24 research outputs found
Design, analysis and optimization of visible light communications based indoor access systems for mobile and internet of things applications
Demands for indoor broadband wireless access services are expected to outstrip the spectrum capacity in the near-term spectrum crunch . Deploying additional femtocells to address spectrum crunch is cost-inefficient due to the backhaul challenge and the exorbitant system maintenance. According to an Alcatel-Lucent report, most mobile Internet access traffic happens indoors. To alleviate the spectrum crunch and the backhaul challenge problems, visible light communication (VLC) emerges as an attractive candidate for indoor wireless access in the 5G architecture. In particular, VLC utilizes LED or fluorescent lamps to send out imperceptible flickering light that can be captured by a smart phone camera or photodetector. Leveraging power line communication and the available indoor infrastructure, VLC can be utilized with a small one-time cost. VLC also facilitates the great advantage of being able to jointly perform illumination and communications. Integration of VLC into the existing indoor wireless access networks embraces many challenges, such as lack of uplink infrastructure, excessive delay caused by blockage in heterogeneous networks, and overhead of power consumption. In addition, applying VLC to Internet-of-Things (IoT) applications, such as communication and localization, faces the challenges including ultra-low power requirement, limited modulation bandwidth, and heavy computation and sensing at the device end. In this dissertation, to overcome the challenges of VLC, a VLC enhanced WiFi system is designed by incorporating VLC downlink and WiFi uplink to connect mobile devices to the Internet. To further enhance robustness and throughput, WiFi and VLC are aggregated in parallel by leveraging the bonding technique in Linux operating system. Based on dynamic resource allocation, the delay performance of heterogeneous RF-VLC network is analyzed and evaluated for two different configurations - aggregation and non-aggregation. To mitigate the power consumption overhead of VLC, a problem of minimizing the total power consumption of a general multi-user VLC indoor network while satisfying users traffic demands and maintaining an acceptable level of illumination is formulated. The optimization problem is solved by the efficient column generation algorithm. With ultra-low power consumption, VLC backscatter harvests energy from indoor light sources and transmits optical signals by modulating the reflected light from a reflector. A novel pixelated VLC backscatter is proposed and prototyped to address the limited modulation bandwidth by enabling more advanced modulation scheme than the state-of-the-art on-off keying (OOK) scheme and allowing for the first time orthogonal multiple access. VLC-based indoor access system is also suitable for indoor localization due to its unique properties, such as utilization of existing ubiquitous lighting infrastructure, high location and orientation accuracy, and no interruption to RF-based devices. A novel retroreflector-based visible light localization system is proposed and prototyped to establish an almost zero-delay backward channel using a retroreflector to reflect light back to its source. This system can localize passive IoT devices without requiring computation and heavy sensing (e.g., camera) at the device end
Systems Support for Trusted Execution Environments
Cloud computing has become a default choice for data processing by both large corporations and individuals due to its economy of scale and ease of system management. However, the question of trust and trustoworthy computing inside the Cloud environments has been long neglected in practice and further exacerbated by the proliferation of AI and its use for processing of sensitive user data. Attempts to implement the mechanisms for trustworthy computing in the cloud have previously remained theoretical due to lack of hardware primitives in the commodity CPUs, while a combination of Secure Boot, TPMs, and virtualization has seen only limited adoption. The situation has changed in 2016, when Intel introduced the Software Guard Extensions (SGX) and its enclaves to the x86 ISA CPUs: for the first time, it became possible to build trustworthy applications relying on a commonly available technology. However, Intel SGX posed challenges to the practitioners who discovered the limitations of this technology, from the limited support of legacy applications and integration of SGX enclaves into the existing system, to the performance bottlenecks on communication, startup, and memory utilization. In this thesis, our goal is enable trustworthy computing in the cloud by relying on the imperfect SGX promitives. To this end, we develop and evaluate solutions to issues stemming from limited systems support of Intel SGX: we investigate the mechanisms for runtime support of POSIX applications with SCONE, an efficient SGX runtime library developed with performance limitations of SGX in mind. We further develop this topic with FFQ, which is a concurrent queue for SCONE's asynchronous system call interface. ShieldBox is our study of interplay of kernel bypass and trusted execution technologies for NFV, which also tackles the problem of low-latency clocks inside enclave. The two last systems, Clemmys and T-Lease are built on a more recent SGXv2 ISA extension. In Clemmys, SGXv2 allows us to significantly reduce the startup time of SGX-enabled functions inside a Function-as-a-Service platform. Finally, in T-Lease we solve the problem of trusted time by introducing a trusted lease primitive for distributed systems. We perform evaluation of all of these systems and prove that they can be practically utilized in existing systems with minimal overhead, and can be combined with both legacy systems and other SGX-based solutions. In the course of the thesis, we enable trusted computing for individual applications, high-performance network functions, and distributed computing framework, making a <vision of trusted cloud computing a reality
Trustworthy Knowledge Planes For Federated Distributed Systems
In federated distributed systems, such as the Internet and the public cloud, the constituent systems can differ in their configuration and provisioning, resulting in significant impacts on the performance, robustness, and security of applications. Yet these systems lack support for distinguishing such characteristics, resulting in uninformed service selection and poor inter-operator coordination. This thesis presents the design and implementation of a trustworthy knowledge plane that can determine such characteristics about autonomous networks on the Internet. A knowledge plane collects the state of network devices and participants. Using this state, applications infer whether a network possesses some characteristic of interest. The knowledge plane uses attestation to attribute state descriptions to the principals that generated them, thereby making the results of inference more trustworthy. Trustworthy knowledge planes enable applications to establish stronger assumptions about their network operating environment, resulting in improved robustness and reduced deployment barriers. We have prototyped the knowledge plane and associated devices. Experience with deploying analyses over production networks demonstrate that knowledge planes impose low cost and can scale to support Internet-scale networks
Real-time communications over switched Ethernet supporting dynamic QoS management
Doutoramento em Engenharia InformáticaDurante a última década temos assistido a um crescente aumento na utilização
de sistemas embutidos para suporte ao controlo de processos, de sistemas
robóticos, de sistemas de transportes e veículos e até de sistemas domóticos
e eletrodomésticos. Muitas destas aplicações são críticas em termos de
segurança de pessoas e bens e requerem um alto nível de determinismo com
respeito aos instantes de execução das respectivas tarefas. Além disso, a implantação
destes sistemas pode estar sujeita a limitações estruturais, exigindo
ou beneficiando de uma configuração distribuída, com vários subsistemas
computacionais espacialmente separados. Estes subsistemas, apesar de
espacialmente separados, são cooperativos e dependem de uma infraestrutura
de comunicação para atingir os objectivos da aplicação e, por consequência,
também as transacções efectuadas nesta infraestrutura estão sujeitas às
restrições temporais definidas pela aplicação.
As aplicações que executam nestes sistemas distribuídos, chamados
networked embedded systems (NES), podem ser altamente complexas e
heterogéneas, envolvendo diferentes tipos de interacções com diferentes
requisitos e propriedades. Um exemplo desta heterogeneidade é o modelo de
activação da comunicação entre os subsistemas que pode ser desencadeada
periodicamente de acordo com uma base de tempo global (time-triggered),
como sejam os fluxos de sistemas de controlo distribuído, ou ainda ser
desencadeada como consequência de eventos assíncronos da aplicação
(event-triggered). Independentemente das características do tráfego ou do
seu modelo de activação, é de extrema importância que a plataforma de
comunicações disponibilize as garantias de cumprimento dos requisitos da
aplicação ao mesmo tempo que proporciona uma integração simples dos
vários tipos de tráfego.
Uma outra propriedade que está a emergir e a ganhar importância no seio
dos NES é a flexibilidade. Esta propiedade é realçada pela necessidade de
reduzir os custos de instalação, manutenção e operação dos sistemas. Neste
sentido, o sistema é dotado da capacidade para adaptar o serviço fornecido à
aplicação aos respectivos requisitos instantâneos, acompanhando a evolução
do sistema e proporcionando uma melhor e mais racional utilização dos
recursos disponíveis.
No entanto, maior flexibilidade operacional é igualmente sinónimo de
maior complexidade derivada da necessidade de efectuar a alocação dinâmica
dos recursos, acabando também por consumir recursos adicionais no sistema.
A possibilidade de modificar dinâmicamente as caracteristicas do sistema
também acarreta uma maior complexidade na fase de desenho e especificação.
O aumento do número de graus de liberdade suportados faz aumentar
o espaço de estados do sistema, dificultando a uma pre-análise. No sentido de
conter o aumento de complexidade são necessários modelos que representem
a dinâmica do sistema e proporcionem uma gestão optimizada e justa dos
recursos com base em parâmetros de qualidade de serviço (QdS).
É nossa tese que as propriedades de flexibilidade, pontualidade e gestão
dinâmica de QdS podem ser integradas numa rede switched Ethernet (SE),
tirando partido do baixo custo, alta largura de banda e fácil implantação. Nesta
dissertação é proposto um protocolo, Flexible Time-Triggered communication
over Switched Ethernet (FTT-SE), que suporta as propriedades desejadas e
que ultrapassa as limitações das redes SE para aplicações de tempo-real tais
como a utilização de filas FIFO, a existência de poucos níveis de prioridade
e a pouca capacidade de gestão individualizada dos fluxos. O protocolo
baseia-se no paradigma FTT, que genericamente define a arquitectura de uma
pilha protocolar sobre o acesso ao meio de uma rede partilhada, impondo
desta forma determinismo temporal, juntamente com a capacidade para
reconfiguração e adaptação dinâmica da rede. São ainda apresentados vários
modelos de distribuição da largura de banda da rede de acordo com o nível de
QdS especificado por cada serviço utilizador da rede.
Esta dissertação expõe a motivação para a criação do protocolo FTT-SE,
apresenta uma descrição do mesmo, bem como a análise de algumas das
suas propiedades mais relevantes. São ainda apresentados e comparados
modelos de distribuição da QdS. Finalmente, são apresentados dois casos de
aplicações que sustentam a validade da tese acima mencionada.During the last decade we have witnessed a massive deployment of embedded
systems on a wide applications range, from industrial automation to process
control, avionics, cars or even robotics. Many of these applications have an
inherently high level of criticality, having to perform tasks within tight temporal
constraints. Additionally, the configuration of such systems is often distributed,
with several computing nodes that rely on a communication infrastructure to
cooperate and achieve the application global goals. Therefore, the communications
are also subject to the same temporal constraints set by the application
requirements.
Many applications relying on such networked embedded systems (NES)
are complex and heterogeneous, comprehending different activities with different
requirements and properties. For example, the communication between
subsystems may follow a strict temporal synchronization with respect to a
global time-base (time-triggered), like in a distributed feedback control loop,
or it may be issued asynchronously upon the occurrence of events (eventtriggered).
Regardless of the traffic characteristics and its activation model, it
is of paramount importance having a communication framework that provides
seamless integration of heterogeneous traffic sources while guaranteeing the
application requirements.
Another property that has been emerging as important for NES design and
operation is flexibility. The need to reduce installation and operational costs,
while facilitating maintenance is promoting a more rational use of the available
resources at run-time, exploring the ability to tune service parameters as the
system evolves.
However, such operational flexibility comes with the cost of increasing the
complexity of the system to handle the dynamic resource management, which
on the other hand demands the allocation of additional system resources.
Moreover, the capacity to dynamically modify the system properties also
causes a higher complexity when designing and specifying the system, since
the operational state-space increases with the degrees of flexibility of the
system.
Therefore, in order to bound this complexity appropriate operational models
are needed to handle the system dynamics and carry on an efficient and
fair resource management strategy based on quality of service (QoS) metrics.
This thesis states that the properties of flexibility and timeliness as needed
for dynamic QoS management can be provided to switched Ethernet based
systems. Switched Ethernet, although initially designed for general purpose
Internet access and file transfers, is becoming widely used in NES-based applications.
However, COTS switched Ethernet is insufficient regarding the needs
for real-time predictability and for supporting the aforementioned properties due
the use of FIFO queues too few priority levels and for stream-level management
capabilities. In this dissertation we propose a protocol to overcome those
limitations, namely the Flexible Time-Triggered communication over Switched
Ethernet (FTT-SE). The protocol is based on the FTT paradigm that generically
defines a protocol architecture suitable to enforce real-time determinism on a
communication network supporting the desired flexibility properties.
This dissertation addresses the motivation for FTT-SE, describing the
protocol as well as its schedulability analysis. It additionally covers the resource
distribution topic, where several distribution models are proposed to manage
the resource capacity among the competing services and while considering
the QoS level requirements of each service. A couple of application cases are
shown that support the aforementioned thesis
Trustworthy Knowledge Planes For Federated Distributed Systems
In federated distributed systems, such as the Internet and the public cloud, the constituent systems can differ in their configuration and provisioning, resulting in significant impacts on the performance, robustness, and security of applications. Yet these systems lack support for distinguishing such characteristics, resulting in uninformed service selection and poor inter-operator coordination. This thesis presents the design and implementation of a trustworthy knowledge plane that can determine such characteristics about autonomous networks on the Internet. A knowledge plane collects the state of network devices and participants. Using this state, applications infer whether a network possesses some characteristic of interest. The knowledge plane uses attestation to attribute state descriptions to the principals that generated them, thereby making the results of inference more trustworthy. Trustworthy knowledge planes enable applications to establish stronger assumptions about their network operating environment, resulting in improved robustness and reduced deployment barriers. We have prototyped the knowledge plane and associated devices. Experience with deploying analyses over production networks demonstrate that knowledge planes impose low cost and can scale to support Internet-scale networks