Optimal Security Risk Management Mechanism for the 5G Cloudified Infrastructure

• Published in: IEEE eTransactions on network and service management Vol. 18; no. 2; pp. 1260 - 1274
• Main Authors: Carvalho, Glaucio H. S., Woungang, Isaac, Anpalagan, Alagan, Traore, Issa
• Format: Journal Article
• Language: English
• Published: New York IEEE 01.06.2021; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: 5G mobile communication; 5G Security; Cloud computing; Control systems design; Controllers; Cost function; Denial of service attacks; Edge computing; Markov processes; Optimization; Provisioning; Resource management; Risk management; Security; security risk management; stochastic optimal control; Taxonomy
• ISSN: 1932-4537; 1932-4537
• DOI: 10.1109/TNSM.2021.3057761

This work proposes an optimal security risk management mechanism to holistically minimize the risks of a Denial of Service (DoS) attack and Service Level Agreement (SLA) violations that might unfold at the 5G edge-cloud ecosystem. Using the Semi-Markov Decision Process framework, a cyber risk-aware controller is designed to optimally decide on the admission, placement, and migration of a service taking into consideration a user taxonomy and the service requirements. A new cost structure that balances the targeted security risks as well as the cost and the reward of a secure service provisioning is introduced to pave the way for a safe edge-cloud operation. To proactively restrict the population of untrusted users, we consider security controls in the form of a linear and an exponential cost functions and show that the former represents a more flexible and profitable pathway for a Mobile Network Operator to operate at the expense of an inflated security risk while the latter leads to the opposite outcome. Results show that the baseline mechanism might violate the SLA and expose the edge and the cloud to a DoS attack in levels that are 10 2 , 10 12 , and 10 14 times higher than those of the proposed controller.