We would like to take this opportunity to illustrate the challenges related to computational resource consumption such as memory, CPU or networking, in our gateway setup. First and foremost, we must admit the utmost importance of ensuring that services provided by the gateway have reasonable use of the computational resources. This is how we can ensure that there is space available for applications using core services from AGILE. However, this is not the only reason to keep an eye on resource consumption. There are also security implications and economic reasons to monitor and control the use of resources, i.e. especially when computation should be offloaded to the cloud.
We will discuss the release of an open-source component to measure resource consumption in the gateway plus other scenarios. We will then explain how we have used this component in the scope of the project to perform several research tasks. Applications of the resource measurement component have been used to study resource abuse scenarios from the perspective of security, detection of crypto-miners, and evaluation of strategies to balance the computation load between the gateway and the cloud.
A Component to Measure Computational Resources in AGILE
The first building block to start understanding implications of resource management in the gateway is to have a procedure on monitoring the use of computational resources in the gateway. In respect to this, we have developed the Performance Monitor: a generic tool to monitor and plot resource consumption for multiple docker containers running in the gateway, or elsewhere.
Naturally, this component works with AGILE, yet it can also be used in any other context where there are docker containers. This flexibility allowed us to use this component, or parts of it, within the scope of various research activities performed during the project. The performance monitor plots figures, like the one below, showing CPU, memory, and networking consumption per container. In addition to the plots, the performance monitor also makes aggregated data available in CSV format, and raw data in JSON format for other system use. These data sources were, and are currently, used in automated scripts to evaluate some software components and research ideas that arise from the project.
Security Implications of Resource Consumption in IoT Scenarios and AGILE
Back in 2016, the Mirai botnet took advantage of misconfigured IoT devices and used them for a Distributed Denial of Service (DDoS) attack against the Internet, e.g. the OVH French hosting company. This very good example represents two aspects: 1) little by little resources can add up to a point where they can do real harm. 2) computational resources can harm systems outside of the compromised system.
Taking this into consideration, the abuse of system resources without the owner’s knowledge becomes more critical when the misuse is leveraged to harm others, e.g. DDoS. From this perspective, we have published some research papers showing how Web clients can be misused to store  or distribute  information without the user’s knowledge for an attacker’s benefit. Particularly, we expect this research to serve as a warning for the development of future technologies. Simultaneously, this serves as a guide to protect the gateway against resource abuse for undesirable purposes.
Furthermore, on scenarios where clients or devices can be used against other systems, there is a resource abuse scenario providing financial benefit for attackers without attacking other systems than the one they compromised. This is called cryptocurrency mining. There has been a spike in the number of computers used for crypto-mining without the owner’s consent due to the creation of a new crypto-currency, i.e. Monero. Attackers are becoming more creative over time, and they have moved from one approach to the next to abuse systems for their profit. These techniques include using a Content Management System (CMS) plugins, advertisements, overwriting cloud storage buckets with wrong permissions or even hacking routers to inject mining scripts into browsers. This threat has become so critical that during 2017, Symantec measured an increase of 8.500% on the presence of crypto-miners. Additionally, the director of Symantec Security Response raised this issue within IoT context with the following quotes:
“Now you could be fighting for resources on your phone, computer or IoT device as attackers use them for profit,”
“People need to expand their defenses or they will pay for the price for someone else using their device.”
Within AGILE, we took the massive spread of unauthorized crypto-miners on the Web to evaluate two detection mechanisms. The vast adoption of crypto-miners allowed us to collect high-quality data and evaluate a machine learning-based classifier to detect miners based on resource use or API use. Our results have been published in one of the top academic conferences for applied IT security .
Offloading to Cloud Environments
Conjointly, we have integrated an offloading mechanism in AGILE for computational heavy tasks. This allows developers to deploy real applications through rapid prototyping tools (In AGILE we integrated Node-RED) and let the AGILE stack control whether heavy jobs should be deployed in the cloud. Particularly, we were motivated to develop this functionality, and evaluate it, because when tasks become too comprehensive, the performance of single board hardware, e.g. Raspberry Pi, decreases as the processor’s speed is automatically decreased due high CPU temperatures. We evaluated how the performance of the Raspberry Pi 3 improves when Node-RED pushes flows automatically to cloud endpoints and collects results data after jobs have been completed. An evaluation of our implementation was accepted in our short paper  and will be presented in CloudComm 2018.
Coming Up Soon….
We are currently working on the evaluation of the authentication and security policy framework scalability offered to applications interacting with AGILE, using our performance monitor. With this, we are going to compare the runtime performance, as well as the resource consumption of agile-security in comparison to another attribute-based access control server called WSO2 . We are looking forward to using different kinds of hardware used for AGILE; for example, the Raspberry PI 3 and the UPBoard!
Once we obtain our results, we will return and publish more insights on our scientific work. Stay tuned!
 Local Storage on Steroids: Abusing Web Browsers for Hidden Content Storage and Distribution. In Proc. of 14th EAI International Conference on Security and Privacy in Communication Networks (SECURECOMM)
 When Your Browser Becomes the Paper Boy. In ICT Systems Security and Privacy Protection (IFIP SEC), pages 94-107, Springer International Publishing,
 RAPID: Resource and API-Based Detection Against In-Browser Miners. In ACSAC 2018: Proceedings of the 34th Annual Computer Security Applications Conference, ACM, 2018
 Offloading Execution from Edge to Cloud: a Dynamic Node-RED Based Approach, CloudCom 2018 in Nicosia, Cyprus