The edge computing-based Internet of Things (IoT) offers benefits in terms of efficiency, low latency, security, and privacy. However, programming models and platforms for this edge-based IoT are still an open problem, particularly regarding security and privacy. This paper proposes concrete and realizable ideas for building a secure programming platform called Secure Swarm Programming Platform (SSPP) to ensure platform-level security for the edge-based IoT while utilizing existing systemlevel security mechanisms. SSPP’s easy-to-use software components can enable static and dynamic security analysis of IoT applications, preventing vulnerabilities and detecting intrusions. Software deployed through SSPP can be remotely attested by a verifier on the edge, ensuring it remains untampered with. This paper also plans out future research and evaluation of SSPP’s programmability, security, and remote attestation.

In the context of cloud environments, data providers entrust their data to data consumers in order to allow further computing on their own IT infrastructure. Usage control measures allow the data provider to restrict the usage of its data even on the data consumer’s system. Two of these restrictions can be the geographic location and time limitations. Current solutions that could be used to enforce such constraints can be easily manipulated. These include solutions based on the system time, organizational agreements, GPS-based techniques or simple delay measurements to derive the distance to known reference servers.

Confidential computing services enable users to run or use applications in Trusted Execution Environments (TEEs) leveraging secure hardware, like Intel SGX or AMD SEV, and verify them by performing remote attestation. Typically this process is very rigid and not always aligned with the trust assumptions of the users regarding the hardware identities, stakeholders and software that are considered trusted. In our work, we enable the users to tailor their trust boundaries according to their security concerns and remotely attest the different TEEs specifically based on those.

With the development of cloud computing and edge computing, data sharing and collaboration have become increasing between cloud edge and end. Under the assistance of edge cloud, end users can access the data stored in the cloud by data owners. However, in an unprotected cloud-edge-end network environment, data sharing is vulnerable to security threats from malicious users, and data confidentiality cannot be guaranteed. Most of the existing data sharing approaches use the identity authentication mechanism to resist unauthorized accessed by illegal end users, but the mechanism cannot guarantee the credibility of the end user’s network environment. Therefore, this article proposes an approach for trusted sharing of data under cloud-edge-end collaboration (TSDCEE), in which we verify the trustworthiness of the data requester’s network environment based on the mechanism of attribute remote attestation. Finally, this article uses model checking Spin method to formally analyze TSDCEE, and verifies the security properties of TSDCEE.

With the proliferation of IoT devices, the number of devices connected to the Internet has been rapidly increasing. An edge computing platform must flexible and efficient data control. Also, edge nodes are not always reliable. Edge node administrators can leak data through intentional mishandling. In this paper, we propose an edge computing platform on modular architecture that protects data and processing from interception and a processing flow based on data characteristics using Intel SGX and multi-authority attribute-based encryption. In addition, we report a performance evaluation of our method.

The wide adoption of IoT gadgets and CyberPhysical Systems (CPS) makes embedded devices increasingly important. While some of these devices perform mission-critical tasks, they are usually implemented using Micro-Controller Units (MCUs) that lack security mechanisms on par with those available to general-purpose computers, making them more susceptible to remote exploits that could corrupt their software integrity. Motivated by this problem, prior work has proposed techniques to remotely assess the trustworthiness of embedded MCU software. Among them, Control Flow Attestation (CFA) enables remote detection of runtime abuses that illegally modify the program’s control flow during execution (e.g., control flow hijacking and code reuse attacks).

The continuing integration of decentralized energy generators requires a more flexible power grid, which necessitates the use of stronger automation and more communication technologies between the control systems. This is accompanied by an increase in the attack surface of the power grid, such as attacks on firmware of intelligent electronic devices. This publication aims to secure intelligent electronic devices by monitoring their firmware. To achieve this aim, Trusted Computing technology such as remote attestation are integrated into the power grid domain specific communication standards to improve security in the current power grid architecture. The outcome is an appropriate conceptual information model for the IEC 61850 standard in order to be qualified to transfer remote attestation information and exchange them with the control centre. Such a solution is perfectly designed for automatic remote monitoring.