Safeguarding VNF Credentials with Intel SGX

Operators use containers – enabled by operating system (OS) level virtualization – to deploy virtual network functions (VNFs) that access the centralized network controller in software-defined net- working (SDN) deployments. While SDN allows flexible network configuration, it also increases the attack surface on the network deployment [8]. For example, insecure communication channels may be tapped to extract or inject sensitive data transferred on the north-bound interface, between the network controller and VNFs; furthermore, to protect the network controller from malicious VNF instances, the integrity and authenticity of VNFs must be verified prior to deployment.o mitigate the risks described above, we implemented a prototype that leverages hardware-based mechanisms for isolated execution implemented by Intel SGX in combination with a run-time integrity measurement subsystem, namely Linux Integrity Measure- ment Architecture (IMA)1. This prototype is a first step towards providing to tenants and end-users integrity guarantees regarding the network components in SDN deployments

Trust but Verify - Trust Establishment Mechanisms in Infrastructure Clouds

The past two decades have witnessed a transformation of the status and role of comput- ing: from a commodity supporting essential societal functions to a utility permeating all aspects of daily life. This transformation was accompanied by the emergence of so- called cloud computing – a service model that made computation infrastructure reliable, scalable and easily accessible. Increasingly, cloud computing displays the characterist- ics common to utility services, such as: necessity, reliability, usability, low utilization rates, scalability and (in some cases) service exclusivity. In the cloud computing service model, users consume computation resources provided through the Internet, often without any awareness of the cloud service provider that owns and operates the supporting hardware infrastructure. This marks an important change compared to earlier models of computation, for example when such supporting hardware infrastructure was under the control of the user. Given the ever increasing importance of computing, the shift to cloud computing introduces several challenging issues, which include ensuring the integrity and confidentiality of the computation itself, along with integrity and confidentiality of ancillary resources such as network commu- nication and the stored or produced data. While the potential risks for data isolation and confidentiality in cloud infrastructure are somewhat known, they are obscured by the convenience of the service model and claimed trustworthiness of cloud service providers, backed by reputation and contractual agreements. Ongoing research on cloud infrastructure has the potential to strengthen the security guarantees of computation, data and communication for users of cloud computing. This thesis is part of such research efforts, focusing on assessing the trust- worthiness of components of the cloud network infrastructure and cloud computing infrastructure and controlling access to data and network resources. The seven papers included in this thesis present a collection of contributions address- ing select aspects of the focus areas above. The contributions include mechanisms to verify or enforce security in cloud infrastructure. Such mechanisms have the potential to both help cloud service providers strengthen the security of their deployments, and empower users to obtain guarantees regarding security aspects of service level agree- ments. By leveraging functionality of components such as the Trusted Platform Module, we describe mechanisms to provide user guarantees regarding integrity of the comput- ing environment and geographic location of plaintext data, as well as to allow users maintain control over the cryptographic keys for integrity and confidentiality protec- tion of data stored in remote infrastructure. Next, by leveraging recent innovations for platform security such as Software Guard Extensions, we describe mechanisms to verify the integrity of the network infrastructure in the Software-Defined Networking model. Finally, we propose an innovative scheme for access control of resources in Software-Defined Networking deployments

Towards a comprehensive model for track allocation and roll-time scheduling at marshalling yards

This paper considers multi-stage train formation with mixed usage tracks at a marshalling yard without departure yard. A novel integer programming model for scheduling shunting tasks as well as allocating arrival yard tracks and classification bowl tracks is presented. By taking a comprehensive view of the marshalling yard operations, more effective schedules can be found, and a variety of characteristics can be optimised, including shunting work effort, number or cost of tracks, and shunting task start times. Two different objective functions are evaluated: minimising work effort in terms of wagon pull-backs and minimising track costs. A procedure for finding a hot-start solution with few wagon pull-backs is also presented. The proposed model is tested on real data from Sävenäs marshalling yard in Sweden. The results show that the method is able to return an optimal schedule for a planning period of 4 days if the hot-start solution is optimal or the remaining problem is tractable for the heuristics in CPLEX

From LiDAR to Underground Maps via 5G - Business Models Enabling a System-of-Systems Approach to Mapping the Kankberg Mine

With ever-increasing productivity targets in mining operations, there is a growing interest in mining automation. The PIMM project addresses the fundamental challenge of network communication by constructing a pilot 5G network in the underground mine Kankberg. In this report, we discuss how such a 5G network could constitute the essential infrastructure to organize existing systems in Kankberg into a system-of-systems (SoS). In this report, we analyze a scenario in which LiDAR equipped vehicles operating in the mine are connected to existing mine mapping and positioning solutions. The approach is motivated by the approaching era of remote controlled, or even autonomous, vehicles in mining operations. The proposed SoS could ensure continuously updated maps of Kankberg, rendered in unprecedented detail, supporting both productivity and safety in the underground mine. We present four different SoS solutions from an organizational point of view, discussing how development and operations of the constituent systems could be distributed among Boliden and external stakeholders, e.g., the vehicle suppliers, the hauling company, and the developers of the mapping software. The four scenarios are compared from both technical and business perspectives, and based on trade-off discussions and SWOT analyses. We conclude our report by recommending continued research along two future paths, namely a closer cooperation with the vehicle suppliers, and further feasibility studies regarding establishing a Kankberg software ecosystem

Teknisk slutrapport för FLTP - Framtidens LeveransTågplaneProcess

Slutrapporten sammanfattar arbetet som gjorts i projektet FLTP-Framtidens LeveransTågplaneProcess. FLTP har utförts av RISE SICS AB på uppdrag av Trafikverket under åren 2014-2016. Syftet med projektet har varit att undersöka planeringsmetoder för att ta fram leveransåtagande i en tänkt framtida långtidsprocess när Successiv Planering är fullt genomfört. Projektet har tagit fram ett planeringskoncept där alla kördagars individuella trafiksituation beaktas, och matematiska modeller och heuristiker som kan stödja den föreslagna planeringsmetoden har utformats och testats. Rapporten presenterar övergripande de metoder, resultat och slutsatser som projektet levererat, och ger också sammanhang till projektets övriga publikationer. Slutrapporten presenterar även i stora drag de mål som projektet satte upp, samt till vilken grad dessa har uppfyllts

Searchable Encrypted Relational Databases: Risks and Countermeasures

We point out the risks of protecting relational databases via Searchable Symmetric Encryption (SSE) schemes by proposing an inference attack exploiting the structural properties of relational databases. We show that record-injection attacks mounted on relational databases have worse consequences than their file-injection counterparts on unstructured databases. Moreover, we discuss some techniques to reduce the effectiveness of inference attacks exploiting the access pattern leakage existing in SSE schemes. To the best of our knowledge, this is the first work that investigates the security of relational databases protected by SSE schemes

Uncovered capacity in Incremental Allocation

This paper summarizes the work to estimate the value of uncovered capacity when using Incremental Allocation, including how it was calculated. The estimation was performed as part of the commercial valuation of Incremental Allocation. This valuation was made within the PENG framework. The aim is to estimate the value of new traffic that can be served by the uncovered capacity. The calculations are based on the UIC406 standard, but instead of analysing the traffic executed on a typical day the planned train paths are analysed. More precisely, the input data is a snapshot from planning tool TrainPlan from 2011-04-08, including AdHoc train paths. The results show that a large portion of the available capacity is hidden from use by the current planning methods and scheduling rules