Linux Foundation introduces Project Alvarium to insert trust in data at the edge
The Linux Foundation is joining forces with top industry players to collectively develop Project Alvarium, an open source initiative that promotes system-level measurable trust in data transfers between devices and applications. Project Alvarium is introducing the concept of a Data Confidence Fabric (DCF) to describe this trust model.
Also described as a “trust fabric,” DCF is a system that unites different technologies in an open framework used to make the data path trustworthy, making it easier to arrange trusted AI models and to deliver data from devices to applications. This is a critical component in building edge and IoT security. Project Alvarium uses integrated algorithms and open APIs for obtaining and importing data and wants to leverage the framework to develop confidence score algorithms.
“We look forward to helping build a collaborative community to focus on creating and unifying trust insertion technologies,” said Arpit Joshipura, general manager, Networking, Edge and IOT, the Linux Foundation. “As edge computing becomes more pervasive, a comprehensive open source framework that delivers measurable confidence across industries and across stacks is imperative,” he said.
The project is in the early stage of development, but has already been seeded by prototype code from Dell Technologies and is supported by Arm, IBM, IOTA Foundation, MobiledgeX, OSIsoft, and Unisys, among others. In April 2017, Dell also seeded the EdgeX Foundry project, an open source framework for IoT edge computing that is now under the LF Edge umbrella.
Counting one million microservice downloads, EdgeX is already included in the DCF seed for open data ingestion, but it can be replaced with Azure IoT. The Alvarium framework helps organizations create their own DCF by tailoring it to their needs, but to achieve the highest confidence, trust needs to be inserted at the edge, as close to the device as possible.
Focused on unifying trust insertion technologies, Project Alvarium has received support industry-wide and can be deployed in all markets and solution stacks.
“Data Confidence is central to large sensor-laden compute systems like those found in Industrial IoT digital transformation projects. Both the Object Management Group (with its forthcoming SENSR standard) and the Industrial Internet Consortium (with over 25 large industrial IoT testbeds around the world) welcome the forthcoming Alvarium project as necessary for these critical infrastructures,” said Dr. Richard Mark Soley, Chairman, and CEO of the Object Management Group and Executive Director of OMG’s Industrial Internet Consortium in a prepared statement. “With a long working relationship with important Linux Foundation projects, OMG and IIC are delighted to see this new project.”
The open-framework provides multiple layers of trust insertion including at the device level that will establish a confidence score for each piece of data. This is extremely important in optimizing operations because data is the most valuable resource to date. There is still a lot of IoT potential that companies haven’t yet tapped into either because of tech limitations or a vague legal framework.
Trust in data is key to building business value
According to Dell EMC software engineer and inventor Steve Todd, who was also part of the Project Alvarium development team, had been for a while trying to figure out ways to monetize untrusted Edge and IoT data, wondering if trust principles applied to enterprise storage systems could also be applied for edge systems. Todd, who is Vice President of Strategy and Innovation in the Office of the CTO, believes the association of open source and commercial technologies can be successfully leveraged to build trust in data collection from IoT devices.
“Trust fabrics will be a key enabler for scaling digital transformation across inherently heterogeneous systems,” said Jason Shepherd, Global CTO, Edge and IoT, Dell Technologies, in a prepared statement. “There is not an industry on the planet that this effort won’t impact in terms of delivering data with measurable confidence, facilitating trusted workload consolidation and also helping organizations scale meeting compliance requirements such as GDPR,” he said. End-to-end trust insertion points in the fabric can be as follows, according to a PowerPoint presentation shared on the project’s website.
· The first level of trust insertion is the hardware root of trust signatures on device data.
· The second level entails support N-S-E-W authentication and authorization.
· The third level involves open data ingestion software to build trust in data history.
· The fourth level involves trusted execution environments to confirm the data was not tampered with.
· The fifth level of trust insertion involves metadata/policy attachment.
· The sixth level involves secure, immutable scale-out storage.
· The seventh level involves registration of trusted assets in a multi-cloud distributed ledger.
Noteworthy additional technologies to insert trust are hypervisors, OS, management and orchestration tools.
Supporters say Project Alvarium is not trying to reinvent the wheel, but it is more about trying to unite technologies and industry achievements of LF Edge, the Linux Foundation and of external organizations such as IOTA, Linaro and TIoTA. By working together, they will at first come up with scoring algorithms through open source software, which will be improved later on.
LF Edge releases v2 of Open Glossary of Edge Computing
Article Topics
edge computing | IoT security | Linux Foundation | open source | Project Alvarium
Comments