As Industrial Control Systems (ICS) shift toward cloud–edge continuums, a single breach can trigger cascading failures across the entire infrastructure. Current research lacks a unified method to establish end-to-end verifiable trust across heterogeneous devices and platforms. This paper proposes a reference architecture to bridge this gap, deriving security requirements from NIST, ENISA, and MITRE ATT&CK frameworks. The architecture integrates hardware-rooted trust, secure networking, and cloud-based attestation. It is designed for diverse environments—ranging from TEE-enabled devices to bare-metal controllers—allowing for incremental deployment and clear security-performance trade-offs. By unifying siloed defenses into a holistic framework, this work provides systematic guidance for managing risks and ensuring deployability in real-world industrial settings.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A Reference Architecture for Verifiable Trust Across Industrial Cloud–Edge Continuum

  • Bruno Crispo,
  • Antonio Iannaccone,
  • Roberto Nardone,
  • Alfredo Petruolo,
  • Carlo Ramponi

摘要

As Industrial Control Systems (ICS) shift toward cloud–edge continuums, a single breach can trigger cascading failures across the entire infrastructure. Current research lacks a unified method to establish end-to-end verifiable trust across heterogeneous devices and platforms. This paper proposes a reference architecture to bridge this gap, deriving security requirements from NIST, ENISA, and MITRE ATT&CK frameworks. The architecture integrates hardware-rooted trust, secure networking, and cloud-based attestation. It is designed for diverse environments—ranging from TEE-enabled devices to bare-metal controllers—allowing for incremental deployment and clear security-performance trade-offs. By unifying siloed defenses into a holistic framework, this work provides systematic guidance for managing risks and ensuring deployability in real-world industrial settings.