From Navigators

Jump to: navigation, search

This is a property of type Text.

Pages using the property "Abstract"

Showing 25 pages using this property.

(previous 25) (next 25)


2016 Ferrolho SecDepVNE NSDIposter +One of the fundamental problems in network virtualization is Virtual Network Embedding (VNE). The VNE problem deals with finding an effective mapping of the virtual nodes & links onto the substrate network. The recent advances in network virtualization gave cloud operators the ability to extend their cloud computing offerings with virtual networks. This trend, jointly with the increasing evidence of incidents in cloud facilities demonstrate that security and dependability is becoming a critical factor that should be considered by VNE algorithms. In this abstract we propose a VNE solution that considers security and dependability as first class citizens. The resiliency properties of our solution are enhanced by assuming a multiple cloud provider model.
2016 Mantas ConsistentSDN NSDIposter +In a reliable SDN environment, different controllers coordinate different switches and backup controllers can be set in place to tolerate faults. This approach increases the challenge to maintain a consistent network view. If this global view is not consistent with the actual network state, applications will operate on a stale state and potentially lead to incorrect behavior. Faced with this problem, we propose a fault-tolerant SDN controller that is able to maintain a consistent network view by using transactional semantics on both control and data plane state. Different from previous proposals, our solution does not require changes to OpenFlow or to switches, increasing the chances of quicker adoption.
2016 NunoFerreira +Legacy networks do not have the necessary dynamism to follow the evolution online services have experienced in the past few years. In order to overcome this problem, the Software Defined Networking (SDN) paradigm was proposed. The goal of this paradigm is change the way networks are controlled. In legacy networks, the control plane and the data plane are coupled together in the network elements. SDN separates the control plane and the data plane through the use of a standard SDN Application Programming Interface (API) in the data plane to communicate with the logically centralized control plane. In order to reap the benefits of SDN, a plan of migration for legacy networks should be established. For optical networks the migration to SDN is not easy because optical equipments have their own protocols to communicate and there are no SDN standardized interfaces prepared to abstract these type of equipments. In order to solve this problem, organizations such as China Mobile, China Telecom, Verizon and industry organizations like the Open Networking Foundation (ONF) have proposed the use of an abstraction layer between the data plane and the main controller. This abstraction layer is responsible to convert the optical equipment protocols into a standard SDN Application Programming Interface (API) to communicate with the main controller. The abstraction layer can be considered an optical equipment controller, the Original Equipment Manufacturer (OEM) controller. With this approach, service providers (SP) (i.e., telecommunication operators) only need to have a main controller to orchestrate the whole network through the use of OEM controllers. With this solution the Service Providers (SP) are able to control the optical network with different optical equipment from multiple vendors (multi-domain networks). The OEM controllers are responsible to execute all the operations in the Network Element (NE) (the NE is the optical equipment) that constitutes the Data Plane (DP). They also process information that comes from the NE and translate that information to the main controller. Examples include: network information and performance of services. The challenge is that if the OEM controller is compromised, the entire optical network is compromised. This is the main motivation for this project. The objective of our work is to develop a solution that can help the Service Provider (SP) to have confidence in the NEs and respective optical network connections. To achieve this goal, the system has to guarantee the availability and integrity of the OEM controller. This component should be always available to process notifications, be it from the NEs or from the main controller. It should also be ensured that the integrity of all requests thatare sent by the SP controller to the OEM controllers is guaranteed. In order to solve these problems, we propose a new security mechanism for the OEM controller to protect the optical network. The solution consists in the use of a reverse proxy and a firewall to control the ow of requests to the OEM controller. The communication between the SP controller and the OEM controller is also made secure to assure the integrity of requests.
2016 Ramos PhotonsIPTV IFIPNet +The rapid growth of IPTV services and the resulting increase in traffic volumes is raising concerns over energy consumption. In this paper we propose to save energy by shifting particular IPTV traffic from power-hungry electronic routing to greener optical switching. The traffic profile of IPTV results in such a hybrid switching approach to allow both energy and bandwidth efficiencies. To achieve this goal we designed a novel protocol that allows the use of optical bypass in IPTV networks. By means of a trace-driven analysis of a large dataset we demon- strate the energy efficiencies obtained to be substantial, reaching power savings of over 40% under normal load conditions. This result represents a four-fold increase in energy efficiency when compared with recent proposals.
2016 TiagoSantos +Smartphones are increasingly ubiquitous in our personal, social and professional lives. They contain a large amount of sensitive information that we want to protect against physical intrusions, preserving their security and our privacy. The main security mechanisms of these devices are the authentication methods based on a secret or biometrics. Although effective in a situation of loss/theft, they are vulnerable to attacks by people socially close. When users share their smartphones, they fear, on the one hand, that the person might invade their privacy and, on the other hand, that attitudes of explicit surveillance could compromise their social relations. An intrusion detection and response system to physical intrusions for smartphones should address any limitations inherent to authentication methods, and provide (or not) access to certain content and functionality in situations of unauthorized access and sharing. In this work, we designed and developed an intrusion detection and response system (called SmartIDR) for smartphones using a secondary wearable device – smartwatch –, which allows the inconspicuous interaction with the primary device. The mechanisms of detection and response are based on distance (Bluetooth communication) between devices. The system is characterized by monitoring events happening on the smartphone and responding remotely, and in real-time, to intrusion situations, by using a smartwatch; providing a set of multiple response settings; be accessible to ordinary users; and not compromising the usability of devices. To analyze the impact of this new approach, we conducted cross-sectional studies with potential users. The results indicated that SmartIDR meets the needs and expectations of security and privacy of smartphone users, with effectiveness, efficiency and high user satisfaction.
2017 Arjuna +Recent years have seen a trend towards decentralisation - from initiatives on decentralized web to decentralized network infrastructures. In this position paper, we present an architectural vision for decentralising cloud service infrastructures. Our vision is on community cloud infrastructures on top of decentralised access infrastructures i.e. community networks, using resources pooled from the community. Our architectural vision considers some fundamental challenges of integrating the current state of the art virtualisation technologies such as Software Defined Networking (SDN) into community infrastructures which are highly unreliable. Our proposed design goal is to include lightweight network and processing virtualization with fault tolerance mechanisms to ensure sufficient level of reliability to support local services.
2017 Costa +MapReduce is a framework for processing large data sets much used in the context of cloud computing. MapReduce implementations like Hadoop can tolerate crashes and file corruptions, but not arbitrary faults. Unfortunately, there is evidence that arbitrary faults do occur and can affect the correctness of MapReduce job executions. Furthermore, many outages of major cloud offerings have been reported, raising concerns about the dependence on a single cloud. In this paper we propose a novel execution system that allows to scale out MapReduce computations to a cloud-of-clouds, and tolerate arbitrary faults, malicious faults, and cloud outages. Our system, Chrysaor, is based on a fine-grained replication scheme that tolerates faults at the task level. Our solution has three important properties: it tolerates the above-mentioned classes of faults at reasonable cost; it requires minimal modifications to the users' applications; and it does not involve changes to the Hadoop source code. We performed an extensive evaluation of our system in Amazon EC2, showing that our fine-grained solution is efficient in terms of computation by recovering only faulty tasks. This is achieved without incurring a significant penalty for the baseline case (i.e., without faults) in most workloads.
2017 DPinto MSc +Network Coding (NC) is a technique that can be used to improve a network’s throughput. In addition, it has significant potential to improve the security, manageability, resilience (to packet losses, link failures and node departures) and the support of quality of service, in both wired and wireless network environments. The idea is to allow intermediate nodes of the network (i.e. switches and/or routers) to mix the contents of incoming data packets before forwarding them. Something that, traditionally carried out at source nodes, is therefore extended to the network, creating an array of new options. The difficulty of deploying NC on traditional switches lies in the impossibility to change or extend their operation with the requirements of this new paradigm. The devices are closed, the software and underlying hardware are vendor specific, and follow a fixed set of protocols and processing pipeline. This rigidity precludes NC in today’s switches and routers. Fortunately, programmable switches are beginning to emerge, with some already achieving production-levels and reaching the market (e.g., Barefoot Tofino). A new high-level language to program these switches has recently been proposed: P4. The P4 language allows the precise definition of how packets are processed in these programmable switches. Namely, it enables the definition of headers, parsers, match-action tables, and the processing pipeline itself. Therefore, by taking advantage of these constructs, P4 enables the deployment of NC, on the switch’s data plane, for the first time. In this dissertation, we design and implement two NC switches using the P4 language. Both switches employ Linear Network Coding (LNC). The main difference is that the first (P4-XOR Switch), simply performs the XOR of packets (i.e., a linear code with field size 2). The second (P4-RLNC Switch) is more generic, allowing larger field sizes. For this purpose it performs Random Linear Network Coding (RLNC), which is a random variant of LNC. The evaluation was performed on Mininet (a network emulator) and focused on the functionality of both switches. Additionally, the performance of the P4-XOR Switch was tested as well. The main conclusion is that our implementations correctly perform the required operations allowing, for the first time, NC to be performed in real data planes.
2017 FabioPereira +The accuracy provided by traditional sampling-based monitoring approaches, such as NetFlow, is increasingly being considered insufficient to meet the requirements of today’s networks. By summarizing all traffic for specific statistics of interest, sketch-based alternatives have been shown to achieve higher levels of accuracy for the same cost. Existing switches, however, lack the necessary capability to perform the sort of processing required by this approach. The emergence of programmable switches and the processing they enable in the data plane has recently led sketch-based solutions to be made possible in switching hardware. One limitation of existing solutions is that they lack security. At the scale of the datacenter networks that power cloud computing, this limitation becomes a serious concern. For instance, there is evidence of security incidents perpetrated by malicious insiders inside cloud infrastructures. By compromising the monitoring algorithm, such an attacker can render the monitoring process useless, leading to undesirable actions (such as routing sensitive traffic to disallowed locations). In this paper we propose, for the first time, a secure sketch-based monitoring solution that can run in programmable switches. Our algorithm – a secure version of the well-known count-min sketch – was implemented in P4, a programming language for switches. The evaluation of our solution demonstrates the performance penalty introduced by security to be negligible.
2017 Kreutz +Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the performance overhead of traditional solutions and of the complexity of the support infrastructure required. As a first step to addressing these problems, we propose a modular secure SDN control plane communications architecture, KISS, with innovative solutions in the context of key distribution and secure channel support. A comparative analysis of the performance impact of essential security primitives guided our selection of basic primitives for KISS. We further propose iDVV, the integrated device verification value, a deterministic but indistinguishable-from-random secret code generation protocol, allowing the local but synchronized generation/verification of keys at both ends of the channel, even on a per-message basis. iDVV is expected to give an important contribution both to the robustness and simplification of the authentication and secure communication problems in SDN. We show that our solution, while offering the same security properties, outperforms reference alternatives, with performance improvements up to 30% over OpenSSL, and improvement in robustness based on a code footprint one order of magnitude smaller. Finally, we also prove and test randomness of the proposed algorithms.
2017 PCosta TesePhD +MapReduce is a simple and elegant programming model suitable for loosely coupled parallelization problems—problems that can be decomposed into subproblems. Hadoop MapReduce has become the most popular framework for performing large-scale computation on off-the-shelf clusters, and it is widely used to process these problems in a parallel and distributed fashion. This framework is highly scalable, can deal efficiently with large volumes of unstructured data, and it is a platform for many other applications. However, the framework has limitations concerning dependability. Namely, it is solely prepared to tolerate crash faults by re-executing tasks in case of failure, and to detect file corruptions using file checksums. Unfortunately, there is evidence that arbitrary faults do occur and can affect the correctness of MapReduce execution. Although such Byzantine faults are considered to be rare, particular MapReduce applications are critical and intolerant to this type of fault. Furthermore, typical MapReduce implementations are constrained to a single cloud environment. This is a problem as there is increasing evidence of outages on major cloud offerings, raising concerns about the dependence on a single cloud. In this thesis, we propose techniques to improve the dependability of MapReduce systems. The proposed solutions allow MapReduce to scale out computations to a multi-cloud environment, or cloud-of-clouds, to tolerate arbitrary and malicious faults and cloud outages. Our proposals have three important properties: they increase the dependability of MapReduce by tolerating the faults mentioned above; they require minimal or no modifications to users’ applications; and they achieve this increased level of fault tolerance at reasonable cost. To achieve these goals, we introduce three key ideas: minimizing the required replication; applying context-based job scheduling based on cloud and network conditions; and performing fine-grained replication. We evaluated all proposed solutions in real testbed environments running typical MapReduce applications. Our results demonstrate interesting trade-offs concerning resilience and performance when compared to traditional methods. The fundamental conclusion is that the cost introduced by our solutions is small, and thus deemed acceptable for many critical applications.
2018 dsn scada +In the last decade, Industrial Control Systems have been a frequent target of cyber attacks. As the current defenses sometimes fail to prevent more sophisticated threats, it is necessary to add advanced protection mechanisms to guarantee that correct operation is (always) maintained. In this work, we describe a Supervisory Control and Data Acquisition (SCADA) system enhanced with Byzantine fault-tolerant (BFT) techniques. We document the challenges of building such system from a "traditional" non-BFT solution. This effort resulted in a prototype that integrates the Eclipse NeoSCADA and the BFT-SMaRt open-source projects. We also present an evaluation comparing Eclipse NeoSCADA with our BFT solution. Although the results show a decrease in performance, our solution is still more than enough to accommodate realistic workloads.
27th-DASC-paper +The ARINC 653 specification defines the functionality that an Operating System (OS) must guarantee to enforce robust spatial and temporal partitioning as well as an avionics application programming interface for the system.The standard application interface – the ARINC 653 Application Executive (APEX) – is defined as a set of software services a compliant OS must provide to avionics application developers. The ARINC 653 specification defines the interfaces and the behavior of the APEX but leaves implementation details to OS vendors.This paper describes an OS independent design approach of a Portable APEX interface. POSIX, as a programming interface available on a wide range of modern OS, will be used to implement the APEX layer. This way the standardization of the APEX is taken a step further: not only the definition of services is standardized but also its interface to the underlying OS. Therefore, the APEX operation does not depend on a particular OS but relies on a well defined set of standardized components.


A Tool for Real-Time Assessment of IEEE 802.15.4 Networks Through Fault Injection +Advances in computer engineering and microelectronics have allowed the use of tiny and powerful computing platforms (i.e., sensors and actuators) everywhere, supporting the monitoring and control of, for example, process for industrial automation and functions within aerospace vehicles. Many of these systems have the ability to host, in the same computing platform, applications with different levels of criticality (or importance), i.e. mixed-critical systems. Wireless sensor and actuator networks (WSANs) become the vivid example of computer networks responsible for the monitoring and control activities of such systems. The dependability and the real-time properties of such networks are crucial. However, one key point is that WSANs are extremely susceptible to communication errors induced by electromagnetic interferences. Furthermore, there is a general lack of knowledge of such error patterns as well as no open tools enabling its capture. This paper presents a state of the art solution for one-hop assessment of WSANs in the presence of errors based on the IEEE 802.15.4 standard. The solution includes devices and functions to monitor the behaviour of the network as well as methods to emulate accidental errors and to perform intentional attacks. All these resources are managed and controlled by a customised version of the well-known open-source Wireshark network protocol analyser. This allows the generation of network error reports fundamental to the evaluation of the real-time capabilities of current wireless network protocols and standards. These error reports contribute to a better knowledge of the error characteristics of WSANs and therefore enable the design of more robust and resilient solutions for WSANs operation.
A-adelsbach2001maftia-conceptual-131 +This document builds on the work reported in MAFTIA deliverable D1. It contains a refinement of the MAFTIA conceptual model and a discussion of the MAFTIA architecture. It also introduces the work done in WP6 on verification and assessment of security properties, which is reported on in more detail in MAFTIA deliverable D4
A-adelsbach2003conceptual-model-130 +This deliverable builds on the work reported in (MAFTIA 2000) and (Powell and Stroud 2001). It contains a further refinement of the MAFTIA conceptual model and a revised discussion of the MAFTIA architecture. It also introduces the work done in MAFTIA on verification and assessment of security properties, which is reported on in more detail in (Adelsbach and Creese 2003)
A-mostefaoui2000the-logically-15 +Communication is logically instantaneous (LI) when there is a logical time frame in which for each message, the send event and the corresponding delivery event occur simultaneously. LI communication is stronger than causally ordered (CO) communication, but weaker than rendezvous (RDV) communication. This paper explores LI communication and provides a simple and efficient protocol that implements LI communication on top of asynchronous distributed systems.
AGUEREIRO-2014-SENSORNETS +The behaviour of wireless networks in the presence of error conditions is still being studied by the research community. Improvements on the evaluation methods and tools are crucial to acquire a better knowledge, and understanding of the network operation under such conditions. This paper presents enhancements on the network simulator NS-2 to support the evaluation of the IEEE 802.15.4 standard, used as a case study. We are specially interested to evaluate the temporal behaviour of the network operation under errors conditions, considering the applicability of the IEEE 802.15.4 standard in safety-critical environments such as industrial and vehicular.
AGuerreio2013-INFORUM +The IEEE 802.15.4 standard was designed to support the specification of wireless sensor networks (WSNs) and wireless sensor and actuator networks (WSANs), which the utilization is emerging within environments with real-time requirements such as industrial and aerospace. The network simulator NS-2 supports the test, simulation and evaluation of such type of networks, although the real-time support offered by the standard is not yet available in the NS-2 release. This paper presents improvements in the IEEE 802.15.4 NS-2 module to provide a better support for the emulation of networks with real-time requirements, through the incorporation of the contention free period (CFP) and of guaranteed time slot (GTS) defined within the IEEE 802.15.4 module present in the NS-2. Additionally, we also complement this module with IEEE 802.15.4 standard management operations not implemented in the official NS-2 release.
Air-final-report +This document describes the main results of AIR, an innovation initiative sponsored by ESA, the European Space Agency. The acronym AIR stands for ARINC 653 Interface in RTEMS. The ARINC 653 is a civil aviation world specification addressing safety critical and certification issues in embedded systems software. The AIR Project studied the adoption of ARINC 653 in space on-board software together with the utilization of RTEMS, the Real-Time Executive for Multiprocessor Systems. This document: (i) describes the main issues regarding the AIR architecture specification; (ii) addresses how space and time partitioning could be provided in an abstract processor infrastructure, as well as those requirements can be mapped into both SPARC ERC32/LEON and Intel IA-32 (80x86) architectures; (iii) describes how to achieve the mapping of the ARINC 653 service interface in RTEMS; (iv) identifies the most relevant module dependencies of RTEMS with regard to AIR implementations; (v) identifies a preliminary set of modifications to be introduced in the RTEMS application production chain for the implementation of AIR-based systems (exemplified through a proof of concept prototype)
Air-summary-report +This document summarizes the main results of AIR, an innovation initiative sponsored by ESA, the European Space Agency. The acronym AIR stands for ARINC 653 Interface in RTEMS. The ARINC 653 is a civil aviation world specification addressing safety critical and certification issues in embedded systems software. The AIR Project studied the adoption of ARINC 653 in space on-board software together with the utilization of RTEMS, the Real-Time Executive for Multiprocessor Systems. This document addresses: (i) the AIR architecture specification; (ii) the AIR support to partitioning mechanisms; (iii) the mapping of ARINC 653 services into RTEMS; (iv) the proof of concept prototypes
Alaluna2015NetVirt +Recent SDN-based solutions give cloud providers the opportunity to extend their “as-a-service” model with the offer of complete network virtualization. They provide tenants with the freedom to specify the network topologies and addressing schemes of their choosing, while guaranteeing the required level of isolation among them. These platforms, however, have been targeting the datacenter of a single cloud provider with full control over the infrastructure. This paper extends this concept further by supporting the creation of virtual networks that span across several datacenters, which may belong to distinct cloud providers, while including private facilities owned by the tenant. In order to achieve this, we introduce a new network layer above the existing cloud hypervisors, affording the necessary level of control over the communications while hiding the heterogeneity of the clouds. The benefits of this approach are various, such as enabling finer decisions on where to place the virtual machines (e.g., to fulfill legal requirements), avoiding single points of failure, and potentially decreasing costs. Although our focus in the paper is on architecture design, we also present experimental results of a first prototype of the proposed solution.
Alaluna2017Sirius +Traditional forms of network virtualization lack the scalability and flexibility required in modern cloud infrastructures. The recent paradigm shift in networking that promotes the logical centralization of control has given operators the necessary tools for virtualization of network resources, at the required scale. The effectiveness of recently proposed network virtualization solutions is enabling cloud providers to extend their service offering of compute and storage with network virtualization. These multi-tenant platforms have so far focused on the offer of conventional networking services by a single cloud provider. As such, they face limitations in terms of security and dependability, both in terms of the infrastructure itself and of the services offered to its customers. To address these challenges we present Sirius, a network virtualization platform for multi-cloud environments. Contrary to existing solutions, Sirius considers not only connectivity and performance, but also security and dependability as first class citizens. Many of the benefits arise from leveraging from a substrate infrastructure composed of both public clouds and private data centers. Sirius improves over existing solutions by allowing users to specify security and dependability requirements for all virtual resources, and guaranteeing their fulfillment. In this paper we present the design of Sirius and the current state of its implementation. Our evaluation on a substrate that includes both private and public clouds shows the feasibility of the solution and gives insights on some of the important challenges to address in the future.
Alcantara2016msc +Disaster recovery is a crucial feature to ensure high availability and data protection in modern information systems. The most common approach today consists of replicating the services that make up the system in a set of virtual machines located in a geographically distant public cloud infrastructure. These computational instances are kept executing in passive mode, receiving updates from the primary infrastructure, in order to remain up to date and ready to perform failover if a disaster occurs at the primary infrastructure. This approach leads to expressive monetary and management costs for keeping virtual machines executing in the cloud. In this work, we present GINJA – a disaster recovery system for transactional database management systems that relies exclusively on public cloud storage services (e.g., Amazon S3, Azure Blob Storage) to backup its data. By eliminating the need to keep servers running on a secondary site, GINJA reduces substantially the monetary and management costs of the disaster recovery. Furthermore, our solution also includes a configuration model that allows users to have a precise control about the cost, durability and performance trade-offs, and introduces a minimum overhead to the performance of the database management system. Additionally, GINJA is implemented as a specialized file system in user space, which brings major benefits in terms of portability, and allows it to be easily extended to support other database management systems. Lastly, we have performed an extensive evaluation of our system, that covers aspects such as performance, resource usage and monetary costs. The results show that GINJA is capable of performing disaster recovery with small monetary costs (less than 5 dollars for certain practical configurations), while introducing a minimum overhead to the database management system (12% overhead for the TPC-C workloads with at most 20 seconds of data loss in case of disasters).
Alchieri10wsds +A current trend in the web services community is to define coordination mechanisms to execute collaborative tasks involving multiple organizations. Following this tendency, this work presents a dependable (i.e., intrusion-tolerant) infrastructure for cooperative web services coordination that is based on the tuple space coordination model. This infrastructure provides decoupled communication and implements several security mechanisms that allow dependable coordination even in presence of malicious components. This work also investigates the costs related to the use of this infrastructure and possible web service applications that can benefit from it.
(previous 25) (next 25)
Personal tools
Navigators toolbox