Decentralized Orchestration and Management of Distributed Heterogeneous Things

dominos2018 | april 23, 2018 | Taipei, Taiwan

Our Agenda for April 23, 2018

Keynote 1 - Microsoft Azure Service Fabric

Azure Service Fabric is a distributed systems platform that makes it easy to package, deploy, and manage scalable, reliable, consistent and stateful microservices and containers. Developers and administrators can avoid complex infrastructure problems and focus on implementing mission-critical, demanding workloads that are scalable, reliable, and manageable. This talk will focus on the core distributed systems architecture of Service Fabric and will talk about the Fog computing scenario where service fabric can be used. Fog computing is an evolving field of computer science which deals with computing on the edge leveraging the cloud as the backbone. The management plane for these devices resides on the cloud ensuring that customers get single unified entry point to manage their clusters. The high availability and control plane is still at the edge so that functionality is available even when connection to cloud is disabled.

Live Demonstration

The demo is going to be of a Service Fabric highly available edge cluster being managed from the cloud. The highly available application running would be a facial recognition software on a video stream analyzing and matching faces. We will show how failures would be handled when connected to the cloud and when disconnected.

Dr. Rishi Sinha

Dr. Rishi Sinha is currently a Principal Software Engineering Manager in the Azure org in Microsoft. For the last 10 years he has worked on the Microsoft Azure Service Fabric platform. Microsoft Azure Service Fabric team provides cutting edge capabilities to develop, deploy and manage large scale stateful Micro Services. The Microsoft Azure Service Fabric forms the backbone of core Azure Services, as well as the Microsoft Azure Stack being shipped as part of Windows Server providing public vs private cloud symmetry that very few other products offer. As part of the team he has worked on the solving the core distributed systems problems of failure detection, leader election and routing consistency. He currently heads the charter for deploying and managing Service Fabric on the edge, enabling experimentation frameworks in Service Fabric through the Chaos Service and managing secrets inside service fabric among other important deliverables. Prior to joining Microsoft, he finished his Ph. D. at University of Illinois at Urbana Champaign in 2007 in the field of managing large scale scientific data.

Keynote 2 - Security Management for Networks-of-Things (NoT)

The Internet of Things (IoT) is the next wave of innovation that promises to improve and optimize our daily life based on intelligent sensors and smart objects working together seamlessly. Through Internet Protocol (IP) connectivity, sensors and actuating devices can now be connected to the Internet, thus allowing them to be read, controlled, and managed at any time and at any place. Security is an important aspect for IoT deployment and it is widely acknowledged that IoT will only become useful and manageable if we can address the security and privacy challenges involving millions of IoT devices deployed in the field. In this talk, I will discuss the concept of “Networks-of-Things” (NoT) introduced by [NIST SP 800-183], the life-cycle of an IoT device, and highlight some of the key security management issues and solutions for NoT including key management, data integrity protection and end-to-end communication.

Dr. Sye-Loong Keoh

Sye-Loong Keoh is an Associate Professor in the School of Computing Science, University of Glasgow (UofG, Singapore campus) and the Director of Research Programmes in UofG Singapore. He holds a Ph.D. in computing science from Imperial College London. Prior to joining Glasgow, he was a Senior Scientist at Philips Research Eindhoven, The Netherlands. His areas of expertise include cyber security for Internet of Things (IoT), lightweight security systems for cyber-physical systems, and policy-based security management for pervasive and distributed systems.

He leads the cyber-security research activities in UofG Singapore where he has designed several lightweight authentication protocols and key management schemes for IoT, building management and industrial control systems. More recently, he is researching on new techniques for securing end-to-end communication and ensuring data provenance in IoT environment. While working at Philips Research, he was responsible for standardizing Marlin Digital Rights Management (DRM) technology for content protection, and lightweight security protocols for Philips’s IoT-based lighting systems.

Paper Presentations

Our agenda for April 23, 2018 is:

12h30 Lunch

13h30 Welcome (Marc-Oliver Pahl)

13h35 Keynote 1: Rishi Sinha - Microsoft Azure Service Fabric (45+5) [Chair: Marc-Oliver Pahl]

14h25 Cecil Wöbker, Andreas Seitz, Harald Mueller, Bernd Bruegge, "Fogernetes: Deployment and Management of Fog Computing Applications" (20 min + 5 min + optional poster) [Chair: Steven J. Johnston]

Devices used in fog and edge computing are heterogeneous, decentralized and distributed. These computing environments are unpredictable and their applications are becoming more complex. This leads to challenges regarding deployment and management of fog and edge applications. It is important to ensure that quality of service, availability, reliability and real-time characteristics are guaranteed during deployment to take advantage of fog computing. In this paper, we present Fogernetes, a fog computing platform that enables management and deployment of fog applications with specific requirements on heterogeneous devices with different capabilities. Fogernetes allows matching requirements of application components with device capabilities by using a labeling system. Based on a case study, we evaluate and test Fogernetes and examine its practical applicability for the deployment and management of fog computing applications. Fodeo serves as an example application. Fodeo analyzes video streams from multiple cameras and detects objects in them. Fogernetes enables the deployment of Fodeo components on appropriate devices by matching requirements and capabilities.

14h50 2 WiP Presentations (5 minutes each in front of the poster)

      • Herry Herry, Emily Band, Colin Perkins, Jeremy Singer, "Peer-to-Peer Secure Updates for Heterogeneous Edge Devices" (5 min in front of the poster) [Chair: Philip Basford]

We consider the problem of securely distributing software updates to large scale clusters of heterogeneous edge compute nodes. Such nodes are needed to support the Internet of Things and low-latency edge compute scenarios, but are difficult to manage and update because they exist at the edge of the network behind NATs and firewalls that limit connectivity, or because they are mobile and have intermittent network access. We present a prototype secure update architecture for these devices that uses the combination of peer-to-peer protocols and automated NAT traversal techniques. This demonstrates that edge devices can be managed in an environment subject to partial or intermittent network connectivity, where there is not necessarily direct access from a management node to the devices being updated.

      • Holger Kinkelin, Heiko Niedermayer, Valentin Hauner, Georg Carle: "Trustworthy Configuration Management for Networked Devices using Distributed Ledgers" (5 min in front of the poster) [Chair: Steven J. Johnston]

Numerous IoT applications, like building automation or process control of industrial sites, exist today. These applications inherently have a strong connection to the physical world. Hence, IT security threats cannot only cause problems like data leaks but also safety issues which might harm people. Attacks on IT systems are not only performed by outside attackers but also insiders like administrators. For this reason, we present ongoing work on a configuration management system (CMS) that provides control over administrators, restrains their rights, and enforces separation of concerns. We reach this goal by conducting a configuration management process that requires multi-party authorization for critical configurations to achieve Byzantine fault tolerance against attacks and faults by administrators. Only after a configuration has been authorized by multiple experts, it is applied to the targeted devices. For the whole configuration management process, our CMS guarantees accountability and traceability. Lastly, our system is tamper-resistant as we leverage Hyperledger Fabric, which provides a distributed execution environment for our CMS and a blockchain-based distributed ledger that we use to store the configurations. A beneficial side effect of this approach is that our CMS is also suitable to manage configurations for infrastructure shared across different organizations that do not need to trust each other.

      • Poster Session
        • Peer-to-Peer Secure Updates for Heterogeneous Edge Devices
        • Trustworthy Configuration Management for Networked Devices using Distributed Ledgers
        • Fogernetes: Deployment and Management of Fog Computing Applications
        • A Management Framework for Secure Multiparty Computation in Dynamic Environments

15h00 Coffee Break & Posters

15h30 Marcel von Maltitz, Stefan Smarzly, Holger Kinkelin, Georg Carle: "A Management Framework for Secure Multiparty Computation in Dynamic Environments" (20 min + 5 min+ optional poster) [Chair: Philip Basford]

Secure multiparty computation (SMC) is a promising technology for privacy-preserving collaborative computation. In the last years several feasibility studies have shown its practical applicability in different fields. However, it is recognized that administration and management overhead of SMC solutions are still a problem. A vital next step is the incorporation of SMC in the emerging fields of the Internet of Things and (smart) dynamic environments. In these settings, the properties of these contexts make utilization of SMC even more challenging since some of its vital premises regarding environmental stability and preliminary configuration are not initially fulfilled. We bridge this gap by providing FlexSMC, a management and orchestration framework for SMC which supports the discovery of nodes, supports a trust establishment between them and realizes robustness of SMC session by handling nodes failures and communication interruptions. The practical evaluation of FlexSMC shows that it enables the application of SMC in dynamic environments with reasonable performance penalties and computation durations allowing soft real-time and interactive use cases.

16h00 Keynote 2: Sye-Loong Keoh - Security Management for Networks-of-Things (NoT) (45+5) [Chair: Marc-Oliver Pahl]

16h50 Closing (Marc-Oliver Pahl)

17h00 End

17h30 NOMS 2018 Welcome Reception

DOMINOS 2018 Workshop | April 23, 2018 | NTUH International Convention Center | Teipei, Taiwan

Header Image: Taipei Skyline from the Elephant Mountain | CC BY-SA 2.0 Eleleleven 2017 | design: mop