This paper presents a comprehensive experimental study of a novel trust-based security architecture for edge computing environments. We introduce an adaptive security framework that combines dynamic trust evaluation with decentralized decision-making mechanisms to enhance threat detection and system resilience. Through extensive simulation experiments, we evaluate the architecture's performance across various network configurations, ranging from 20 to 100 nodes, with different operational parameters and security event patterns. The simulation framework implements a sophisticated spatial distribution model for edge nodes, incorporating computational constraints, memory limitations, and communication boundaries typical of edge computing environments. Our results demonstrate that the proposed architecture achieves an 83.0% threat detection rate while maintaining network resilience at 95.6%, significantly exceeding baseline security requirements. The trust management mechanism demonstrates robust adaptation to security events, maintaining average trust scores of 78.6% despite active security incidents. We provide detailed analysis of system behavior under various attack scenarios, including intrusion attempts, data leaks, DDoS attacks, and authentication failures. The architecture shows exceptional scalability characteristics, with improved detection rates and trust stability in larger network configurations. Performance metrics reveal consistent achievement above target thresholds across all evaluated dimensions, with minimum trust levels maintaining a 7.2 percentage point margin above requirements. Our findings provide empirical validation of the architecture's effectiveness while offering practical insights into deployment considerations for edge computing security. The study contributes to the field by establishing quantitative benchmarks for security performance in edge environments and demonstrating the viability of trust-based security mechanisms for distributed systems.
Edge computing represents a fundamental transformation in distributed system architectures,
shifting computational resources closer to data sources and end devices [
Recent industry analyses project that edge devices will generate over 79.4 ZB of data by 2025,
with approximately 75% of enterprise data being processed at the edge [
Traditional security architectures, designed for centralized cloud environments, prove inadequate
in edge computing scenarios for several reasons [
This paper presents a comprehensive evaluation of an adaptive security architecture designed specifically for edge computing environments. Our approach incorporates trust-based security management and decentralized decision-making mechanisms to address the unique challenges of edge security. Through extensive simulation and analysis, we demonstrate the architecture's effectiveness in maintaining robust security while adapting to varying network scales and operational conditions.
The primary contributions of this work include: • • •
First, we develop a detailed system model that captures the essential characteristics of edge computing security, incorporating both spatial and temporal aspects of security dynamics. This model provides a foundation for analyzing security mechanism effectiveness while maintaining realistic operational constraints.
Second, we present comprehensive experimental validation of our security architecture across different network scales, ranging from 20 to 100 nodes. Our results demonstrate that the architecture achieves detection rates of up to 96.8% while maintaining network resilience at 100%, even under active security threats.
Third, we provide detailed analysis of system behavior under various attack scenarios, examining the architecture's response to different types of security events including intrusions, data leaks, DDoS attacks, and authentication failures. This analysis reveals important insights into the effectiveness of distributed security mechanisms in edge environments.
The remainder of this paper is organized as follows: Section 2 reviews related work in edge computing security and distributed trust management. Section 3 presents our system model and theoretical framework. Section 4 details the simulation methodology and experimental setup. Section 5 describes the implementation of our security architecture. Section 6 presents comprehensive results and analysis. Section 7 discusses implications and limitations of our findings. Finally, Section 8 concludes with future research directions.
Through this work, we aim to advance the understanding of security architecture design for edge computing environments while providing practical insights for implementing robust security 228 mechanisms in distributed systems. The findings presented here have important implications for the development of secure edge computing applications across various domains.
Recent advances in edge computing security have focused on addressing the fundamental challenges of distributed trust management and privacy preservation in resource-constrained environments. This section examines key developments across several critical areas of edge security research.
Traditional security architectures have proven inadequate for edge computing environments due to
their centralized nature and resource requirements. Zhang et al. (2022) [
Kenioua et al. (2024) [
Privacy preservation in edge computing has emerged as a critical research focus. Huso et al. (2023)
[
The challenge of secure data consolidation has been addressed by Shruti et al. (2024) [11], who proposed an encryption-based fog computing model for smart grid applications. Their work showed improved performance in storage efficiency and communication costs compared to existing approaches, but primarily focused on static network configurations.
Recent work in trust management has explored various approaches to establishing and maintaining trust in distributed environments. Chen et al. (2023) [12] developed an adaptively secure attributebased multi-authority broadcast encryption scheme, addressing limitations in single-authority approaches through threshold secret sharing and decryption delegation. Their work demonstrated practical improvements in user-side decryption speed and storage overhead.
Cheng et al. (2024) [13] proposed an innovative approach combining blockchain with multiauthority ciphertext-policy attribute-based encryption. Their scheme supports large-universe attribute management and authority tracking, though computational overhead remains a concern in resource-constrained edge environments.
The vulnerability of edge systems to various cyber attacks has received significant attention. Guo et al. (2023) [14] investigated secure consensus problems in multiagent systems under multiple cyberattacks, proposing an observer-based dynamic cryptography-based encryption-decryption algorithm. Their work demonstrated effective defense against replay and denial-of-service attacks, though primarily in controlled network conditions.
Despite these advances, several critical gaps remain in edge computing security research. First, existing approaches typically address specific security aspects in isolation, lacking comprehensive architectural solutions that integrate trust management, privacy preservation, and attack resilience. Second, current solutions often make strong assumptions about network stability and resource availability that may not hold in practical edge deployments.
Furthermore, while recent work has demonstrated promising results in specific scenarios, questions remain about scalability and performance in large-scale, dynamic edge environments. The integration of multiple security mechanisms while maintaining acceptable performance on resourceconstrained devices remains a significant challenge.
Our work addresses these gaps by proposing a comprehensive security architecture that combines adaptive trust management with efficient security mechanisms, validated through extensive experimental evaluation across various network scales and operational conditions.
We introduce a comprehensive system model that forms the foundation for our security architecture evaluation. This model captures the essential characteristics of edge computing environments while incorporating security and trust mechanisms necessary for robust analysis.
The edge computing network is modeled as an undirected graph G(V , E) , where V represents the set of edge nodes and E represents the communication links between nodes. Each edge node vi V is characterized by a tuple:
vi = (Ci , M i , Si ,Ti , Li ) ,
The network topology is governed by spatial proximity, where edge establishment follows: 1, Eij = 0, if d (Li , Lj ) rmax ; otherwise, where d (Li , Lj ) represents the Euclidean distance between nodes i and j , and rmax denotes the maximum connection radius, set to 30 units in our implementation.
Trust relationships between nodes are modeled through a dynamic trust matrix T , where each element Tij represents the trust score that node i assigns to node j . Trust evolution follows:
Tij (t +1) = Tij (t) (1− Iij (t)) , where: • represents the trust decay factor (0.1 in our implementation); •
Iij (t) denotes the impact of security events at time t (1) (2) (3) Trust propagation through the network incorporates distance-based decay:
Impact(d) = I0 e− d , • • • • • •
Security events are characterized by a tuple: e = (t, n,type, sev, det) , where: • t ; • n : target node identifier; • type : {intrusion, data_leak, ddos, auth_failure}; • sev ; • det . k ! Detection probability for an event e at node n is modeled as: P(N (t) = k) = (t)k e−t
.
P(det | e, n) = Sn (1− e− sev ) , sev denotes event severity. ;
System performance is evaluated through several key metrics:
| e E | e.det = 1| 1. Detection Rate: DR = ;
| E | 2. Average Trust: T = 3. Network Resilience: R = 1
Tij ; | V |2 i, jV | LCC | | V |
, where LCC represents the largest connected component in the network.
Trust stability is measured through the standard deviation of trust scores: T = 1
(Ti − T )2 .
| V | iV
This model provides a robust framework for analyzing security architecture performance in edge computing environments, incorporating both spatial and temporal aspects of security dynamics. The mathematical formulation enables systematic evaluation of security mechanisms while maintaining realistic operational constraints typical of edge computing deployments. (4)
To evaluate the effectiveness of our proposed security architecture, we developed a comprehensive simulation framework that models the complex interactions within edge computing environments. The framework implements detailed models of network topology, security event generation, and trust evolution mechanisms, enabling thorough analysis of system behavior under various operational conditions.
The simulation framework implements a multi-layered architecture comprising three primary components: network modeling, security event simulation, and trust management. Each edge node in the network is characterized by the tuple (1). The network topology G(V , E) is constructed using spatial distribution, where edge establishment follows (2).
Each node's characteristics are initialized following specific distributions that reflect realistic edge computing environments: 1. Computational Resources o Power distribution: U(1000, 5000) MIPS; o Memory allocation: U(512, 2048) MB; o Resource utilization model: U (ni ) = Ci + Mi ,
factors for CPU and memory utilization. 2. Security Parameters o Security level: U(0.7, 0.99); o Initial trust score: 0.8; 3. Spatial Distribution o Location assignment: U(0, 100) × U(0, 100); o
Detection capability: P(detection | event) = Si (1− e−severity ) . o
Connection probability: P(connectionij ) = f (dij , rmax ) .
Security events are generated following a Poisson process Each event e is characterized by (4).
Event impact on system trust is modeled through: Impact(e) = sev (1− det) ,
Trust evolution follows a dynamic model incorporating both direct experiences and neighbor recommendations (3). Trust propagation through the network follows:
1 N N Tnetwork = N 2 Tij , i=1 j=1 with trust updates propagating to neighboring nodes according to:
Tneighbor = Tcurrent (1− dij ) , -based decay factor.
The framework implements comprehensive data collection mechanisms measuring: 1. Performance Metrics: o Detection rate: DR ; o Network resilience: R ; o Trust evolution: T . 2. System State: o Node status vectors; o Trust matrix evolution; o Event distribution patterns. 3. Resource Utilization: o Computational load distribution; o Memory utilization patterns; o Network traffic characteristics.
The collected data enables detailed analysis of: • System behavior under various attack scenarios; • Trust evolution patterns; • Performance scaling characteristics; • Resource utilization efficiency.
This comprehensive simulation framework provides the foundation for thorough evaluation of our security architecture's effectiveness across different operational scenarios and network configurations.
This section describes our experimental methodology for evaluating the proposed security architecture. We present the configuration parameters, network scenarios, and evaluation criteria used in our simulation studies.
Our experimental evaluation employs multiple configurations to assess system behavior across different operational scenarios. The parameter ranges were selected to reflect realistic edge computing deployments while enabling comprehensive evaluation of system scalability and performance. Network sizes were chosen to represent small (20 nodes), medium (50 nodes), and large (100 nodes) deployments, with simulation durations varying from 100 to 300 time units to capture both transient and steady-state behavior.
We evaluate three primary network scenarios representing different deployment configurations: 1. Dense Deployment: o ; o
Average node degree: kav = 8.5; o Connection radius: r = 30 units.
Network topology follows:
1, P(connection) = 0, if r 2 kmin ; otherwise. 2. Sparse Deployment o
Average node degree: kav = 4.2;
Minimum connectivity: kmin = 3 .
Ensuring network resilience through: Rmin = 3. Dynamic Configuration o o o 5.3. Attack Models .
; | LCC |
0.95 .
| V | ;
;
.
Inter-burst interval: Tb = 50 units;
Nb Severity scaling: Sd = min(1.0, si ) .
i=1 4. Authentication Failures:
o Base rate: a = 0.025 events/time unit;
We define comprehensive metrics for evaluation: 1. Security Effectiveness
Detection Rate (DR): DR = Edetected 100% ; Etotal False Positive Rate (FPR): FPR = Detection Latency: Ld = tdetection − toccurrence ; Fp F + Tn p
; 2. Trust Management 3. Network Resilience
Average Trust Score: T =
Trust Stability: St = 1 − T ; T Recovery Rate: Rr = T t ;
To ensure statistical significance, we employ: 1. Replication Strategy o Number of runs: 30 per configuration; o Confidence interval: 95%; o Variance analysis using ANOVA; 2. Convergence Criteria
Steady state detection: | x x
| ò ; 3. Error Analysis
Standard error calculation: SE = Margin of error: E = t /2 SE .
s n
;
Minimum simulation duration: Tmin = max(100,5Tconvergence ) ;
This experimental setup enables comprehensive evaluation of our security architecture across various operational conditions while ensuring statistical validity of results. The combination of diverse network scenarios, realistic attack models, and comprehensive metrics provides a robust framework for assessing system performance and effectiveness.
Our experimental evaluation demonstrates the effectiveness of the proposed security architecture across different network scales and operational conditions. We present comprehensive results from simulations with varying network sizes (20, 50, and 100 nodes) and analyze the system's behavior through multiple performance metrics.
The network state visualization for the 50-node configuration reveals the spatial distribution of trust relationships and connectivity patterns.
Table 1 presents the quantitative results for core performance metrics across different network sizes.
The results demonstrate improved performance with increasing network size, particularly in detection rate and average trust metrics. The detailed event analysis provided in Table 2 offers insights into the system's behavior across different attack types. Several key findings emerge from the analysis: Detection Effectiveness o Perfect detection (100%) for authentication failures, data leaks, and intrusions; o Slightly lower detection rate (85.7%) for DDoS attacks, reflecting their distributed nature; o 2. Trust Management o o o Effective trust propagation maintains system-wide security awareness. 3. Network Characteristics o Perfect resilience (1.0) maintained across all configurations; o Network density remains high despite increasing size; o Robust connectivity supports effective security information dissemination.
These results validate our architectural approach, demonstrating robust security performance that scales effectively with network size while maintaining operational efficiency.
The experimental results provide strong validation of our proposed security architecture while highlighting several important aspects of edge computing security. The observed improvement in detection rates with increasing network size demonstrates the architecture's ability to leverage collective security intelligence across distributed nodes. This emergent behavior, where larger networks achieve detection rates of up to 96.8%, suggests that the distributed decision-making mechanisms effectively utilize the expanded sensor coverage and cross-node validation capabilities available in larger deployments.
Trust management performance reveals a careful balance between security responsiveness and stability. The gradual decline in average trust scores from initial values (0.800) to final states (0.7910.796) indicates that the system maintains a conservative approach to trust evaluation while avoiding dramatic fluctuations that could destabilize network operations. This controlled trust erosion proves particularly important in edge environments where rapid trust changes could trigger cascade effects across dependent services.
The perfect network resilience observed across all configurations warrants careful consideration. While maintaining a resilience value of 1.0 throughout the simulations demonstrates robust topology management, it also suggests that our current implementation might be overly conservative in its connection management. Future implementations might benefit from more dynamic topology adjustments that balance connectivity requirements against security considerations.
Event type analysis reveals varying effectiveness across different attack categories. The perfect detection rates for authentication failures and intrusions contrast with the slightly lower performance against DDoS attacks (85.7%), highlighting the inherent challenges in detecting distributed attacks in edge environments. This performance differential suggests potential areas for architectural enhancement, particularly in coordinating detection across multiple nodes during distributed attack scenarios.
Several limitations of our current study deserve acknowledgment. The simulation assumes perfect communication channels between nodes, which may not reflect real-world network conditions. Additionally, the attack models, while diverse, do not exhaust the full spectrum of possible security threats in edge environments. These limitations suggest directions for future research, particularly in evaluating the architecture under varying network conditions and expanded attack scenarios.
This study presents comprehensive experimental validation of a novel security architecture for edge computing environments. Through extensive simulation across different network scales, we demonstrate the architecture's effectiveness in maintaining robust security while scaling with network size. The key finding that detection rates improve with network size (91.7% to 96.8%) validates our approach to distributed security management and suggests promising applications in large-scale edge deployments.
The trust management mechanisms demonstrate particular effectiveness, maintaining stable trust levels despite ongoing security challenges. The observed trust stability improvement in larger networks (stability metric decreasing from 0.019 to 0.008) indicates that the architecture successfully leverages increased node density to enhance security decision-making reliability. This characteristic proves especially valuable in edge computing contexts where stable trust relationships directly impact service reliability.
Network resilience results, while impressive in maintaining perfect connectivity, suggest areas for future investigation. The consistent resilience measures across different network sizes indicate robust topology management but may also point to opportunities for more nuanced connectivity control mechanisms that better balance security and operational requirements.
Future research directions emerge naturally from this work. Investigation of the architecture's performance under imperfect network conditions would provide valuable insights for practical deployments. Additionally, expanding the attack model repertoire and examining the architecture's response to novel threat patterns would further validate its adaptability. The integration of machine learning techniques for attack detection and trust evaluation presents another promising avenue for enhancement.
The demonstrated scalability and robust security performance of our architecture provide a strong foundation for securing edge computing environments. As edge computing continues to evolve and expand, the principles and mechanisms validated in this study offer valuable guidance for developing secure, scalable edge computing systems.
During the preparation of this work, the authors used Grammarly to: check grammar and spelling. After using this tool/service, the authors reviewed and edited the content as needed and are fully responsible for the content of the publication.