added a research item
Project
AutoManSec 4 CloudIoT - Autonomic Management and Security for Cloud and IoT
Updates
0 new
19
Recommendations
0 new
30
Followers
0 new
237
Reads
0 new
3947
Project log
Due to Internet of Things devices resource limitations, security often does not receive enough attention. Intrusion detection approaches are important for identifying attacks and taking appropriate countermeasures for each specific threat. This work presents a two-step approach for intrusion detection and identification. The first step performs a traffic analysis with an Extra Tree binary classifier. Events detected as intrusive are analyzed in the second stage by an ensemble approach consisting of Extra Tree, Random Forest, and Deep Neural Network. An extensive evaluation was performed with the Bot-IoT, IoTID20, NSL-KDD, and CICIDS2018 intrusion datasets. The experiments demonstrated that the proposed approach could achieve similar or superior performance to other machine learning techniques and state-of-the-art approaches in all databases, demonstrating the robustness of the proposed approach.
IoT devices emerge to integrate devices (or "things") into the Internet, but with limited computational resources, thus IoT networks have been integrated into the cloud and fog paradigms. On the other hand, AI techniques have been shown to be efficient in several areas, especially for data classification and prediction. In this paper, it is proposed a model of a RFID access control system with a neural network fog module that, considering the access data in a smart condominium with 300 homes, is able to estimate the schedules when the homes are unoccupied, and by using the long sleep technique during that time, up to 9.58% of additional energy savings can be obtained. Future work can use this knowledge for developing a variety of optimizations and to improve the residents' quality of life. The viability of this model is demonstrated by a fog network prototype.
Given the use of web applications on dynamic environments of cloudcomputing integrated with IoT devices, SQL injection and XSS (Cross-Site Scrip-ting) attacks continue to cause security problems. The detection of maliciousrequests on the application level is a research challenge that’s evolving by theuse of Machine Learning and neural network. This paper presents a comparisonbetween two architectures of machine learning to detect malicious web requests:LSTM (Long Short-Term Memory) and CLCNN (Character-level ConvolutionalNeural Network). The results show that CLCNN is more effective on all metrics,with an accuracy of 98.13%, a precision of 99.84%, a detection rate in 95.66%and anF1-score of 97.70%.
The Internet of Things (IoT) systems have limited resources, making it difficult to implement some security mechanisms. It is important to detect attacks against these environments and identify their type. However, existing multi-class detection approaches present difficulties related to false positives and detection of less common attacks. Thus, this work proposes an approach with a two-stage analysis architecture based on One-Vs-All (OVA) and Artificial Neural Networks (ANN) to detect and identify intrusions in fog and IoT computing environments. The results of experiments with the Bot-IoT dataset demonstrate that the approach achieved promising results and reduced the number of false positives compared to state-of-the-art approaches and machine learning techniques.
Authentication of restricted memory devices presents significant problems since memory consumption is high in mutual authentication using cryptographic protocols in IoT environments. The development of a multi-factor mutual authentication method that can be used in fog and cloud computing remains a challenge, according to previous studies. The present work aims to improve a method of mutual authentication with multi-factor using an adjustable variable response time, challenge-response function, and nonce. So, with these factors, the same method can be regulated for both the Fog and Cloud Computing contexts. In the Internet of Things (IoT) systems, information of various kinds is continuously captured, processed, and transmitted by systems generally interconnected by the Internet and distributed solutions. Attacks to capture information and overload services are common. This fact makes security techniques indispensable in IoT environments. Intrusion detection is one of the vital security points, aimed at identifying attempted attacks. We present an intrusion detection architecture that operates in the fog computing layer. It has two steps and aims to classify events into specific types of attacks or non-attacks, for the execution of countermeasures. Our work presents a relevant contribution to the state of the art in this aspect. We propose a hybrid binary classification method called DNN-kNN. The approach is based on Deep Neural Networks (DNN) and the k-Nearest Neighbor (kNN) algorithm.
We introduce an Autonomic System to perform management of energy consumption in Internet of Things (IoT) devices and Fog Computing, including an advanced orchestration mechanisms to manage dynamic duty cycles for extra energy savings. The solution works by adjusting Home (H) and Away (A) cycles based on contextual information, like environmental conditions, user behavior, behavior variation, regulations on energy and network resources utilization, among others. Performance analysis through a proof-of-concept implementation presents average energy savings of up to 61.51% when augmenting with a scheduling system and variable long sleep cycles (LS), and potential for 75.9% savings in specific conditions. We also concluded that there is no linear relation between increasing LS time and additional savings. The significance of this research is to promote autonomic management as a solution to develop more energy efficient buildings and smarter cities, towards sustainable goals.
Authentication of restricted memory devices presents significant problems since memory consumption is high in mutual authentication using cryptographic protocols in IoT environments. According to previous studies, the development of a multi-factor mutual authentication method that can be used in fog and cloud computing remains a challenge. The present work aims to improve a method of mutual authentication with multi-factor using an adjustable variable response time, challenge-response function, and nonce. With these factors, the same method can be regulated for both the Fog and Cloud Computing contexts. We compared the present method with the evaluations carried out in related works, achieving a satisfactory result regarding the cost of computing and communication. The code developed in Java showed a better average processing time, low energy consumption than other studies, and a linear complexity metric. Finally, using the Proverif tool and an informal analysis to provide the security assessment, it was demonstrated that it is impossible to derive the discovery of keys, keeping the proposed method safe.
Welcome Messages from IEEE BigDataSE 2020 Program Chairs
On behalf of the Program Committee of the 14th IEEE International Conference on Big Data Science and Engineering (IEEE BigDataSE 2020), we would like to welcome you to join the conference in Guangzhou, China, December 29, 2020 - January 1, 2021.
The IEEE BigDataSE 2020 Conference is a forum for presenting leading work on the latest fundamental advances in state of art and practice of Big Data and broadly related areas, including Big Data novel theory, algorithm and applications, standards, security, privacy, trust, and legal issues to big data and much more. During the conference, scientists and engineers in both academia and industry are invited to present their work on Big Data Science and engineering-related areas.
The IEEE BigDataSE 2020 is the next event in a series of highly successful International Conferences, previously held as BigDataSE 2019 in Rotorua, New Zealand, BigDataSE 2018 in New York, USA, BigDataSE 2017 in Sydney, Australia, BigDataSE 2016 in Tianjin, China, BigDataSE 2015 in Helsinki, Finland BigDataSE 2014 in Beijing, China, and BigDataSE 2013 in Sydney.
The BigDataSE 2020 conference collected research papers on related research issues from all around the world. This year we received 58 submissions. All submissions received at least three reviews from a high-quality review process. According to the review results, 21 regular papers are selected for oral presentation at the conference, giving an acceptance rate of 36.2%.
We would like to offer our gratitude to Prof. Jinjun Chen from Swinburne University, Australia, and Prof. Laurence T. Yang from St. Francis Xavier University, Canada, the Steering Committee Chairs. Our thanks also to the General Chairs, Prof. Guojun Wang from Guangzhou University, China, Prof. Roberto Di Pietro from Hamad Bin Khalifa University, Qatar, and Prof. Ju Ren from Central South University, China, for their great support and useful suggestions to make the success of the final program. In particular, we would like to give our thanks to all researchers and practitioners who submitted their manuscripts and to the Program Committee and the external reviewers that contributed their valuable time and expertise to provide professional reviews working under a very tight schedule. Moreover, we are very grateful to our keynote speakers who have kindly accepted our invitation to give insightful and prospective talks.
Finally, we sincerely hope that the conference will provide a very good opportunity for you to learn from each other. Enjoy the conference, both technically and socially!
Program Chairs
Carlos Becker Westphall, Federal University of Santa Catarina, Brazil
Arcangelo Castiglione, University of Salerno, Italy
The aim of Green Cloud Computing is to achieve a balance between the resource consumption and quality of service. In order to achieve this objective and to maintain the flexibility of the cloud, dynamic provisioning and allocation strategies are needed to regulate the internal settings of the cloud to address oscillatory peaks of workload. In this context, we propose strategies to optimize the use of the cloud resources without decreasing the availability. This work introduces two hybrid strategies based on a distributed system management model, describes the base strategies, operation principles, tests, and presents the results. We combine existing strategies to search their benefits. To test them, we extended CloudSim to simulate the organization model upon which we were based and to implement the strategies, using this improved version to validate our solution. Achieving a consumption reduction up to 87% comparing Standard Clouds with Green Clouds, and up to 52% comparing the proposed strategy with other Green Cloud Strategy.
Industrial companies operate in an increasingly competitive international environment. SMEs are among the most weak companies in this context and need to continuously innovate to increase their competitiveness, productivity and the quality of their products. Digital transformation, one of the foundations of Industry 4.0, is therefore fundamental to meeting these innovation challenges. The objective of the study is to present the methodology, development and implementation of a new cloud computing platform to collect, store and process data from industrial SME shopfloors.companies' manufacturing shopfloors employ more and more connected and intelligent devices producing thousands of data that once computed achieve a high added value. The study presents the architecture for collecting this data and storing it in a Big Data solution, and then processing it with advanced artificial intelligence algorithms and/or optimization techniques. This platform has been developed with the aim of minimizing complexity and costs to facilitate the adoption of the platform by SMEs. The implementation and evaluation of the platform was carried out in three companies from three different sectors of Brazilian industry.
We propose a flexible meta‐heuristic framework for virtual machine (VM) organisation, provisioning, and adaptation in the cloud domain, based on migration costs and environment constraints. Order@Cloud improves VM placements according to multiple objectives represented by rules, qualifiers, and improvement cost, which can be easily modified and extended. Order@Cloud theoretically guarantees the adoption of a better set of placements, after considering their costs and benefits, by prioritising the worst VM placements. While existing solutions address only specific objectives, our framework is objective‐agnostic and extensible, which enables the adoption and implementation of new policies and priorities. We conduct experiments using a real cloud environment data and discuss the framework's performance, flexibility, and optimality and provide insights on the challenges and benefits of deploying this framework.
The Internet of Things and Fog Computing are technologies currently used in many areas. They can be applied to provide a residential automation environment, for example, fire alarm applications, gas leak alarms, among others. Security-related searches for these fog-based environments are still in the early stages. Also, the fact that these environments are connected to the Internet makes them vulnerable to various threats, such as Denial of Service (DoS) attacks. In this work, we propose a module for detection and prevention of DoS attacks, that operates in the system's fog layer, to protect the system from external attacks. Practical experiments were carried out with the proposed module, considering a Raspberry Pi 3B as our fog server. The results obtained demonstrates that the approach is capable of detecting external attacks, as well as blocking the IPs from attackers, using less than 20% of cpu and less than 1% of RAM memory usage.
We present a method for autonomic intrusion detection and response to optimize processes of cybersecurity in large distributed systems. These environments are characterized by technology fragmentation and complex operations making them highly susceptible to attacks like hijacking, man-in-the-middle, denial-of-service, phishing, and others. The autonomic intrusion response system introduces models of operational analysis and reaction based on the combination of autonomic computing and big data. We implemented a proof-of-concept and executed experiments that demonstrate significant improvement in effectiveness and scalability of the method in complex environments.
Os principais problemas associados à implementação e uso da gerência de redes e serviços ocorrem devido à grande quantidade de proposições, padrões e de diferentes produtos oferecidos no mercado, dificultando consideravelmente a tomada de decisão no que se refere a utilização da abordagem de gerência de redes e serviços mais adequada. Além disso, novas tendências na área de gerência de redes e serviços vêm sendo pesquisadas, entre estas destacam-se atualmente: gerência de redes sem fio, de sensores, óticas, futura internet, internet das coisas, internet espacial...; áreas funcionais de segurança, configuração, desempenho, contabilidade...; gerência de serviços de multimídia, data centers, grid, cloud, fog, edge virtualização...; e gerência centralizada, autonômica, distribuída, auto-gerência, baseada em políticas... Estas novas tendências vêm sendo pesquisadas no Laboratório de Redes e Gerência (LRG) da UFSC e a partir deste projeto as mesmas poderão ser aperfeiçoadas através das seguintes atividades deste projeto: A - Aperfeiçoamentos na Gerência Autonômica para Fog e IoT; B - Aperfeiçoamentos na Qualidade de Serviço para Aplicações de Tempo Real em IoT e Fog; C Aperfeiçoamentos na Segurança para Fog e IoT; D - Aperfeiçoamentos no Sistema de Resposta de Intrusão Autonômica em Cloud e IoT; E - Aperfeiçoamentos na Privacidade em Gerência de Identidade para Federações Dinâmicas em Cloud e IoT; e F - Aperfeiçoamentos no Controle de Acesso Dinâmico Baseado em Risco para uma Federação de Nuvem e IoT..
We introduce a method for Intrusion Detection based on the classification, understanding and prediction of behavioural deviance and potential threats, issuing recommendations, and acting to address eminent issues. Our work seeks a practical solutions to automate the process of identification and response to Cybersecurity threats in hybrid Distributed Computing environments through the analysis of large datasets generated during operations. We are motivated by the growth in utilisation of Cloud Computing and Edge Computing as the technology for business and social solutions. The technology mix and complex operation render these environments target to attacks like hijacking, man-in-the-middle, denial of service, phishing, and others. The Autonomous Intrusion Response System implements innovative models of data analysis and context-aware recommendation systems to respond to attacks and self-healing. We introduce a proof-of-concept implementation and evaluate against datasets from experimentation scenarios based on public and private clouds. The results present significant improvement in response effectiveness and potential to scale to large environments.
Internet of Things (IoT) is the connection of any object to the internet, to generate useful information about its own state or surrounding environment. IoT allows new products and services to be applied in different areas, such as smart cities, industry, smart homes, environment monitoring, smart cars, heath monitoring and others. Fog computing emerges to meet the Quality of Service requirements, of low latency real time IoT systems, that Cloud Computing cannot guarantee. This paper presents a Fire Alarm fog System, for a Smart Home, with the development of an IoT device hardware. A fog system is also developed with a website, that displays the sensor values, and the estimated battery life of the IoT device. Calculations were done with a variation of sleep-time of the IoT device, the results shows an increase of 2.5 times of battery lifespan.
Smart contracts and blockchain have the potential to change the current shape of cloud markets by enabling the development of completely decentralised cloud/fog solutions, which lower costs and enforce predictable results without requiring any intermediary. In this paper, we survey three of these solutions, namely Golem, iExec and SONM, compare them and identify some of the problems they leave unsolved. Moreover, we consider existing standards for the development of interoperable decentralised cloud solutions that would allow such systems to compete with large providers and would prevent vendor lock-in. We believe that our study contributes to the evolution of cloud systems not only by pointing out incompatibilities among projects and possible solutions for research problems in the area, but also by reviewing the existing standards and suggesting new standardisation opportunities.
In this paper, we introduce SLAC, a SLA definition language specifically devised for clouds as a formalism to support the whole SLA lifecycle. The main novelty of the language is the possibility of capturing within the SLA the dynamic aspects of the environment by defining the conditions and actions to change service levels at runtime. SLAC permits to make the most of cloud elasticity, reduces the need for renegotiation and provides guarantees for dynamic scenarios. The language has formal syntax and semantics, and it comes with effective software tools supporting the whole SLA management lifecycle. The impact of our language and of its software tools is assessed by considering a series of experiments that provide empirical evidences of the advantages of SLAC.
With the increasing advancement of services on the Internet, due to the strengthening of cloud computing, the exchange of data between providers and users is intense. Management of access control and applications need data to identify users and/or perform services in an automated and more practical way. Applications have to protect access to data collected. However, users often provide data in cloud environments and do not know what was collected, how or by whom data will be used. Privacy of personal data has been a challenge for information security. This paper presents the development and use of a privacy policy strategy, i. e., it was proposed a privacy policy model and format to be integrated with the authorization task. An access control language and the preferences defined by the owner of information were used to implement the proposals. The results showed that the strategy is feasible, guaranteeing to the users the right over their data.
The authentication of restricted memory devices has major problems because memory consumption is high when applied with other protocols that have the purpose of mutual authentication. This article proposes an authentication model that validates mutually the parties in an Internet of Things environment applied in the context of Fog Computing. Through the hypothetic-deductive methodology, the deductions and hypotheses are presented for the formal proof of the new proposed method. The results achieved in the research show that the approach of the authentication mechanism is optimized, the prototype was validated in the AVISPA protocol evaluation tool and in a restricted memory controlled environment in a context of Fog Computing. However, this work is more appropriate in Fog Computing environments because there are no route changes as in Cloud Computing.
We introduce a method for Intrusion Detection based on the classification, understanding and prediction of behavioural deviance and potential threats, issuing recommendations, and acting to address eminent issues. Our work seeks a practical solutions to automate the process of identification and response to Cybersecurity threats in hybrid Distributed Computing environments through the analysis of large datasets generated during operations. We are motivated by the growth in utilisation of Cloud Computing and Edge Computing as the technology for business and social solutions. The technology mix and complex operation render these environments target to attacks like hijacking, man-in-the-middle, denial of service, phishing, and others. The Autonomous Intrusion Response System implements innovative models of data analysis and context-aware recommendation systems to respond to attacks and self-healing. We introduce a proof-of-concept implementation and evaluate against datasets from experimentation scenarios based on public and private clouds. The results present significant improvement in response effectiveness and potential to scale to large environments.
Fog Computing is an area of Computer Science that is under constant construction and evolution, and in conjunction with information security, the paradigm becomes more reliable and secure for IoT’s edge platforms. The authentication of restricted memory devices has major problems because memory consumption is high when applied with other models that have the purpose of mutual authentication. This article proposes an authentication model that validates mutually the parties in an Internet of Things environment applied in the context of Fog Computing. Through the hypothetico-deductive methodology, the deductions and hypotheses are presented for the formal proof of the new proposed method. The results achieved in the research show that the approach of the authentication mechanism is optimized, the prototype was vali- dated in the AVISPA protocol evaluation tool and in a restricted memory controlled environment in a context of Fog and Cloud Computing.
Welcome Message!
On behalf of the Organizing Committee, we are honored and delighted to welcome you to the 7th International Conference on Computing, Communications and Informatics (ICACCI'18), Bangalore, India. Bangalore, officially known as Bengaluru is the capital of the Indian state of Karnataka. Bangalore is popularly known as the ‘Silicon Valley' of India for being a major IT hub of the nation.
Since its inauguration in 2012, ICACCI has developed into a reputed conference and is well attended by experts in all aspects related to computing and information from many parts of the world. It provides an excellent forum for the exchange of ideas among interested researchers, students, developers, and practitioners in the areas of computing, communications, and informatics. The Conference is indexed by Scopus, DBLP and Google Scholar since 2012 and by Ei Compendex and Web of Science (THOMSON REUTERS Conference Proceedings Citation Index) since 2013. Google scholar metrics shows h5-index=23 and h5-median=30 for ICACCI.
ICACCI-2018 is organized by PES Institute of Technology, South Campus, Bangalore. PES, located in Bangalore is one of the country's leading teaching and research universities. ICACCI'18 is technically co-sponsored by IEEE and IEEE Communications Society (ComSoc). The Conference is technically supported by four technical committees of IEEE ComSoc: Communications Switching and Routing Technical Committee, Big Data Technical Committee, Social Networks Technical Committee and Information Infrastructure & Networking Technical Committee. ICACCI'18 is also technically supported by Bangalore Chapters of IEEE Photonics Society and IEEE Robotics and Automation Society.
ICACCI addresses key topics and issues related to all aspects of computing, communications and informatics. The material is presented in a program of technical sessions, panel discussions, symposiums, tutorials, workshops, lightning talks, posters, and plenary/keynote speeches. All accepted and presented papers are published in the conference proceedings and submitted to IEEE Xplore as well as other Abstracting and Indexing (A&I) databases.
The conference has attracted a large number of submissions from researchers around the globe. The papers were subjected to a rigorous review process by considering the significance, novelty, and technical quality of submissions. On the basis of the reviews conducted 282 regular papers, 75 short papers, and 70 poster papers were accepted. The papers are scheduled for presentations in different sessions namely regular paper sessions, short paper sessions, industry track, poster paper sessions, workshops, and symposiums. Other sessions include tutorials, plenary/keynote sessions, lightning talks, panel discussion, and late-breaking results poster sessions.
The Conference features few co-affiliated symposiums namely Symposium on Intelligent Informatics (ISI'18), Symposium on Signal Processing for Wireless and Multimedia Communications (SPWMC'18), Symposium on Emerging Topics in Computing and Communications (SETCAC'18), Symposium on Control, Automation, Industrial Informatics and Smart Grid (ICAIS'18), Symposium on Advances in Applied Informatics (SAI'18), Symposium on Computer Vision and the Internet (VisionNet'18), Symposium on Recent Advances in Communication Theory, Information Theory, Antennas and Propagation (CIAP'18), Symposium on VLSI Design and Embedded Computing (VDEC'18), Symposium on Assistive Technologies for the Differently Abled (ATDA'18), Symposium on Internet of Things, Fog Computing and Wireless Location Technologies (SIFL'18), Symposium on Advances in Artificial Intelligence and Neurotechnologies (AIN'18), Symposium on Social Media Analytics, Fintech, Healthcare and Corporate Social Responsibility Management (CSRTech-2018), Symposium on Natural Language Processing (NLP'18), and Symposium on Women in Computing and Informatics (WCI-2018). WCI serves as a platform to explore the opportunities as well as the diverse challenges facing women in computing and allied areas. There will be a panel discussion on "Why women expertise remain unutilized in Tech Spectrum" as part of WCI'18. Workshop on Modeling and Machine Learning in Astronomy features five talks on related areas.
The organization of such pretentious conference would not have been possible without the true blue efforts of many individuals. The ICACCI'18 is obliged to hundreds of volunteers who contributed to the various processes that make up the conference. It would not be possible for us to name every one of them in this short message. We would like to express our gratitude to the TPC members and additional reviewers who shared their technical expertise and assisted us in reviewing all submitted papers. Thanks to the members of the Advisory Committee for their guidance.
We would like to thank all the authors for choosing ICACCI'18 as a venue for presenting their research. Many thanks are also due to our distinguished keynote speakers, tutorial speakers, workshop and symposium organizers and session chairs for their valuable contribution to the conference. Special thanks to all other members of the Organising Committee for their help and support in the organization of the conference. We are also very grateful to the guidance of Erol Gelenbe, Honorary General Chair.
We thank the PES Institute of Technology, Bangalore for hosting the conference. Sincere thanks to Dr. M. R. Doreswamy, Chancellor, PES University and Dr. D. Jawahar, Pro-Chancellor, PES University for their valuable suggestions and encouragement. Recognition should go to the Local Organizing Committee members who have all worked extremely hard for the details of important aspects of the conference programs and social activities. We also thank our student volunteers who helped with conference logistics, registration and the technical sessions.
We are extremely grateful to IEEE, IEEE Communications Society (ComSoc), four technical committees of IEEE ComSoc: Communications Switching and Routing Technical Committee, Big Data Technical Committee, Social Networks Technical Committee and Information Infrastructure & Networking Technical Committee and Bangalore Chapters of IEEE Photonics Society and IEEE Robotics and Automation Society. The EDAS conference system proved very helpful during the submission, review, and editing phases. We would like to thank our sponsors and supporters for their contribution to the conference. We would like to thank C & M Consultants for their great service. We wish to thank Sankaran, Research Publishing, Singapore for his invaluable support.
Finally, we thank all conference participants for making ICACCI a success and hope that you have an enjoyable and fruitful stay in Bangalore. Please share the great news about ICACCI with your friends and colleagues when you return home. We look forward to your contributions and attendance in the future editions of the conference.
Mohammed Atiquzzaman, Jinsong Wu, Joel Rodrigues (General Chairs)
Sabu M. Thampi (General Executive Chair)
J Surya Prasad, Sudarshan T. S. B, Jaime Lloret Mauri (Steering Committee Chairs)
Shikha Tripathi (Organizing Chair)
Gregorio Martinez Perez, Dilip Krishnaswamy, El-Sayed El-Alfy, Carlos Becker Westphall (Program Chairs)
Peter Mueller, Pascal Lorenz, Robin Doss, Md Zakirul Alam Bhuiyan (Workshop and Symposium Chairs)
Sougata Mukherjea, Soumya Kanti Datta, Ronald P. Luijten (Industry Track Chairs)
Al-Sakib Khan Pathan, Shyam Diwakar, Alex P James (Keynote/Industry Speakers Chairs)
Ali Hessami, Vivek Jain, Hemant Rath (Tutorial Chairs)
Neste trabalho, discutem-se as recentes tendências em objetos distribuídos e as tecnologias da Internet. As duas convergem na criação de um paradigma para computação distribuída. Apresenta-se uma visão do CORBA (Common Object Request Broker Architecture), salientando sua arquitetura aberta e seu protocolo IIOP (Internet Inter-ORB Protocol), que proporcionam uma melhor integração de aplicações distribuídas em ambientes heterogêneos. O protocolo do CORBA está emergindo como padrão para a comunicação entre aplicações na Internet e merece atenção das organizações de Tecnologias de Informação (TI). Conclui-se que CORBA, em conjunto com a Internet, constitui uma simbiose perfeita para desenvolvimento e manutenção de aplicações cliente/servidor com missão crítica.
Várias evoluções de paradigmas foram propostas nos últimos anos. Fog Computing é uma área da Ciência da Computação que está em construção e constante evolução, e em conjunto com a segurança da informação, o paradigma se torna mais confiável e seguro para as plataformas da borda do IoT. Os quesitos de segurança são de difícil alcance em ambientes com recursos limitados. Este trabalho teve como objetivo aprimorar um modelo de autenticação, levando em consideração dispositivos IoT no contexto de Fog Computing. Por fim, a validação por meio da implementação de um sistema de autenticação mútua produziu o resultado de confidencialidade, integridade e autenticidade, aliada com dispositivos embarcados utilizados no paradigma Fog Computing.
A smart contract is the formalisation of an agreement, whose terms are automatically enforced by relying on a transaction protocol, while minimising the need of intermediaries. Such contracts not only specify the service and its quality but also the possible changes at runtime of the terms of agreement.
Although smart contracts provide a great deal of flexibility, analysing their compatibility and reaching agreements with this level of dynamism is considerably more challenging, due to the freedom of clients and providers in formulating needs/offers. We introduce a formal language to specify interactions between offers
and requests and present a methodology for the autonomous negotiation of smart contracts, which analyses the cost and the necessary changes for reaching an agreement. Moreover, we describe a set of experiments that provides insights on the relative cost of dynamism in negotiating smart contracts and compare the request/offer matching rates of our solution with related works.
With the increasing amount of personal data stored and processed in the cloud, economic and social incentives to collect and aggregate such data have emerged. Therefore, secondary use of data, including sharing with third parties, has become a common practice among service providers and may lead to privacy breaches and cause damage to users since it involves using information in a non-consensual and possibly unwanted manner. Despite numerous works regarding privacy in cloud environments, users are still unable to control how their personal information can be used, by whom and for which purposes. This paper presents a mechanism for identity management systems that instructs users about the possible uses of their personal data by service providers, allows them to set their privacy preferences and sends these preferences to the service provider along with their identification data in a standardized, machine-readable structure, called privacy token. This approach is based on a three-dimensional classification of the possible secondary uses of data, four predefined privacy profiles and a customizable one, and a secure token for transmitting the privacy preferences. The applicability and the utility of the proposal were demonstrated through a case study, and the technical viability and the correct operation of the mechanism were verified through a prototype developed in Java in order to be incorporated, in future work, to an implementation of the OpenID Connect protocol. The main contributions of this work are the preference specification model and the privacy token, which invert the current scenario where users are forced to accept the policies defined by service providers by allowing the former to express their privacy preferences and requesting the latter to align their actions.
Response to some questions: - What is IoT (Internet of Things) and Security for IoT? - Comment on the DDoS attack that the victim was the company Dyn, according to the ”the guardian” reported on 26 Oct. 2016. - What the really popular Internet of Things applications are right now? And in the future? - What is (will be) the interaction between IoT and Cloud (Fog and Edge)? And about security? - What is the OWASP (OpenWebApplicationSecurity Project) Internet of Things Project? - How many “things” are currently connected on the Internet? How many will we have in 2020? - How many BILLION DOLLARS will be the potential socioeconomic impact of the Internet of Things on the productivity of the Brazilian economy and the improvement of public services by 2025? China? USA? Europe? - How much will you earn until 2025, out of these 200 BILLION DOLLARS, if you start investing now in the Internet of Things? - What are the characteristics of networks that will support the Internet of Things, leading to the Low Power Wide Area (LPWA)?
Serviços de cloud estão sempre “ligados,” e são acessíveis globalmente, assim as “coisas” podem ser localizadas em qualquer lugar, podem ser móveis, podem transmitir dados diferentes em momentos diferentes. Serviços de cloud tem escalabilidade, o que é bom em IoT já que muitas “coisas” podem se comunicar com velocidades diferentes em momentos diferentes. Cloud ajuda a gerenciar limitações de recursos. Muitas “coisas” podem ser limitadas no poder computacional, bateria e capacidade de armazenamento.
Informações para responder as seguintes perguntas: - Conceitue IoT (Internet das Coisas) e Segurança para IoT. - Comente sobre o ataque DDoS cuja a vítima foi a empresa Dyn, segundo divulgado no “theguardian” em 26/10/2016. - Cite e comente sobre alguns exemplos de aplicações de IoT. - Explique a interação entre IoT e Cloud (Fog e Edge). - Descreva os “OWASP IoT Top 10”.
The Second International Conference on Green Communications, Computing and Technologies (GREEN 2017), held between September 10-14, 2017 in Rome, continued the inaugural event focusing on current solutions, stringent requirements for further development, and evaluations of potential directions. The event targeted to bring together academia, research institutes, and industries working towards green solutions.
Expected economic, environmental and society wellbeing impact of green computing and communications technologies led to important research and solutions achievements in recent years. Environmental sustainability, high-energy efficiency, diversity of energy sources, renewable energy resources contributed to new paradigms and technologies for green computing and communication.
Economic metrics and social acceptability are still under scrutiny, despite the fact that many solutions, technologies and products are available. Deployment at large scale and a long term evaluation of benefits are under way in different areas where dedicated solutions are applied.
The conference had the following tracks:
Improving Green-ness
Smart Energy and Smart Grid
We take here the opportunity to warmly thank all the members of the GREEN 2017 technical program committee, as well as all the reviewers. The creation of such a high quality conference program would not have been possible without their involvement. We also kindly thank all the authors that dedicated much of their time and effort to contribute to GREEN 2017. We truly believe that, thanks to all these efforts, the final conference program consisted of top quality contributions.
We also gratefully thank the members of the GREEN 2017 organizing committee for their help in handling the logistics and for their work that made this professional meeting a success.
We hope that GREEN 2017 was a successful international forum for the exchange of ideas and results between academia and industry and to promote further progress in the field of green communications, computing and technology. We also hope that Rome, Italy provided a pleasant environment during the conference and everyone found some time to enjoy the historic charm of the city.
Composto de objetos físicos embutidos com eletrônica, software e sensores que permitem sensoriamento e controle remoto de objetos através de uma estrutura de rede. Facilita integração direta entre mundo físico e redes de comunicação. Comunicação: any TIME, any THING, any PLACE . Segurança de IoT não é apenas segurança de dispositivos! Todos os elementos precisam ser considerados (ecossistema): O dispositivo IoT, A nuvem (cloud) / o nevoeiro (fog), A aplicação móvel, As interfaces de rede, O software, Uso da criptografia, Uso da autenticação (RFID, X.509, end. MAC), Segurança física, Autorização...
These proceedings contain papers selected for presentation at the 5th International Symposium on Security in Computing and Communications (SSCC’17). SSCC aims to provide the most relevant opportunity to bring together researchers and practitioners from both academia and industry to exchange their knowledge and discuss their research findings. The symposium was held in Manipal Institute of Technology, Manipal University, Karnataka, India during September 13-16, 2017. SSCC’17 was co-located with the International Conference on Applied Soft computing and Communication Networks (ACN'17).
In response to the call for papers 84 papers were submitted to the symposium. These papers were evaluated on the basis of their significance, novelty, and technical quality. Reviewing was double-blind meaning that the TPC was not able to see the name and affiliations of the authors. Each paper was reviewed by the members of the program committee and finally, 21 regular papers and 13 short papers were selected for presentation at the Symposium.
The organization of the symposium involved many individuals. We would like to thank the program committee members and external referees for their timely expertise in carefully reviewing the submissions. We would like to thank the General Chair and members of the Advisory Committee for their support. Our most sincere thanks go to all keynote speakers who shared with us their expertise and knowledge.
Special thanks to members of the organizing committee for their time and effort in organizing the symposium. We wish to thank all authors who submitted papers and all participants for fruitful discussions. Finally, we would like to acknowledge Springer for active cooperation and timely production of the proceedings.
The Thirteenth International Conference on Wireless and Mobile Communications (ICWMC 2017), held between July 23 - 27, 2017 - Nice, France, followed on the previous events on advanced wireless technologies, wireless networking, and wireless applications.
ICWMC 2017 addressed wireless related topics concerning integration of latest technological advances to realize mobile and ubiquitous service environments for advanced applications and services in wireless networks. Mobility and wireless, special services and lessons learnt from particular deployment complemented the traditional wireless topics.
We take here the opportunity to warmly thank all the members of the ICWMC 2017 Technical Program Committee, as well as the numerous reviewers. The creation of such a high quality conference program would not have been possible without their involvement. We also kindly thank all the authors who dedicated much of their time and efforts to contribute to ICWMC 2017. We truly believe that, thanks to all these efforts, the final conference program consisted of top quality contributions.
Also, this event could not have been a reality without the support of many individuals, organizations, and sponsors. We are grateful to the members of the ICWMC 2017 organizing committee for their help in handling the logistics and for their work to make this professional meeting a success.
We hope that ICWMC 2017 was a successful international forum for the exchange of ideas and results between academia and industry and for the promotion of progress in the area of wireless and mobile communications.
We are convinced that the participants found the event useful and communications very open. We also hope that Nice provided a pleasant environment during the conference and everyone saved some time for exploring this beautiful city.
Quality of service is one of the major concerns in cloud computing. Virtual machines (VMs) balancing techniques can help reduce service degradation in cloud computing environments. Several works have presented cloud computing balance techniques; however, only a few used the similarity between VMs and physical hosts to map VMs migrations. In addition, most proposals do not consider the size, dynamism, and heterogeneity of the cloud when developing a management technique. We present a cloud computing VMs balancing algorithm that uses the similarity between VMs and physical hosts to create the map of migrations. Furthermore, the proposal takes into account the size, dynamism, and heterogeneity of the cloud when mapping VMs migrations; thus the proposal is developed in a distributed fashion, enabling the processing of each cluster at a time. To evaluate the proposal, we used the Google cluster data set. Experiments demonstrate that the proposed technique can improve the balance of allocated resources; thus helping reduce service degradation. Moreover, the runtime of the algorithm indicates that it is feasible to be used in a real cloud computing environment with hundreds of physical servers and virtual machines.
The Thirteenth International Conference on Autonomic and Autonomous Systems (ICAS 2017), held between May 21 - 25, 2017 - Barcelona, Spain, was a multi-track event covering related topics on theory and practice on systems automation, autonomous systems and autonomic computing.
The main tracks referred to the general concepts of systems automation, and methodologies and techniques for designing, implementing and deploying autonomous systems. The next tracks developed around design and deployment of context-aware networks, services and applications, and the design and management of self-behavioral networks and services. We also considered monitoring, control, and management of autonomous self-aware and context-aware systems and topics dedicated to specific autonomous entities, namely, satellite systems, nomadic code systems, mobile networks, and robots. It has been recognized that modeling (in all forms this activity is known) is the fundamental for autonomous subsystems, as both managed and management entities must communicate and understand each other. Small-scale and large-scale virtualization and model-driven architecture, as well as management challenges in such architectures are considered. Autonomic features and autonomy requires a fundamental theory behind and solid control mechanisms. These topics gave credit to specific advanced practical and theoretical aspects that allow subsystem to expose complex behavior. We aimed to expose specific advancements on theory and tool in supporting advanced autonomous systems. Domain case studies (policy, mobility, survivability, privacy, etc.) and specific technology (wireless, wireline, optical, e-commerce, banking, etc.) case studies were targeted. A special track on mobile environments was indented to cover examples and aspects from mobile systems, networks, codes, and robotics.
Pervasive services and mobile computing are emerging as the next computing paradigm in which infrastructure and services are seamlessly available anywhere, anytime, and in any format. This move to a mobile and pervasive environment raises new opportunities and demands on the underlying systems. In particular, they need to be adaptive, self-adaptive, and context-aware.
Adaptive and self-management context-aware systems are difficult to create, they must be able to understand context information and dynamically change their behavior at runtime according to the context. Context information can include the user location, his preferences, his activities, the environmental conditions and the availability of computing and communication resources. Dynamic reconfiguration of the context-aware systems can generate inconsistencies as well as integrity problems, and combinatorial explosion of possible variants of these systems with a high degree of variability can introduce great complexity.
Traditionally, user interface design is a knowledge-intensive task complying with specific domains, yet being user friendly. Besides operational requirements, design recommendations refer to standards of the application domain or corporate guidelines.
Commonly, there is a set of general user interface guidelines; the challenge is due to a need for cross-team expertise. Required knowledge differs from one application domain to another, and the core knowledge is subject to constant changes and to individual perception and skills.
Passive approaches allow designers to initiate the search for information in a knowledge- database to make accessible the design information for designers during the design process. Active approaches, e.g., constraints and critics, have been also developed and tested. These mechanisms deliver information (critics) or restrict the design space (constraints) actively, according to the rules and
guidelines. Active and passive approaches are usually combined to capture a useful user interface
design.
We take here the opportunity to warmly thank all the members of the ICAS 2017 Technical
Program Committee, as well as the numerous reviewers. The creation of such a high quality conference program would not have been possible without their involvement. We also kindly thank all the authors who dedicated much of their time and efforts to contribute to ICAS 2017. We truly believe that, thanks to all these efforts, the final conference program consisted of top quality contributions.
Also, this event could not have been a reality without the support of many individuals, organizations, and sponsors. We are grateful to the members of the ICAS 2017 organizing committee for their help in handling the logistics and for their work to make this professional meeting a success.
We hope that ICAS 2017 was a successful international forum for the exchange of ideas and results between academia and industry and for the promotion of progress in the fields of autonomic and autonomous systems.
We are convinced that the participants found the event useful and communications very open. We also hope that Barcelona provided a pleasant environment during the conference and everyone saved some time for exploring this beautiful city.
The Sixteenth International Conference on Networks (ICN 2017), held between April 23-27, 2017 in Venice, Italy, continued a series of events targeting general networking and services aspects in multi-technologies environments. The conference covered fundamentals on networking and services, and highlighted new challenging industrial and research topics. Network control and management, multi-technology service deployment and assurance, next generation networks and ubiquitous services, emergency services and disaster recovery and emerging network communications and technologies were considered.
IPv6, the Next Generation of the Internet Protocol, has seen over the past three years tremendous activity related to its development, implementation and deployment. Its importance is unequivocally recognized by research organizations, businesses and governments worldwide. To maintain global competitiveness, governments are mandating, encouraging or actively supporting the adoption of IPv6 to prepare their respective economies for the future communication infrastructures. In the United States, government’s plans to migrate to IPv6 has stimulated significant interest in the technology and accelerated the adoption process. Business organizations are also increasingly mindful of the IPv4 address space depletion and see within IPv6 a way to solve pressing technical problems. At the same time IPv6 technology continues to evolve beyond IPv4 capabilities. Communications equipment manufacturers and applications developers are actively integrating IPv6 in their products based on market demands.
IPv6 creates opportunities for new and more scalable IP based services while representing a fertile and growing area of research and technology innovation. The efforts of successful research projects, progressive service providers deploying IPv6 services and enterprises led to a significant body of knowledge and expertise. It is the goal of this workshop to facilitate the dissemination and exchange of technology and deployment related information, to provide a forum where academia and industry can share ideas and experiences in this field that could accelerate the adoption of IPv6. The workshop brings together IPv6 research and deployment experts that will share their work. The audience will hear the latest technological updates and will be provided with examples of successful IPv6 deployments; it will be offered an opportunity to learn what to expect from IPv6 and how to prepare for it.
Packet Dynamics refers broadly to measurements, theory and/or models that describe the time evolution and the associated attributes of packets, flows or streams of packets in a network. Factors impacting packet dynamics include cross traffic, architectures of intermediate nodes (e.g., routers, gateways, and firewalls), complex interaction of hardware resources and protocols at various levels, as well as implementations that often involve competing and conflicting requirements.
Parameters such as packet reordering, delay, jitter and loss that characterize the delivery of packet streams are at times highly correlated. Load-balancing at an intermediate node may, for example, result in out-of-order arrivals and excessive jitter, and network congestion may
manifest as packet losses or large jitter. Out-of-order arrivals, losses, and jitter in turn may lead to unnecessary retransmissions in TCP or loss of voice quality in VoIP.
With the growth of the Internet in size, speed and traffic volume, understanding the impact of underlying network resources and protocols on packet delivery and application performance has assumed a critical importance. Measurements and models explaining the variation and interdependence of delivery characteristics are crucial not only for efficient operation of networks and network diagnosis, but also for developing solutions for future networks.
Local and global scheduling and heavy resource sharing are main features carried by Grid networks. Grids offer a uniform interface to a distributed collection of heterogeneous computational, storage and network resources. Most current operational Grids are dedicated to a limited set of computationally and/or data intensive scientific problems.
Optical burst switching enables these features while offering the necessary network flexibility demanded by future Grid applications. Currently ongoing research and achievements refers to high performance and computability in Grid networks. However, the communication and computation mechanisms for Grid applications require further development, deployment and validation.
The conference had the following tracks:
Networking
Computation and Networking
Communication
Next generation networks (NGN) and network management
Advances in Adaptive Filtering for Acoustic Applications
DMM: Distributed Mobility Management - Towards Efficient and Scalable Mobile
Networks
The conference also featured the following symposiun:
• SOFTNETWORKING 2017, The International Symposium on Advances in Software
Defined Networking and Network Functions Virtualization
We take here the opportunity to warmly thank all the members of the ICN 2017 technical program committee, as well as all the reviewers. The creation of such a high quality conference program would not have been possible without their involvement. We also kindly thank all the authors that dedicated much of their time and effort to contribute to ICN 2017. We truly believe that, thanks to all these efforts, the final conference program consisted of top quality contributions.
We also gratefully thank the members of the ICN 2017 organizing committee for their help in handling the logistics and for their work that made this professional meeting a success.
We hope that ICN 2017 was a successful international forum for the exchange of ideas and results between academia and industry and to promote further progress in the area of networks. We also hope that Venice, Italy provided a pleasant environment during the conference and everyone saved some time to enjoy the unique charm of the city.
Autonomic Cloud Computing management requires a model to represent the elements into the managed computing process. This tutorial proposes an approach to model the load flow through abstract and concrete Cloud components. Our model has a formal mathematical background and is generic, in contrast with other proposals. It receives new Virtual Machines on the Cloud and organizes them by relocating their placements based on the Multiple-Objectives of the environment. These Objectives are represented by Rules, Qualifiers and Costs, which can be easily added, extended and prioritized. In contrast to existing solutions, that address specific objectives, our framework was devised to be objective-agnostic and easily extensible, which enables the implementation of new and generic prioritized elements. Our work proposes an autonomic intrusion response technique that uses a utility function to determine the best response to the attack providing self-healing properties to the environment. Cloud computing allows the use of resources and systems in thousands of providers. This paradigm can use federated identity management to control user’s identification data, but it is essential to preserve privacy, while performing authentication and access control. This tutorial describes a model where the cloud consumer can perform risk analysis on providers before and after contracting the service. We motivate the use of risk-based access control in the cloud and present a framework for enforcing risk-based policies.
With the rise of cloud computing, thousands of users and multiple applications have sought to communicate with each other, exchanging sensitive data. Thus, for effectively managing applications and resources, the use of models and tools is essential for the secure management of identities and to avoid compromising data privacy. There are models and tools that address federated identity management, and it is important that they use privacy mechanisms to assist in compliance with current legislation. Therefore, this article aims to present a survey of privacy in cloud identity management, presenting and comparing main features and challenges described in the literature. At the end of this work there is a discussion of the use of privacy and future research directions.
Abstract—In policy-based management, service providers want to enforce fine-grained policies for their resources and services. Besides the assurance of digital identity, service providers usually need personal data for evaluation of access control policies. The disclosure of personal data, also known as Personally Identifiable Information (PII), could represent a privacy breach. This paper proposes an architecture that allows an individual to obtain services without the need of releasing all personal attributes. The architecture achieves that outcome evaluating the targeted policy in the domain of the identity provider, that is, policies are sent from service providers to identity providers to be evaluated, without the need of releasing some PIIs to the service provider side. We also present an implementation of a prototype using XACML 3.0 for fine-grained authorization and OpenID Connect for identity management. The prototype was evaluated through an use case representing an hypothetical scenario of a bookstore. The project demonstrated that for certain situations an user can restrict the release of PII data and still gain access to services.
In policy-based management, service providers want to enforce fine-grained policies for their resources and services. Besides the assurance of digital identity, service providers usually need personal data for evaluation of access control policies. The disclosure of personal data, also known as Personally Identifiable Information (PII), could represent a privacy breach. This paper proposes an architecture that allows an individual to obtain services without the need of releasing all personal attributes. The architecture achieves that outcome evaluating the targeted policy in the domain of the identity provider, that is, policies are sent from service providers to identity providers to be evaluated, without the need of releasing some PIIs to the service provider side. We also present an implementation of a prototype using XACML 3.0 for fine-grained authorization and OpenID Connect for identity management. The prototype was evaluated through an use case representing an hypothetical scenario of a bookstore. The project demonstrated that for certain situations an user can restrict the release of PII data and still gain access to services.
RENASIC LATIM - Laboratório Virtual de Técnicas de Implementação Segura Meta 38 – GerPri – Gerenciamento de Identidades com Privacidade II Encontro CTC Setembro 2015
The Twelfth International Conference on Wireless and Mobile Communications (ICWMC 2016), held between November 13-17, 2016 - Barcelona, Spain, followed on the previous events on advanced wireless technologies, wireless networking, and wireless applications.
ICWMC 2016 addressed wireless related topics concerning integration of latest technological advances to realize mobile and ubiquitous service environments for advanced applications and services in wireless networks. Mobility and wireless, special services and lessons learnt from particular deployment complemented the traditional wireless topics.
We take here the opportunity to warmly thank all the members of the ICWMC 2016 Technical Program Committee, as well as the numerous reviewers. The creation of such a high quality conference program would not have been possible without their involvement. We also kindly thank all the authors who dedicated much of their time and efforts to contribute to ICWMC 2016. We truly believe that, thanks to all these efforts, the final conference program consisted of top quality contributions.
Also, this event could not have been a reality without the support of many individuals, organizations, and sponsors. We are grateful to the members of the ICWMC 2016 organizing committee for their help in handling the logistics and for their work to make this professional meeting a success.
We hope that ICWMC 2016 was a successful international forum for the exchange of ideas and results between academia and industry and for the promotion of progress in the area of wireless and mobile communications.
We are convinced that the participants found the event useful and communications very open. We also hope the attendees enjoyed the charm of Barcelona, Spain.
The Eighth International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2017), held between February 19-23, 2017 in Athens, Greece, continued a series of events meant to prospect the applications supported by the cloud computing paradigm and validate the techniques and the mechanisms. A complementary target was to identify the open issues and the challenges to fix them, especially on security, privacy, and inter- and intra-clouds protocols.
Cloud computing is a normal evolution of distributed computing combined with Service- oriented architecture, leveraging most of the GRID features and Virtualization merits. The technology foundations for cloud computing led to a new approach of reusing what was achieved in GRID computing with support from virtualization.
The conference had the following tracks:
Virtualization
Big Spatial Data Management
Cloud Cyber Security
Cloud Computing
Platforms, infrastructures and applications
Security and Privacy in Cloud Computing
Challenges
We take here the opportunity to warmly thank all the members of the CLOUD COMPUTING 2017 technical program committee, as well as all the reviewers. The creation of such a high quality conference program would not have been possible without their involvement. We also kindly thank all the authors that dedicated much of their time and effort to contribute to CLOUD COMPUTING 2017. We truly believe that, thanks to all these efforts, the final conference program consisted of top quality contributions.
Also, this event could not have been a reality without the support of many individuals, organizations and sponsors. We also gratefully thank the members of the CLOUD COMPUTING 2017 organizing committee for their help in handling the logistics and for their work that made this professional meeting a success.
We hope that CLOUD COMPUTING 2017 was a successful international forum for the exchange of ideas and results between academia and industry and to promote further progress in the field of cloud computing, GRIDs and virtualization. We also hope that Athens, Greece provided a pleasant environment during the conference and everyone saved some time to enjoy the charm of the city.
Due scale and dynamism of Cloud computing, there is a need for new tools and techniques for its management. This paper proposes an approach to model the load flow in cloud components using a double weighted Directed Acyclic Multigraphs. Such model enables the comparison, analysis and simulation of clouds, which assist the cloud management with the evaluation of modifications in the cloud structure and configuration. The existing solutions either do not have mathematical background, which hinders the comparison and production of structural variations in cloud models, or have the mathematical background, but are limited to a specific area (e.g. energy-efficiency), which does not provide the support the dynamic nature of clouds and to the different needs of the managers. Our model instead has a formal mathematical background and is generic. To this aim, we present its formalisation and algorithms that supports the load propagation and the states of services, systems, third-parties providers and resources, such as: computing, storage and networking. To demonstrate the applicability of our solution, we have implemented a software framework for modelling Infrastructure as a Service, and conducted numerical experiments with hypothetical loads.
Autonomic Cloud Computing management requires a model to represent the elements into the managed computing process. This paper proposes an approach to model the load flow through abstract and concrete cloud components using double weighted Directed Acyclic Multigraphs. Such model enables the comparison, analysis and simulation of clouds, which assist the cloud management with the evaluation of modifications in the cloud structure and configuration. The existing solutions either do not have mathematical background, which hinders the comparison and production of structural variations in cloud models, or have the mathematical background, but are limited to a specific area (e.g. energy-efficiency), which does not provide support to the dynamic nature of clouds and to the different needs of the managers. For this reason, we present a formalisation and algorithms that support the load propagation and the states of services, systems, third-parties providers and resources, such as: computing, storage and networking. Our model has a formal mathematical background and is generic, in contrast with other proposals. To demonstrate the applicability of our solution, we have implemented a software framework for modelling Infrastructure as a Service, and conducted numerical experiments with hypothetical loads.
Driven by the proliferation of high speed local data Networking and the potential of new multimedia service offerings, broadband telecommunication networks have become the focus of research, development and standards activities world-wide. Underlying the field of broadband telecommunications are the concepts of universal interface and bandwidth-upon-demand: all types of traffic are presented in a common packet format (cell) and are distinguished only on the basis of the frequency with which the packets are generated. As networked systems involve greater heterogeneity and offer an increasing range of mission-critical applications, the risks associated with failures and the costs of operations become dominating concerns of user. Network management technologies focus on monitoring, interpretation and control of network behaviours. Network Management standards seek to integrate these functions across heterogeneous devices and protocol stacks. This paper therefore addresses the problem of fault management in broadband environment and Virtual Path testing mechanisms. The study suggest that OSI and TMN management concepts are useful for VPs testing and fault detection in ATM networks.
The new concept of proactive network management aims at identifying the existing troubles in advance to any performance degradation, as well as providing support for future decision-making actions. Within this context, a proposal for performance evaluation applying the proactive concepts is here introduced. Moreover, theoretical and practical aspects emphasize the importance of the approach in question. In addition, simulation facilities and programming concepts for distributed system were employed to obtain the required results. And finally, the outcomes were analyzed in order to confirm the expected performance improvement.
The new concept of proactive network management aims at identifying the existing troubles in advance to any performance degradation, as well as providing support for future decision-making actions. Within this context, a proposal for performance evaluation applying the proactive concepts is here introduced. Moreover, theoretical and practical aspects emphasize the importance of the approach in question. In addition, simulation facilities and programming concepts for the distributed system were employed to obtain the required results. And finally, the outcomes were analyzed in order to confirm the expected performance improvement.
Centralized approaches to Network Management have demonstrated a clear inadequacy for efficient management of large and heterogeneous computer networks. Considerable research is being carried out on decentralized approaches for network management. This paper presents the work on a practical application of Distributed Artificial Intelligence for computer network management. The objective is to implement a software platform using only Intelligent Autonomous Agents, integrated with the SNMP environment.
This paper describes the use of fuzzy QoS specifications to manage quality of service. These specifications associate their membership functions with QoS levels perceived from a resource. Besides it is described the implementation of a QoS manager of fuzzy specifications. The QoS manager, denominated Mediator, has two parameters called α-cuts. One of them is used to allocate and the other to policy QoS requests. In short, these values determine thresholds for the QoS levels of the requests. These thresholds must be respected when the allocation and policy procedures are executed. Also, by applying the extension principle of fuzzy sets, Mediator accepts fuzzy specifications composed by two other specifications. Mediator is built as a CORBA application. Its primary purpose is to manage TCP traffic flow on IETF Differentiated Services Platforms.
Concepts and principles of TINA (Telecommunications Information
Networking Architecture) are introduced with the objective of correcting
problems of centralized service control and service data model existent
in intelligent networks. It is becoming clear that future sophisticated
services breaking away from the simple telephony call model, e.g.,
multimedia, multiparty conferencing, etc., will need to be rapidly and
efficiently introduced, deployed, shared, operated and managed. In this
context, TINA developed a comprehensive architecture for multi-service
networks that will support multimedia services. On the other hand, the
provisioning of all the service management functionality for TINA
services (i.e. FCAPS) is still an open research question. In this paper,
we discuss accounting features and requirements, security of accounting
management, and issues for their integration in a TINA-based service
environment. A prototype has been implemented to validate the concepts
and results are also presented
Resumo O constante crescimento das redes de computadores e da diversidade de topologias interconectadas vem dificultando cada vez mais uma gerência eficiente destas redes. A gerência centralizada, modelo mais adotado atualmente, tem se mostrado inflexível e ineficiente diante deste crescimento. Por outro lado, a mobilidade de código tem sido considerada uma possível solução para este problema. Neste contexto, este trabalho propõe um modelo analítico para avaliar o desempenho de agentes móveis (AM) em comparação com o modelo de gerência tradicional e centralizado (SNMP), em uma topologia genérica de rede. O modelo matemático proposto é aplicado em diversas topologias e configurações de rede para identificar sob quais condições cada técnica de gerência, AM e SNMP, é mais eficiente. Abstract The constant growth of computer networks and the variety of topologies being interconnected are making the efficient management of these networks a hard task. Centralized management, currently the most used model, is becoming inflexible and inefficient in view of this growth. On the other hand, code mobility is being considered as a possible solution to this problem. In this context, the present work proposes an analytical model to evaluate the performance of Mobile Agents (MA) compared with the traditional and centralized management model (SNMP) in a generic network topology. The proposed mathematical model is applied in some network topologies and configurations in order to identify under which situations each management technique, MA and SNMP, is more efficient.
This paper proposes extending the CORBA security model to make possible the use of mandatory policies in distributed applications. The Bell & Lapadula model is adopted to define the mandatory controls in the authorization scheme JaCoWeb, through a policy service designated as PoliCap. Our mandatory control is carried out on the level of ORB, on the client side, preventing, in unauthorized accesses, the emission of the corresponding requisition, the associated processing on the server and also, the generation of new requests through this unauthorized processing. Practical experiments and related work are also presented. Resumo – Este artigo propõe a extensão do modelo de segurança do CORBA para possibilitar o uso de políticas obrigatórias em ambientes de aplicações distribuídas. O modelo Bell e Lapadula é adotado para definir os controles obrigatórios no esquema de autorização JaCoWeb, a partir de um serviço de política designado PoliCap. Nosso controle obrigatório é efetuado em nível de ORB, no lado do cliente, prevenindo em acessos não autorizados: a emissão da requisição correspondente, o processamento associado no servidor e ainda, a geração de novas requisições a partir deste processamento não autorizado. As experimentações práticas e a confrontação com a literatura correspondente são apresentadas neste texto. Palavras-chave – Segurança, Políticas Obrigatórias, CORBAsec.
Resumo O Protocolo de transferência de arquivos (FTP) é muito bem definido, implementado e utilizado pelo mundo. Apesar disto, algumas situações ocorrem onde seria desejável ter uma forma mais simples, rápida, mas ainda confiável de transmitir informações entre cliente e servidor. Neste trabalho apresentamos uma situação real de um projeto de cartão convênio onde esta necessidade se faz presente. Estudamos o FTP e o Telnet e descrevemos implementação do Fast-TP (Fast Transmission Protocol). A seguir efetuamos testes comparativos entre o Fast-TP e o FTP tradicional. Finalmente apresentamos aspectos de segurança da implementação do Fast-TP. Abstract The File Transfer Protocol is very well implemented, tested and widely used. Despite of that there is some situations where it would be desirable to have more simple, faster, but still reliable way of transmiting information between client and server. At this paper we present a real life Card Project where there is this need. We have studied FTP and Telnet and describe here an implementation of Fast-TP (Fast Transmission Protocol). After we compare performance tests between Fast-TP and FTP. Finally we present some security aspects of Fast-TP implementation.
This article proposes a solution for the LDP (Label Distribution Protocol) from the MPLS (Multiprocol Label Switch) architecture. The objective is authenticate, on an end to end basis, the establishment of an LSP (Label Switching Path) between the Ingress LSR (Label Switching Router) and its Egress, to supply the LDP protocol deficiency that doesn't have one end to end authentication mechanism defined for non-adjacent LSRs. Actually authentication defined for the LDP, RFC3036, based on the TCP/MD5 option, is restricted to adjacent LSRs, because depends on a TCP connection between the involved LSRs. In the case of LSPs between non-adjacent LSRs, during the establishment of the first LSP, an end-to-end TCP connection doesnu2019t exist between these LSRs. So the solution from RFC3036 doesnu2019t deal with efficient way situations where two LSRs intend to authenticate mutually end-to-end during the establishment of a new LSP This work model of authentication defines mechanisms to the LDP that make possible to carry the authentication fields through the intermediate LSRs transparently end-to-end, allowing of this form that the endpoints of the LSP could be authenticated. The solution makes use of an authentication mechanism based on public-key cryptography attached to the LDP messages that makes possible to the receiver LSR verifies and authenticates the originator of the messages. It provides integrity protection to the information through a hash mechanism and additionally protects against reply attacks through the insertion of a nonce in the LDP messages. It doesnu2019t provide confidentiality. As requisite, the solution demands that the LDP operate in "Ordered" control mode and regarding to the distribution modes of the LDP, "On-Demand" and "Unsolicited", both are compatible. There where defined two new TLVs (Type-Length-Value) to the LDP to provide this authentication solution, "Hash TLV" and "Nonce TLV", and a new "Status Code" type with the value "Authenticatio- - n Failed" for the LDP Status TLV. LDP messages involved in the authentication process are LABEL REQUEST, LABEL MAPPING and LDP NOTIFICATION, these three types of messages give conditions to the LDP to request and send labels for the establishment of LSPs and to notify fails about these operations. This solution was planned for environments where LSPs crosses external multi-domain environments, not trustworthy between themselves and for this reason need a way to authenticate the endpoints of the LSP during its establishment.
RESUMO Este artigo apresenta uma estratégia de desenvolvimento de software para gerenciamento de níveis de serviços (Service Level Management –SLM). Tais serviços são em muitos casos extremamente complexos e de vital importância a uma organização, necessitando assim, serem gerenciados de forma correta a fim de evitar a degradação dos mesmos. O gerenciamento de níveis de serviços, implica em administrar várias métricas/parâmetros em vários equipamentos, tornando-se uma tarefa laboriosa ao setor de TI (Tecnologia da Informação) sem o auxílio de uma ferramenta apropriada funcionalmente (que atendam as reais necessidades dos gerentes) e financeiramente. Devido principalmente a este fator, e a outros descritos ao longo do artigo, torna-se fundamental a utilização de uma ferramenta que permita o correto gerenciamento desses níveis de serviços. No entanto devido aos altos custos das atuais ferramentas, muitas organizações não podem contar com este "auxílio". Com intuito de facilitar o trabalho da TI e abdicar destas soluções, na sua maior parte, proprietárias, realizou-se um estudo de especificações que foram utilizadas no desenvolvimento de uma ferramenta para SLM baseada na linguagem XML (eXtensible Markup Language). Foram considerados diversos aspectos com diferentes abordagens de gerenciamento, predominando o modelo de gerenciamento Internet. O SNMP (Simple Network Management Protocol) foi adotado como protocolo de gerenciamento. ABSTRACT This article presents a strategy of software development for Service Level Management (SLM). Such services are in many extremely complex cases and of vital importance to an organization, needing like this, they be managed in a correct way in order to avoid the degradation of the same ones. The Service Level Management, implicates in administering several metric/parameters in several equipments, becoming a task arduous to the section of TI without I aid him functionally of an appropriate tool (that assist the managers' real needs) and financially. Owed to this factor, and the mainly others described along the article, he becomes fundamental the use of a tool that allows the correct Service Level Management. However due to the high costs of the current tools, a lot of organizations cannot count with this "aid.". With intention of facilitating the work of the TI and to abdicate of these solutions, in his largest part, landladies, he/she took place a study of specifications that they were used in the development of a tool for SLM based on the language XML.Several aspects were considered with different administration approaches, prevailing the management model Internet. SNMP was adopted as administration protocol.
RESUMO Este trabalho propõe uma solução de autenticação para o protocolo LDP (Label Distribution Protocol) da arquitetura MPLS. O objetivo é autenticar de forma confiável, em um escopo fim a fim, o estabelecimento de um LSP (Label Switching Path) entre um LSR (Label Switching Router) de Ingresso e o seu respectivo LSR de Egresso, de forma a suprir a deficiência do protocolo LDP de não possuir um mecanismo de autenticação fim a fim definido para LSRs não-adjacentes. ABSTRACT This works propose a solution for the LDP (Label Distribution Protocol) protocol from the MPLS architecture. The objective is authenticate in a trust way, on an end to end basis, the establishment of an LSP (Label Switching Path) between the Ingress LSR (Label Switching Router) and its Egress, to supply the LDP protocol deficiency that doesn't have one end to end authentication mechanism defined for non-adjacent LSRs. The solution makes use of one authentication mechanism based on public key cryptography to authenticate the sender, provides integrity control by the use of an hash and additionally protects against replay attacks by the insertion of a nonce to the LDP messages.
Cloud computing is a distributed computing model that still faces problems. New ideas emerge to take advantage of its features and among the research challenges found in cloud computing, we can highlight Identity and Access Management. The main problems of the application of access control in the cloud are the necessary flexibility and scalability to support a large number of users and resources in a dynamic and heterogeneous environment, with collaboration and information sharing needs. This research work proposes the use of risk-based dynamic access control for cloud computing. The proposal is presented as an access control model based on an extension of the XACML standard with three new main components: the Risk Engine, the Risk Quantification Web Services and the Risk Policies. The risk policies present a method to describe risk metrics and their quantification, using local or remote functions. The use of risk policies allows users and cloud service providers to define how they wish to handle risk-based access control for their resources, using quantification and aggregation methods presented in related works. The model reaches the access decision based on a combination of XACML decisions and risk analysis. A specification of the risk policies using XML is presented and a case study using cloud federations is described. A prototype of the model is implemented, showing it has enough expressivity to describe the models of related works. In the experimental results, the prototype reaches access decisions using policies based on related works with a time between 2 and 6 milliseconds. A discussion on the security aspects of the model is also presented.