPSS) v20 software. From
the analysis, the mean of likelihood was 6.91 (n = 116) with a mean standard error of
0.239. The measure of dispersion of the likelihood in the study was determined through
the range, minimum, maximum, standard deviation and variance. The range of the
‘likelihood’ value in the study was 8 (high) with a maximum value of 10 (very high) and
a minimum of 2 (low), whereas the standard deviation of the likelihood was 2.576 and a
variance of 6.636 (see Figure 3). The distribution of the values of the likelihood is
asymmetrical and negatively skewed with a long tail to the left with a value of –0.909
with a standard error of 0.225. The shape of the distribution is flatter as shown by the
kurtosis statistic with a value of –0.373 and a standard error of 0.446.
On the other hand the mean of ‘impact’ is 6.97 (n = 116) with a mean standard error
of 0.246 (see Figure 4). The range of the impact in the study was 8 (high) with a
maximum value of 10 (very high) and a minimum of 2 (low). The standard deviation of
the impact is 2.649 and a variance of 7.017. The distribution of the values of the impact is
asymmetrical and negatively skewed with a long tail to the left with a value of –0.843
with a standard error of 0.225. The shape of the distribution is flatter as shown by the
kurtosis statistic with a value of –0.497 and a standard error of 0.446.
208
T. Brooks et al.
Figure 3
Likelihood histogram (see online version for colours)
Figure 4
Impact histogram (see online version for colours)
Secure the edge?
209
The analysis of descriptive statistics reveals that the mean interrelationship between the
likelihood of the cyber-attack’s (6.91) and the mean interrelationship between of the
impact of the cyber-attack’s (6.97) to be positive when multiplied (48.16)7 producing a
‘moderate’ risk determination from the NIST level of risk assessment scale. To explore
this result further, the researcher compared means for the likelihood and impact across
levels of risk. Starting with likelihood, the research shows its mean as being lower when
evidence indicates the likelihood of discovering unintentional weaknesses lead to
exploitable vulnerabilities. The reason being is because risk is the net negative impact of
the exercise of a vulnerability considering both the probability and the likelihood of
occurrence. The impact should be greater since the level of impact on organisational
operations (including strategy, functions, image, or reputation), assets, or individual’s
results from the likelihood of a cyber-attack. The likelihood of a cyber-attack occurring
means it should be slightly lower when evidence indicates the likelihood of discovering
unintentional weaknesses that can lead to exploitable vulnerabilities. In other words, the
relationship amongst likelihood and impact is mutual.
Since the standard errors for both likelihood (0.239) and impact (0.246) are small, the
statistical estimates derived from the data are reasonably good. Additionally, the variance
of the likelihood (6.636) and impact (7.017) are at least three standard deviations away
from their means and indicates that the values are close to their respective means and
close to the range identified within this study. This relation also appears to hold for the
skewness and kurtosis. The asymmetrical and negative skewness of the left skewed
distribution for both the likelihood and impact indicating that most of the risk assessment
values are concentrated on the right of the mean, with extreme values to the left. The
asymmetrical and negatively skewed kurtosis platykuritc distribution of both the
likelihood and impact produced a flatter than a normal distribution with a wider peak
indicating that the probability for extreme risk values is less than for a normal
distribution, and the risk values are wider spread around the mean. While the researcher
did not hypothesise these differences, they are somewhat diagnostic of the form of the
researcher’s subjective judgement and provide a potentially fruitful area for future
research.
The ultimate worst case scenario of any security risk could potentially be a
catastrophic loss to any organisation. However, such extreme worst case scenarios are not
those that are experienced by the vast majority of organisations that are the victims of
such security incidents. Therefore, as displayed in Figure 5, the cyber-attacks for this
research was assessed using a likelihood and impact graph grouped into four quadrants:
I
threatening
II
high potential; not likely
III less risky and likely
IV likely; low potentially spanning four areas of consideration for alleviating the
attacks:
1 mitigation
2 manage
3 monitor
4 make do.
210
T. Brooks et al.
Thus, it is appropriate in looking at the 33 (28% of the total attacks identified)
‘threatening’ cyber-attacks (those considered ‘very high [8 attacks identified]’ and ‘high
[25 attacks identified]’) that need ‘mitigation’ in order to avoid the realistic worst case
losses that could be expected from these attacks. The obvious danger in overtly focusing
on the threatening quadrant I attacks is that the 63 (54%) of ‘moderate’ attacks, which
need to be ‘managed’, could be missed or given insufficient attention. The other 20
(17%) ‘less risky’ cyber-attacks (those considered ‘low [2 attacks identified]’ and ‘very
low [18 attacks identified]’) would not pose a significant threat to an organisation. There
is also an inherent difficulty in conceptualising these threatening attacks. By their
very nature they are subjectively analysed and should they occur, they could rapidly
overwhelm most systems using wireless grids Edgeware technology. Also, human
perception being what it is, can also consider any security risk with potential safety or
within the ‘manage’ range as intolerable, where security controls could be less than
effective.
Figure 5
The wireless grid Edgeware vulnerabilities likelihood and impact graph (see online
version for colours)
The consequence of a security risk can usually be expressed as a measure of loss. Impacts
derived as part of this assessment were used to inform the determination of overall risk
consequence. In reality, risk tolerance for using wireless grids Edgeware technology is
likely to be exhibited as a gradient, where the risk may become increasingly less tolerable
as the risk level is elevated. The various risks that have been identified and characterised
through this research as ‘threatening’ or ‘moderate’ must be considered for mitigation.
Secure the edge?
211
Mitigation of a risk means to change the architecture of the software or the business in
one or more ways to reduce the likelihood or the impact of the risk. The cyber-attacks
considered in the areas of ‘mitigate’ and ‘manage’ should first be addressed. For
example, changing authentication mechanisms from user identification (userid) and
password to pre-shared public key certificates can make it far more difficult to
impersonate a user. Reducing the period of time that a vulnerability is available for
exploit is another way to reduce the likelihood of a risk. For example, if the GridStreamX
Edgeware application sessions expire after 10 minutes of inactivity, then the window of
opportunity for session hijacking is about 10 minutes long. Ensuring that proper
cryptography is incorporated in the design can also help, for example, when applied
correctly. It is easier to detect corruption in encrypted data than in unencrypted data, and
encrypted data is harder for a hacker to use if they get it – even if they receive via
wireless communications.
The high level number of cyber-attacks identified within the ‘mitigate’ and ‘mange’
quadrants could also be mitigated through the proper countermeasure implementations.
Depending on the cost of making failure impossible through countermeasure correction,
it may be much more cost effective to enable wireless grid Edgeware technology systems
to detect and repair failure(s) quickly and accurately. For example, some of the exploits
identified for the GridStreamX Edgeware application identified that the application is
very temperamental and can crash when provided bad input and (for the sake of
argument) cannot be modified or replaced. A focus on correction would be to add
business logic to validate input and make sure that the GridStreamX Edgeware
application never received input that it could not handle. In contrast, a focus on correction
would be to add monitoring or other software to watch for the module to crash and try to
restart the module quickly with minimal impact. Mitigation is never without cost. The
fact that remediating these cyber-attacks costs money makes the risk impact
determination step even more important. Mitigations can often be characterised well in
terms of their cost to the business: man-hours of labour, cost of shipping new devices
with the improved software, delay entering the market with new features because old
ones must be fixed, etc. This ability to characterise the mitigation’s cost of wireless grid
Edgeware technology, however, is of little value less the cost of the business impact is
known.
The overall ‘moderate’ risk determination from this analysis would applicable to
those organisations utilising this software in less data sensitive environments where the
communications and information that is transmitted would not be categorised as highly
sensitive, confidential and/or classified. However, those organisations who information
assets often take the form of databases, private credentials (e.g., social security numbers,
userid, password, etc.), audit records, financial information (e.g., bank account numbers,
etc.), intellectual property, and other vital business information (e.g., banks, investment
firms, etc.), the same risk analysis would increase this risk determination to a ‘high’ or
‘very high’ level of risk due to the target value of the data from a hacker’s perspective
and the numerous cyber-attacks identified within this research which could allow access
to this data.
Since all organisations incur risks, it is imperative that financial organisations and
those entities that deal with highly classified data assign priorities to risks, ensure
adequate budgets have been allocated to address risks and allow for the implementation
as well as maintenance of appropriate risk-reducing controls. Risk management is not
212
T. Brooks et al.
about eliminating and/or avoiding risks altogether, as this approach is typically cost
prohibitive as well as time consuming, and thereby, not in the best interest of most
stakeholders. The risks of this wireless grid Edgeware technology within these highly
sensitive entities are inherent and/or inevitable; as such, the challenge stakeholders will
have in implementing a risk management process to address this wireless grid Edgeware
technology will be in finding the right balance between minimising the impact of serious
risks and accepting a level of risk that will not adversely affect or impact the cost,
schedule, and performance of the organisation. In the case of these types of organisations,
confidentiality and integrity are very important, but if availability is negatively impacted
via this technology, then the business impact may manifest in other ways, such as lost
customers, failure to meet service level agreements (SLA), compromised data records,
stolen identities, etc.
In general, approaches to risk management for wireless grid Edgeware
technology/systems and the development infrastructure that supports the production of
those systems will have to focus largely on the implementation of security protocols and
processes as reactive mechanisms in the operational virtualised cloud environment.
Although those security technical mechanisms are evolving and becoming increasingly
sophisticated, they are not sufficient to provide the strength of protection and resiliency
that is needed in today’s complex and highly interconnected wireless grid Edgeware
domain. This risk assessment is designed to be applied iteratively, first at a high level
during the requirements definition stage of a wireless grid Edgeware system acquisition
and later at lower, more detailed levels during a wireless grid Edgeware system design,
implementation, and operations. The result is a more proactive methodology that builds
in protective and resiliency mechanisms during acquisition and development. These
mechanisms in turn provide increased assurance that the security features, practices,
procedures, and architecture of a wireless grid Edgeware system are strong enough to
mitigate all known operational risks, resulting in a residual risk that is small enough to be
acceptable to the wireless grid Edgeware system and, ultimately, the intended users of
this innovative technology.
6.3 Discussion
The implications of wireless grids Edgeware applications are profound and will drive a
shift in the fundamentals of new information systems design, operation, and management.
This new technology will permit interoperability and connectivity between users and
networks (e.g., the internet, cloud, ad hoc multi-user networks and private networks, etc.)
by providing robust appliance interfaces permitting access to structured and unstructured
data of every description. By adopting this new wireless grid Edgeware technology,
organisations will become “dynamically flexible offering a higher degree of agility and
responsiveness to emergent business requirements” (Armbrust et al., 2010).
However, in the wireless grids Edgeware environment, hackers must be out
manoeuvred rather than merely protected against. Organisations will need secure
technology that blocks obvious access avenues and augment fixed safeguards with a more
directed and dynamic defence. As a solution, one method is to ensure that the concept of
‘information assurance’ exist throughout an organisation looking to integrate wireless
grid Edgeware applications.
Information assurance consists of measures that protect and defend information
and information systems by ensuring their availability, integrity, authentication,
Secure the edge?
213
confidentiality, and non-repudiation (CNSS, 2010). These measures include providing for
restoration of information systems by incorporating protection, detection, and reaction
capabilities (CNSS, 2010). To address the information assurance component of
‘protection’ of wireless grids Edgeware technology in a secure virtualised cloud
environment, first, persons responsible for Edgeware applications, the mobile and
wireless devices and software/hardware for the virtualised cloud environment should
undergo specific security awareness training. Protection means to apply network
protection techniques to protecting the Edgeware application against attacks. This will
support the identification of the risks and responsibilities associated with owning and
operating the mobile devices using the application. Next, mobile and wireless devices
running wireless grids Edgeware applications should undergo specific basic input/output
system (BIOS) and operating system hardening procedures (e.g., remote connectivity to
the device should be disabled where possible, only ports the application uses should be
open, etc.). Firewalls and antivirus software should be installed and maintained on the
device(s) running the wireless grid Edgeware application. Any credentials stored on the
device(s) using wireless grid Edgeware applications should be encrypted, or all remote
access from the device(s) to the enterprise wireless cloud network should be mediated via
two (or three) factor authentication. This will minimise the opportunity for an
unauthorised person in possession of a hacking device to be able to remotely access the
network.
Additionally, an intelligent platform management system should be incorporated
within the wireless cloud network environment for further protection of device(s) and
data. An intelligent platform management system would provide the automatic
monitoring of performance indicators through wireless sensor data objects and the
automatic selection of data routes for processing information. The potential of thousands
of devices using wireless grid Edgeware applications distributed on various wireless
cloud platforms is conceivable. As it is not possible to effectively monitor and manage
these devices manually, an intelligentised platform management system could be
employed to carry out automatic monitoring and management of the devices through
wireless sensors. This way device failures and potential attacks in the environment could
be detected and diagnosed immediately to ensure the stability of the system. Furthermore,
in the wireless cloud, there could be sufficient routes for point-to-point transmissions of
data, but because of the instantaneous requirement for information transmission, there is a
need for high-speed selection of routes for data processing, which is impossible to be
accomplished manually. This could be achieved through an automatic selection based on
real-time monitoring of the quality of the various routes for faster data processing also
using an intelligent platform management system. Since there could be a huge amount of
information to transmit in a limited number of bandwidths, the system could also have
the capability of allocating bandwidths automatically according to the state of flow of
information.
In regards to ‘detection’ of wireless grids Edgeware technology in a secure virtualised
cloud environment, responsive capabilities using an intrusion detection system (IDS)
should be performed. Detection means to make forecast of an issue warning against
cyber-attacks. When intrusions are detected, the IDS will raise an alert and optionally
implement some responsive action. Such action may involve the paging of a security
administrator, reconfiguration of network devices, or performing a DoS attack against the
attacking device (e.g., rogue AP for example). The incorporation of a responsive
214
T. Brooks et al.
capability must be given careful consideration. If the IDS itself is to mount the response,
it will advertise the presence of the detection system to a hacker. Likewise, if the
response is initiated by the IDS, but via another network infrastructure component (e.g.,
the AP) for example, a hacker may leverage the responsive capability to target legitimate
clients. For example, a hacker could spoof the media access control (MAC) of a
legitimate client running the wireless grid Edgeware application and operate in AP mode;
the responsive capability may then launch a DoS attack against that MAC
address-effectively denying service to a legitimate client in the wireless cloud network.
Additionally, intrusion detection components can be incorporated into deployed wireless
grid Edgeware application devices. Incorporation of the detection system components
within the wireless cloud would give the detection system access to a rich set of
information, over and above that available to a separate, passive monitoring component.
For example, a passive sniffer (or set of sniffers) that are capable consideration of the
number and location of passive sniffers required to ensure the area of interest is
adequately covered and techniques that are capable of effectively detecting wireless
intrusions in a fully passive manner are required. A major disadvantage of incorporating
the detection system components within the devices themselves is that updates,
reconfiguration and the initial enrolment carry a significant management burden.
Finally, for ‘reaction’, once a malicious entity (e.g., device, software, authorised user,
etc.) or rogue AP has been detected from within the wireless grid Edgeware application
and has gained access to the operational virtualised cloud network, an intrusion response
system (IRS) may attempt to prevent the malicious entity from communicating with the
network; or in the case where the intruder had deployed a rogue AP, prevent any
legitimate stations from connecting to that device. Reaction means the capability of
stopping or preventing the cyber-attack from spreading when the wireless Edgeware
application is under attack. Once an intrusion (that is a violation of a security policy) has
been detected, the IRS may wish to take responsive action to limit the capability of the
intrusive behaviour to impact the wireless grid Edgeware application and its operating
wireless cloud network. Responsive actions are designed to disable the attacking station
or to prevent the progression of its intrusion. The most basic and crude method for
disabling an intruder is to flood the target radio frequency with noise (e.g., radio
jamming) or mount an attack on the clear channel assessment algorithm using by wireless
stations (reference). In addition to low level responses, the coordination protocols of the
MAC layer can also be manipulated. In particular, the virtual carrier sensing protocol
employed by IEEE 802.11 devices can be exploited. By setting large media reservation
values in ready-to-send (RTS) clear-to-send (CTS) exchanges, the network allocation
vector (NAV) values of associated stations can be inflated and stations prevented from
transmitting. Typically such responses would, however, result in DoS conditions for all
wireless grid Edgeware application devices configured to use that frequency or channel.
A board range of information assurance techniques and procedures will be needed to
secure the wireless grid Edgeware application and its operating environment. The
information assurance approaches identified here are to prevent or mitigate all threats
towards wireless grid Edgeware applications, combined with concerns that
implementation or configuration errors may diminish the effectiveness of the remaining
security services and motivates the requirement to supplement these preventative
measures with a capability to detect and respond to security relevant events. These
security relevant events include not only cyber-attacks, but other violations of wireless
security policies such as detecting when a mobile device leaves a wireless cloud active
Secure the edge?
215
while simultaneously connecting to an otherwise secured wired network. Such a
monitoring capability could also be used to provide assurance that the deployed wireless
cloud was only adverting and using approved protocols and algorithms. Numerous
wireless intrusion detection/response techniques will utilise sensor data to attempt to
triangulate and locate the point from which a wireless hacker is operating. The accuracy
of such techniques, given the vagaries of wireless communications, is a matter of debate.
Given the highly dynamic nature of a wireless grid Edgeware applications and there
virtualised operational environment, the use of a single information assurance parameter
is unlikely to be reliable. Only when multiple techniques are combined can the number of
cyber-attacks being attempted be constrained.
From a risk management/security perspective, wireless grids Edgeware technology
presents a unique set of challenges. First, compared to traditional network systems, the
roles of the various components of a wireless grid are somewhat burred. For example, the
grid UI (which provides a UI for access to certain ‘GRiDLET’ programmes) might in
turn act as a requestor of another service (e.g., the CORE platform which manages the
connectivity, security/permissions and communications between nodes on the network)
that it relies on; it’s not well understand if the two components can both be requesters and
provides to each other, and so on. Vulnerabilities tend thus to relate to the uncontrolled or
careless interaction between components rather than to the behaviour of a well-bounded
piece of software that can be monitored using standard techniques. A second difficulty
typical of wireless grid Edgeware systems lies in the nature of the communications
between components. Precise details of the protocols used become largely irrelevant. A
cyber-attack exploits poorly defined or ambiguous semantics of the requests, erroneous
parsing, lack of security checks, etc. Such exploits can only be possibly detected using
payload analysis (e.g., deep packet inspection) which is computationally intensive and
presents numerous issues on its own.
Additionally, the wireless devices with Edgeware technology will be portable and
will invariably be exposed to untrusted wireless environments. Monitoring and recording
the types of interactions such a device enters into while it is away from its main
environment is important. Depending on the nature of the interactions that the device is
exposed to in those untrusted environments, it may be pertinent to restrict its capabilities
when it returns to its main environment, until some degree of trust in the state of the
device has been established. In this case, the risk of the environment not being capable of
monitoring the events taking place over its wireless interface would not provide a
detailed history of the interactions that the device has performed. Depending on the
circumstances, the monitor may provide information about: the identity of the
communicating parties; the particular protocols and algorithms used; and the volume of
traffic, for example. By sharing the collected information about the interactions of the
wireless device which occurred in untrusted environments with the main network (upon
its return), the wireless grid Edgeware devices can provide an indication of its
trustworthiness which may necessitate additional measures prior to the device being
allowed to re-establish full functionality on its main network.
Wireless grids Edgeware technology reliability and trustworthiness, including its
network, operating systems and end-user protection, would also be a substantial concern.
However, proper implementation of wireless grids Edgeware applications would depend
on the accurate implementation of the countermeasures identified, the application’s
ultimate purpose within an organisation, how that purpose ties into the organisation’s
216
T. Brooks et al.
business activities and the proper development of security policies and procedures for the
application. The continued use of literature and vulnerability exploitation’s would
provide a constant process that regularly reevaluates the risks throughout an Edgeware
application’s use. To this end, the current state of information assurance efforts with
respect to wireless grid Edgeware technology was developed. This revealed that there are
a number of security mechanisms available and that the need for wireless monitoring
(i.e., IDP, IRS, intelligent development platforms, etc.) is needed to detect threats and
cyber-attacks against wireless grids Edgeware technology.
7
Conclusions
This research identified the potential threats and risk that wireless grids Edgeware
technology poses to an organisational environment and how the use of this Edgeware
technology introduces a range of cyber-attacks. Wireless grid Edgeware applications, as
well as the wireless devices and architecture (which in many instances will be portable
and invariably exposed to untrusted wireless cloud environments), may be targeted. The
range of threats facing wireless grid Edgeware applications, when combined with the
immaturity of secure wireless clouds, represents a real information security risk. A
number of unmitigated threats and significant challenges remain to be addressed within
wireless grids Edgeware technology and its devices operating in wireless cloud
environments in general. Because of the erosion of tradition ‘secure’ perimeters or
network boundaries (e.g., de-perimeterisation) of the wireless cloud networks, the
demand for enforcing security is moving away from the network to the system and
applications that run on it. The focus of hackers and security experts has moved away
from just protecting the infrastructure to focusing on applications. This increases the
requirements for secure end-points and methods for establishing mutual ‘trust’ between
Edgeware technology systems, as well as establishing the requirement for secure
applications and mobile application code.
Therefore, the following proposed key future research directions are independent but
interrelated; and while each can be conducted in isolation, they will each produce
research outcomes that will be useful inputs into wireless grid Edgeware technology and
future operating environments:
7.1 Secure wireless inadvertently enabled remote access
Where a wireless capable device is connected to wireless grid Edgeware technology, via
a remote wired network, there is the potential that the wireless interface of the device is
enabled concurrent with the wired connection into the main network. If this situation
arises, there is the possibility that a bridge between the wireless interface and the
broadband interface providing connectivity to the main network could allow anyone
within wireless range of the device, to connect to the main network. To counter this
threat, further research on how the devices should be restricted via group policy,
host-based wireless security software or some other administrative control from bridging
interfaces is needed. If possible, the device should be configured in such a way that the
simultaneous activation of the wired and wireless interface is not possible.
Secure the edge?
217
7.2 Improved host-based configuration control and intrusion detection in a
wireless cloud
Within a wireless cloud environment utilising wireless grid Edgeware technology, both
network and host devices must be protected. Improved protection of host devices requires
research in two major areas:
1
host-based configuration control and environment
2
host-based intrusion detection capabilities for wireless grids Edgeware technology
and wireless clouds.
Further research on wireless grid Edgeware technology on improved host-based
configuration control can ensure that the vulnerability surface of devices is minimised
within a wireless cloud environment. The role of trusted computing hardware,
specifically trusted platform modules (TPM) and mandatory access control frameworks
(e.g., security enhances Linux [SE Linux]), in enforcing wireless-related security policies
warrants investigation. The use of these techniques to enforce security boundaries in
wireless grid Edgeware devices should also be researched and investigated to determine
the extent to which they can mitigate device driver vulnerabilities (through domain
separation) that can potentially be exploited to gain remote access to wireless grid
Edgeware devices.
7.3 Power constrains in wireless clouds and Edgeware devices
Wireless cloud deployments, in which wireless grid Edgeware devices and potentially
mobile devices communicate directly with each other, are particularly appealing in
environments where there is limited or no pre-existing communication infrastructure
available – in disaster recovery scenarios, for example. The range of threats to
communications and devices in wireless grid Edgeware and wireless cloud modes of
deployment, while sharing a number of similarities with infrastructure-based modes of
deployment, present unique challenges. The additional challenges that must be addressed
in wireless grid Edgeware and wireless cloud environments include the fact that nodes in
a wireless cloud environment are likely to be powered by batteries and therefore are
power constrained. A reliance on a finite power source introduces a new avenue of cyberattacks, in which an attacker may attempt to drain power of one or more nodes in a
wireless cloud network by having them unnecessarily transmit information. Another
challenge with wireless cloud architectures is that, unlike infrastructure networks where
all frames are directed to the AP, in wireless grid Edgeware and wireless cloud
architectures, nodes need to maintain routing information. Not only do they need to
maintain this information, but it is dynamically changing. This introduces the potential
for hackers to manipulate and interfere with the routes over which frames are transmitted.
Research to develop heuristic methods of providing power to these devices, where
perhaps no security exists yet, is needed.
In closing, as the hacking industry continues to grow unabated, security
vulnerabilities have the potential to undermine any new technology’s capability to
provide trust in the confidentiality, integrity and availability of information traversing in
innovative technologies such as wireless grids Edgeware applications or wireless devices.
Even with sound security policies, standards, practices and procedures, a steady flow of
218
T. Brooks et al.
vulnerability exploitation catastrophes towards the wireless grids Edgeware technology
could over time lead many to stop trusting the wireless grid Edgeware platform
altogether. Understanding that wireless grid Edgeware technology creates risks and
requires a rethinking – but not reinvention – of security controls and architecture. Many
of the existing security models may not work with wireless grid Edgeware technology
and the wireless cloud, and this research is advocating the reinvention of new security
methods, in the context of wireless grid Edgeware technology. Organisations should
consider the nature of wireless grid Edgeware technology and the need to place data,
processes, applications, and services on systems that organisations do not own, nor
control. However, with some forethought and planning, wireless grid-based systems can
be just as secure, if not more secure, as traditional systems.
References
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D.,
Rabkin, A. and Stoica, I. (2010) ‘A view of cloud computing’, Communications of the ACM,
Vol. 53, No. 4, pp.50–58.
Bandyopadhyay, K., Mykytyn, P.P. and Mykytyn, K. (1999) ‘A framework for integrated risk
management in information technology’, Management Decision, Vol. 37, No. 5, pp.437–445.
Bernard, S. and Ho, S.M. (2009) ‘Enterprise architecture as context and method for designing and
implementing information security and data privacy controls in government agencies’, in
P. Saha (Ed.): Advances in Government Enterprise Architecture, pp.340–370, Information
Science Reference, Hershey, PA, doi:10.4018/978-1-60566-068-4.ch015.
BloomBecker, B. (1990) Spectacular Computer Crimes: What they are and how they Cost
American Business Half a Billion Dollars a Year!, Dow Jones-Irwin, Homewood, IL.
Borden, T., Hennessy, J. and Rymarczyk, J. (1989) ‘Multiple operating systems on one processor
complex’, IBM Systems Journal, Vol. 28, No. 1, pp.104–123.
Brooks, T. (2014) Edgeware Security Risk Management: A Three Essay Thesis on Cloud,
Virtualization and Wireless Grid Vulnerabilities, Unpublished Doctoral thesis, Syracuse
University, Syracuse, New York.
Brooks, T. and McKnight, L. (2013) ‘Securing wireless grids: architecture designs for secure
wiglet-to-wiglet interfaces’, International Journal of Information and Network Security
(IJINS), Vol. 2, No. 1, pp.1–16.
Brooks, T., Caicedo, C. and Park, J. (2012a) ‘Security vulnerability analysis in virtualized
computing environments’, International Journal of Intelligent Computing Research, Vol. 3,
Nos. 1/2, pp.277–291.
Brooks, T., Robinson, J. and McKnight, L. (2012b) ‘Conceptualizing a secure wireless cloud’,
International Journal of Cloud Computing and Services Science, Vol. 1, No. 3, pp.89–114.
Brooks, T., Kaarst-Brown, M., Caicedo, C., Park, J. and McKnight, L. (2013) ‘A failure to
communicate: security vulnerabilities in the gridstreamx edgeware application’, Proceedings
of the IEEE 8th International Conference for Internet Technology and Secured Transactions
(ICITST-2013), pp.521–528.
Campbell, R.P. and Sands, G.A. (1979) ‘A modular approach to computer security risk
management’, AFIPS Conference Proceedings, Vol. 48; 1979 June 4–7; New York, NY.
Montvale, NJ: AFIPS Press; 1979: pp.293–304.
Chakrabarti, A. (2007) Grid Computing Security, Springer-Verlag Berlin Heidelberg, New York,
NY.
Chan, H. and Perrig, A. (2003) ‘Security and privacy in sensor networks’, Computer, Vol. 36,
No. 10, pp.103–105.
Secure the edge?
219
Chen, Y., Paxson, V. and Katz, R. (2010) What’s New about Cloud Computing Security?,
Technical Report UCB/EECS-2010-5, EE & CS Department, University of California at
Berkeley.
Cody, E., Sharman, R., Rao, R.H. and Upadhyaya, S. (2008) ‘Security in grid computing: a review
and synthesis’, Decision Support Systems, Vol. 44, No. 4, pp.749–764.
Committee on National Security Systems (CNSS) (2010) National Information Assurance
Glossary, CNSS Instruction No. 4009 [online] http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf
(accessed 15 June 2010).
Crockford, G. (1982) ‘The bibliography and history of risk management: some preliminary
observations’, The Geneva Papers on Risk and Insurance, Vol. 7, No. 23, pp.169–170.
Davis, A., Parikh, J. and Weihl, W.E. (2004) ‘Edgecomputing: extending enterprise applications to
the edge of the internet’, Proceedings of the 13th International World Wide Web Conference
on Alternate Track Papers & Posters, pp.180–187.
Farsole, A.A., Kashikar, A.G. and Zunzunwala, A. (2010) ‘Ethical hacking’, International Journal
of Computer Applications (IJCA), Vol. 1, No. 10, pp.14–20.
Fenz, S., Ekelhart, A. and Neubauer, T. (2011) ‘Information security risk management: In which
security solutions is it worth investing?’, Communications of the Association for Information
Systems, Vol. 28, No. 1, p.5.
Foster, I. (2002) ‘What is the grid?-a three point checklist’, GRIDtoday, Vol. 1, No. 6, pp.1–4.
Foster, I., Kesselman, C., Nick, J.M. and Tuecke, S. (2003) Grid Computing: Making the Global
Infrastructure a Reality, John Wiley & Sons, Inc., Hoboken, NJ.
Foster, I., Kishimoto, H., Savva, A., Berry, D., Grimshaw, A., Horn, B., Maciel, F., Siebenlist, F.,
Subramaniam, R., Treadwell, J. and Reich, J.V. (2006) ‘The open grid services architecture,
version 1.5’, gfd-i.080 ed., Global Grid Forum, [online] http://forge.gridforum.org/
projects/ogsa-wg (accessed 1 June 2010).
Foster, I., Zhao, Y., Raicu, I. and Lu, S. (2008) ‘Cloud computing and grid computing 360-degree
compared’, Proceedings of the IEEE Grid Computing Environments Workshop (GCE’08),
pp.1–10.
Garcés-Erice, L. and Rooney, S. (2012) ‘Secure lazy provisioning of virtual desktops to a portable
storage device’, Proceedings of the 6th international workshop on Virtualization Technologies
in Distributed Computing Date, pp.45–52.
Garfinkel, S. (2007) ‘Commodity grid computing with Amazon’s S3 and EC2’, USENIX, Vol. 32,
No. 1, pp.7–13.
Gelbstein, E. and Kamāl, A. (2002) ‘Information insecurity: a survival guide to the uncharted
territories of cyber-threats and cyber-security, vol. 1’, United Nations ICT Task Force and the
United Nations Institute for Training and Research. New York, NY.
Goh, S., Pang, H., Deng, R. and Bao, F. (2006) ‘Three architectures for trusted data dissemination
in edge computing’, Data & Knowledge Engineering, Vol. 58, No. 3, pp.381–309.
Goldberg, R. (1973) Architectural Principles for Virtual Computer Systems, PhD dissertation,
Harvard University, Massachusetts.
Gortney, W.E. (2012) Joint Publication 1-02: Department of Defense Dictionary of Military and
Associated Terms, US Department of Defense, Washington, D.C.
Grobauer, B., Walloschek, T. and Stocker, E. (2011) ‘Understanding cloud computing
vulnerabilities’, IEEE Security & Privacy, Vol. 9, No. 2, pp.50–57.
Gruschka, N. and Jensen, M. (2010) ‘Attack surfaces: a taxonomy for attacks on cloud services’,
Proceedings of the IEEE 3rd International Conference on Cloud Computing (CLOUD 2010),
pp.276–279.
Hansman, S. and Hunt, R. (2005) ‘A taxonomy of network and computer attacks’, Computers &
Security, Vol. 24, No. 1, pp.31–43.
Hartmann, B., Doorley, S. and Klemmer, S.R. (2008) ‘Hacking, mashing, gluing: understanding
opportunistic design’, IEEE Pervasive Computing, Vol. 7, No. 3, pp.46–54.
220
T. Brooks et al.
Horrigan, W. (1969) Risk, Risk Management and Insurance, Withdean Publications, Hove.
Jajodia, S., Noel, S. and O’Berry, B. (2005) ‘Topological analysis of network attack vulnerability’,
Managing Cyber Threats, Vol. 5, No. 2005, pp.247–266.
Jansen, W.A. (2011) ‘Cloud hooks: security and privacy issues in cloud computing’, Proceedings
of the 2011 44th Hawaii International Conference on System Sciences (HICSS ‘11), pp.1–10.
Jordan, T. and Taylor, P. (1998) ‘A sociology of hackers’, The Sociological Review, Vol. 46, No. 4,
pp.757–780.
Kaarst-Brown, M.L. and Robey, D. (1999) ‘More on myth, magic and metaphor: cultural insights
into the management of information technology in organizations’, Information Technology &
People, Vol. 12, No. 2, pp.192–218.
Kotsovinos, E. (2010) ‘Virtualization: blessing or curse?’, Queue, Vol. 8, No. 11, p.40.
Lang, B., Foster, I., Siebenlist, F., Ananthakrishnan, R. and Freeman, T. (2006) ‘A multipolicy
authorization framework for grid security’, Proceedings of the Fifth IEEE International
Symposium on Network Computing and Applications (NCA ‘2006), pp.269–272.
Lee, W., Squicciarini, A.C. and Bertino, E. (2011) ‘Detection and protection against distributed
denial of service attacks in accountable grid computing systems’, Proceedings of the 2011
11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing
(CCGrid‘2011), pp.534–543.
Lin, Y., Kemme, B., Patino-Martinez, M. and Jimenez-Peris, R. (2007) ‘Enhancing edge computing
with database replication’, Proceedings of the 26th IEEE International Symposium on Reliable
Distributed Systems (SRDS 2007), pp.45–54.
Löhr, H., Ramasamy, H.G., Sadeghi, A.R., Schulz, S., Schunter, M. and Stüble, C. (2007)
‘Enhancing grid security using trusted virtualization’, Lecture Notes in Computer Science,
Autonomic and Trusted Computing, Vol. 4610, pp.372–384.
McKnight, L., Bose, T., Marsden, J., Nanno, E., Treglia, J., Volos, H., Chen, X., Sharma, P. and
Ma, X. (2012) Open Specifications for Wireless Grids Technical Requirements, Version 0.1,
L. McKnight (Ed.), pp.1–22, Wireless Grids Testbed, Syracuse University, Syracuse, NY,
[online] http://www.wigitsu.org/open-spec-1.html (accessed 26 March 2012).
McKnight, L., Marsden, J., Treglia, J., Nanno, E., Hameed, A. and Lu, Y. (2013) edited by L.
McKnight, Open Specifications for Wireless Grids Technical Requirements, Version 0.2,
pp.1–45, Syracuse University.
McKnight, L.W., Howison, J. and Bradner, S. (2004) ‘Guest editors’ introduction: wireless grids –
distributed resource sharing by mobile, nomadic, and fixed devices’, IEEE Internet
Computing, Vol. 8, No. 4, pp.24–31.
Mehr, R. and Hedges, B. (1963) Risk Management in the Business Enterprise, Irwin Publishers,
Homewood, IL.
National Institute of Standards and Technology (NIST) (2012) Guide for Conducting Risk
Assessments, NIST Special Publication [online] http://csrc.nist.gov/publications/drafts/800-30rev1/SP800-30-Rev1-ipd.pdf (accessed 11 September 2012).
Onwubiko, C. and Lenaghan, A.P. (2007) ‘Managing security threats and vulnerabilities for small
to medium enterprises’, Proceedings of the 2007 IEEE Intelligence and Security Informatics,
pp.244–249.
Padmavathi, D.G. and Shanmugapriya, M. (2009) ‘A survey of attacks, security mechanisms and
challenges in wireless sensor networks’, International Journal of Computer Science and
Information Security, Vol. 4, Nos. 1/2, pp.1–9.
Pang, H. and Tan, K. L. (2004) ‘Authenticating query results in edge computing’, Proceedings of
the 20th IEEE International Conference on Data Engineering, pp.560–571.
Perry, T.S. and Wallich, P. (1984) ‘Can computer crime be stopped?’, IEEE Spectrum, Vol. 21,
No. 5, pp.34–45.
Rajanna, P. and Gyani, J. (2012) ‘A comparative study of cloud and grid computing security
solutions’, International Journal of Computer Science and Electronics Engineering, Vol. 2,
No. 1, pp.1–8.
Secure the edge?
221
Raymond, D.R. and Midkiff, S.F. (2008) ‘Denial-of-service in wireless sensor networks: attacks
and defenses’, IEEE Pervasive Computing, Vol. 7, No. 1, pp.74–81.
Rehana, J. (2009) Security of Wireless Sensor Network, TKK-CSE-B5, University of Technology,
Helsinki.
Ristenpart, T., Tromer, E., Shacham, H. and Savage, S. (2009) ‘Hey, you, get off of my cloud:
exploring information leakage in third-party compute clouds’, Proceedings of the 16th ACM
conference on Computer and Communications Security, pp.199–212.
Saha, S., Jamtgaard, M. and Villasenor, J. (2001) ‘Bringing the wireless internet to mobile devices’,
Computer, Vol. 34, No. 6, pp.54–58.
Schmit, J.T. and Roth, K. (1990) ‘Cost effectiveness of risk management practices’, Journal of Risk
and Insurance, Vol. 57, No. 3, pp.455–470.
Sen, B. (2004) ‘Cybermetrics-meaning, definition, scope and constituents’, Annals of Library and
Information Studies, Vol. 51, No. 3, pp.116–120.
Sheldon, T. (2012) Edge Devices [online] http://www.Linktionary.com (accessed 1 March 2012).
Sloman, M. (1994) ‘Policy driven management for distributed systems’, Journal of Network and
Systems Management, Vol. 2, No. 4, pp.333–360.
Smith, A.D. and Rupp, W.T. (2002) ‘Issues in cybersecurity; understanding the potential risks
associated with hackers/crackers’, Information Management & Computer Security, Vol. 10,
No. 4, pp.178–183.
Thomas, D. (2003) Hacker Culture, University of Minnesota Press, Minneapolis, MN.
Tipton, H.F. (2010) Official (ISC)2 guide to the cissp cbk, 2nd ed., Auerbach Publications, Boca
Raton, FL.
Treglia, J., Ramnarine-Rieks, A. and McKnight, L. (2010) ‘Collaboration in a wireless grid
innovation testbed by virtual consortium’, Networks for Grid Applications, Vol. 25,
pp.139–146.
Treglia, J.V., McKnight, L.W., Kuehn, A., Ramnarine-Rieks, A.U., Venkatesh, M. and Bose, T.
(2011) ‘Interoperability by ‘edgeware’: wireless grids for emergency response’, Proceedings
of the 2011 44th Hawaii International Conference on System Sciences (HICSS), pp.1–10.
Tsai, H.Y., Siebenhaar, M., Miede, A., Huang, Y. and Steinmetz, R. (2012) ‘Threat as a service?:
Virtualization’s impact on cloud security’, IT Professional, Vol. 14, No. 1, pp.32–37.
Tutănescu, I. and Sofron, E. (2003) ‘Anatomy and types of attacks against computer networks’,
Proceedings of the Second RoEduNet International Conference, pp.265–270.
Tyagi, N.K. and Vyas, A. (2008) ‘Data security from malicious attack: computer virus’,
Proceedings of the BVIM Indiacom2010 (Track 2: Web Technologies, Computer Networks &
Information Security [G-III]) National Conference, pp.1–10.
Van Cleeff, A., Pieters, W. and Wieringa, R. (2009) ‘Security implications of virtualization:
a literature study’, in Proceedings of the International Conference on Computational Science
and Engineering (CSE ‘09), Vol. 4, No. 3, pp.353–358.
von Hippel, E. and Paradiso, J.A. (2008) ‘User innovation and hacking’, IEEE Pervasive
Computing, Vol. 7, No. 3, pp.66–69.
Von Solms, R. (1999) ‘Information security management: why standards are important’,
Information Management & Computer Security, Vol. 7, No. 1, pp.50–58.
Wallner, J. (2008) ‘Cyber risk management. encyclopedia of quantitative risk analysis
and assessment’, Wiley Online Library, Cyber Defense Agency [online]
http://onlinelibrary.wiley.com/doi/10.1002/97804700 (accessed 1 March 2012).
Whiteside, T. (1978) Computer Capers: Tales of Electronic Thievery, Embezzlement, and Fraud,
Crowell, New York, NY.
Whitman, M.E. and Mattord, H.J. (2011) Principles of Information Security, Course Technology
Learning, Boston, MA.
Wiener, N. (1948) Cybernetics, Hermann, Paris.
222
T. Brooks et al.
Williams and Heins (1964) Risk Management and Insurance, McGraw Hill, New York, NY.
Wilson, C. (2003) ‘Computer attack and cyberterrorism: Vulnerabilities and policy issues for
congress’, in Linden, E. (Ed.): Focus on Terrorism, Vol. 9, pp.1–42.
Yi, S., Naldurg, P. and Kravets, R. (2001) ‘Security-aware ad-hoc routing for wireless networks’,
Proceedings of the Second ACM International Symposium on Mobile Ad Hoc Networking &
Computing (MobiHoc ‘01), pp.299–302.
Notes
1
2
3
4
5
6
7
View publication stats
A node is a point of entry into a network or a point of connection in the network (Newton,
2013).
The framework used for this research is based off the NIST Special Publication 800-30
Revision 1 ‘Guide for Conducting Risk Assessments’.
http://www.ahdictionary.com/word/search.html?q=risk.
http://dictionary.reference.com/browse/cyber?s=t.
Complete risk assessment and cyber-attack identification in Brooks (2014).
The terms likelihood and impact, as it pertains to this research, is not likelihood or impact in
the strict sense of the term; rather, it is a likelihood and risk value (score). The researcher does
not define a likelihood or impact function in the statistical sense; instead, the researcher
assigned a value (or likelihood/impact assessment) based on available research evidence from
the NIST 800-30 guidance, experience, and expert subjective judgement. The amalgamation of
factors such as motivation, intent, and capability thus could be used to produce a value
representing the likelihood of a cyber-attack and the impact of these threats. The
amalgamation of attributes, such as capability and vulnerability severity, could be used to
produce a value representing the likelihood and impact of adverse impacts. The incorporation
of these values was used to produce the overall likelihood and impact values.
Risk is a function of the likelihood of a threat event’s occurrence multiplied by the potential
adverse impact should the event occur, which can be computed as: Risk = Likelihood times
Impact (R = L*I) (NIST, 2012).