Editing Chapter 6: Edge Security and Privacy (section)

==='''How are attackers able to perform these attacks?'''===

Attackers are able to attack Edge devices or servers using different attack techniques, but it is more than just that. Attackers are able to abuse vulnerabilities and flaws in the Edge systems, specifically protocol-level design flaws, implementation-level flaws, code-level vulnerabilities, data correlations, and lacking in fine-grained access controls.

*''Protocol-level design flaws'' are caused by many protocols edge computing having adopted design flaws due to their designers mainly focus on utility and user experience rather than not providing security as well. 

*''Implementation-level flaws'' are logic flaws that can cause security strength to decrease significantly after being proved that it was strictly secure on paper, because developers may misunderstand the foundations of the protocol and migrating a protocol from other platforms to the edge computing platform may cause adaptivity inconsistency. 

*''Code-level vulnerabilities'' can be system bugs that cause memory failure or corruptness, like stack or heap overflow, and can be caused when a person is programming millions of lines of code but leaves something like a dangling pointer. 

*''Data correlations'' is caused when there could be hidden correlations between sensitive and insensitive data that edge produces that might not be straightforward to notice, which an attack can abuse using side-channels. 

*''Lacking in fine-grained access controls'' means that Edge computing systems cannot implement fine-grained access controls, because it cannot be adapted to edge computing due to the more complex and fine-grained permissions scenarios, making it easier to attack edge systems.

Overall, the Edge security challenges can be avoided if there was more attention to the potential vulnerabilities or flaws. In the next sections, the content that will be discussed is about data privacy on Edge systems, security protocols that Edge systems use to combat attacks on their systems, and real cases about actual security breaches that happened on the edge.