Testing the Resilience of MEC-Based IoT Applications Against Resource Exhaustion Attacks.

Multi-access Edge Computing (MEC) is an emerging computing model that provides the necessary on-demand resources and services to the edge of the network, ensuring powerful computing, storage capacity, mobility, location, and context awareness support to emerging Internet of Things (IoT) applications. Nonetheless, its complex hierarchical model introduces new architectural interdependencies, which can influence the resilience of IoT applications against cyber attacks. Although application resilience has been investigated in the context of cloud computing, existing studies are not directly applicable to such an extended edge-cloud paradigm. The use of different enabling technologies at the edge of the network, such as various wireless access technologies and virtualization, implies several threats and challenges that make the analysis and deployment of resilience mechanisms a technically challenging problem. In this article, we first present an overview of the threat model, describing the threats for the different layers of this paradigm. We then study the impact of resource-exhausting attacks – a particularly relevant class for this paradigm - on three different IoT applications exploiting the services offered by the MEC-based architecture. We adopt a testing-based methodology conceived to characterize the resilience of such applications under attack. A set of most important resilience-related indicators are also identified. The characterization's results are useful to support the analyst in planning proper protection means at individual architectural layers.