129 research outputs found
Developing an ontology for the domain name system
©2005 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.Ontologies provide a means of modelling and representing a knowledge domain. Such representation, already used in purpose-built distributed information systems, can also be of great value when applied to existing distributed information systems. The domain name system (DNS) provides a wide-area distributed name resolution system which is used extensively across the Internet. Changing the type and nature of resource records stored in the DNS currently requires an extensive request for comment procedure which takes a substantial amount of time, as the change has to be made globally. We propose an ontology for a DNS zone file, to provide a machine readable codification of the DNS and a mechanism for allowing local changes to the stored and represented structure of DNS records, using the extensible nature of OWL to allow local variations without having to go through the manual RFC procedure. This ontologically based system replaces a slow manual procedure with a rapid, machine-realisable procedure based on a uniform ontological representation of significant DNS knowledge. This paper discusses the application of ontologies to the DNS and how such an application can be built using OWL, the Web ontology language.Nickolas J. G. Falkner, Paul D. Coddington, Andrew L. Wendelbor
Using ontologies to support customisation and maintain interoperability in distributed information systems with application to the Domain Name System
©2006 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.Global distributed systems must be standards-based to allow interoperability between all of their components. While this guarantees interoperability, it often causes local inflexibility and an inability to adapt to specialised local requirements. We show how local flexibility and global consistency can coexist by changing the way that we represent these systems. The proven technologies already in use in the Semantic Web, to support and interpret metadata annotation, provide a well-tested starting point. We can use OWL ontologies and RDF to describe distributed systems using a knowledge-based approach. This allows us to maintain separate local and global operational spaces which, in turn, gives us local flexibility and global consistency. The annotated and well-defined data is better structured, more easily maintained and less prone to errors since its purpose can be clearly determined prior to use. To illustrate the application of our approach in distributed systems, we present our implementation of an ontologically-based Domain Name System (DNS) server and client. We also present performance figures to demonstrate that the use of this approach does not add significant overhead to system performance.Nickolas J. G. Falkner, Paul D. Coddington, Andrew L. Wendelbor
Naming, Migration, and Replication for NFSv4
In this paper, we discuss a global name space for NFSv4 and mechanisms for transparent migration and replication. By convention, any file or directory name beginning with /nfs on an NFS client is part of this shared global name space. Our system supports file system migration and replication through DNS resolution, provides directory migration and replication using built-in NFSv4 mechanisms, and supports read/write replication with precise consistency guarantees, small performance penalty, and good scaling. We implement these features with small extensions to the published NFSv4 protocol, and demonstrate a practical way to enhance network transparency and administerability of NFSv4 in wide area networks.http://deepblue.lib.umich.edu/bitstream/2027.42/107939/1/citi-tr-06-1.pd
Towards persistent resource identification with the uniform resource name
The exponential growth of the Internet, and the subsequent reliance on the resources it connects, has exposed a clear need for an Internet identifier which remains accessible over time. Such identifiers have been dubbed persistent identifiers owing to the promise of reliability they imply. Persistent naming systems exist at present, however it is the resolution of these systems into what Kunze, (2003) calls persistent actionable identifiers which is the focus of this work. Actionable identifiers can be thought of as identifiers which are accessible in a simple fashion such as through a web browser or through a specific application. This thesis identifies the Uniform Resource Name (URN) as an appropriate identification scheme for persistent resource naming. Evaluation of current URN systems finds that no practical means of global URN resolution is currently available. Two ,new approaches to URN resolution, unique in their use of the Domain Name System (DNS) are introduced. The proposed designs are assessed according to their Usability, Security and Evolution and an implementation described for an example URN namespace of language identifiers
Participant Domain Name Token Profile for security enhancements supporting service oriented architecture
This research proposes a new secure token profile for improving the existing Web Services security standards. It provides a new authentication mechanism. This additional level of security is important for the Service-Oriented Architecture (SOA), which is an architectural style that uses a set of principles and design rules to shape interacting applications and maintain interoperability. Currently, the market push is towards SOA, which provides several advantages, for instance: integration with heterogeneous systems, services reuse, standardization of data exchange, etc. Web Services is one of the technologies to implement SOA and it can be implemented using Simple Object Access Protocol (SOAP).
A SOAP-based Web Service relies on XML for its message format and common application layer protocols for message negotiation and transmission. However, it is a security challenge when a message is transmitted over the network, especially on the Internet. The Organization for Advancement of Structured Information Standards (OASIS) announced a set of Web Services Security standards that focus on two major areas. “Who” can use the Web Service and “What” are the permissions. However, the location or domain of the message sender is not authenticated. Therefore, a new secure token profile called: Participant Domain Name Token Profile (PDNT) is created to tackle this issue.
The PDNT provides a new security feature, which the existing token profiles do not address. Location-based authentication is achieved if adopting the PDNT when using Web Services. In the performance evaluation, PDNT is demonstrated to be significantly faster than other secure token profiles. The processing overhead of using the PDNT with other secure token profiles is very small given the additional security provided. Therefore all the participants can acquire the benefits of increased security and performance at low cost
Traffic engineering in multihomed sites
It is expected that IPv6 multihomed sites will obtain as many global prefixes as direct providers they have, so traffic engineering techniques currently used in IPv4 multihomed sites is no longer suitable. However, traffic engineering is required for several reasons, and in particular, for being able to properly support multimedia communications. In this paper we present a framework for traffic engineering in IPv6 multihomed sites with multiple global prefixes. Within this framework, we have included several tools such as DNS record manipulation and proper configuration of the policy table defined in RFC 3484. To provide automation in the management of traffic engineering, we analyzed the usage of two mechanisms to configure the policy table.This work has been partly supported by the European Union under the E-Next Project FP6-506869 and by the OPTINET6 project TIC-2003-09042-C03-01.Publicad
Authenticated and Secure Automotive Service Discovery with DNSSEC and DANE
Automotive softwarization is progressing and future cars are expected to
operate a Service-Oriented Architecture on multipurpose compute units, which
are interconnected via a high-speed Ethernet backbone. The AUTOSAR architecture
foresees a universal middleware called SOME/IP that provides the service
primitives, interfaces, and application protocols on top of Ethernet and IP.
SOME/IP lacks a robust security architecture, even though security is an
essential in future Internet-connected vehicles. In this paper, we augment the
SOME/IP service discovery with an authentication and certificate management
scheme based on DNSSEC and DANE. We argue that the deployment of well-proven,
widely tested standard protocols should serve as an appropriate basis for a
robust and reliable security infrastructure in cars. Our solution enables
on-demand service authentication in offline scenarios, easy online updates, and
remains free of attestation collisions. We evaluate our extension of the common
vsomeip stack and find performance values that fully comply with car
operations
kube-volttron: Rearchitecting the VOLTTRON Building Energy Management System for Cloud Native Deployment
Managing the energy consumption of the built environment is an important
source of flexible load and decarbonization, enabling building managers and
utilities to schedule consumption to avoid costly demand charges and peak times
when carbon emissions from grid generated electricity are highest. A key
technology component in building energy management is the building energy
management system. Eclipse VOLTTRON is a legacy software platform which enables
building energy management. It was developed for the US Department of Energy
(DOE) at Pacific Northwest National Labs (PNNL) written in Python and based on
a monolithic build-configure-and-run-in-place system architecture that predates
cloud native architectural concepts. Yet the software architecture is
componentized in a way that anticipates modular containerized applications,
with software agents handling functions like data storage, web access, and
communication with IoT devices over specific IoT protocols such as BACnet and
Modbus. The agents communicate among themselves over a message bus. This paper
describes a proof-of-concept prototype to rearchitect VOLTTRON into a
collection of microservices suitable for deployment on the Kubernetes cloud
native container orchestration platform. The agents are packaged in
redistributable containers that perform specific functions and which can be
configured when they are deployed. The deployment architecture consists of
single Kubernetes cluster containing a central node, nominally in a cloud-based
VM, where a microservice containing the database agent (called a "historian")
and the web site agent for the service run, and gateway nodes running on sites
in buildings where a microservice containing IoT protocol-specific agents
handles control and data collection to and from devices, and communication back
to the central node
- …