Aggregating and Deploying Network Access Control Policies

The existence of errors or inconsistencies in the configuration of security components, such as filtering routers and/or firewalls, may lead to weak access control policies -- potentially easy to be evaded by unauthorized parties. We present in this paper a proposal to create, manage, and deploy consistent policies in those components in an efficient way. To do so, we combine two main approaches. The first approach is the use of an aggregation mechanism that yields consistent configurations or signals inconsistencies. Through this mechanism we can fold existing policies of a given system and create a consistent and global set of access control rules -- easy to maintain and manage by using a single syntax. The second approach is the use of a refinement mechanism that guarantees the proper deployment of such a global set of rules into the system, yet free of inconsistencies.Comment: 9 page

A Virtual Network PaaS for 3GPP 4G and Beyond Core Network Services

Cloud computing and Network Function Virtualization (NFV) are emerging as key technologies to overcome the challenges facing 4G and beyond mobile systems. Over the last few years, Platform-as-a-Service (PaaS) has gained momentum and has become more widely adopted throughout IT enterprises. It simplifies the applications provisioning and accelerates time-to-market while lowering costs. Telco can leverage the same model to provision the 4G and beyond core network services using NFV technology. However, many challenges have to be addressed, mainly due to the specificities of network services. This paper proposes an architecture for a Virtual Network Platform-as-a-Service (VNPaaS) to provision 3GPP 4G and beyond core network services in a distributed environment. As an illustrative use case, the proposed architecture is employed to provision the 3GPP Home Subscriber Server (HSS) as-a-Service (HSSaaS). The HSSaaS is built from Virtualized Network Functions (VNFs) resulting from a novel decomposition of HSS. A prototype is implemented and early measurements are made.Comment: 7 pages, 6 figures, 2 tables, 5th IEEE International Conference on Cloud Networking (IEEE CloudNet 2016

Secure Cloud-Edge Deployments, with Trust

Assessing the security level of IoT applications to be deployed to heterogeneous Cloud-Edge infrastructures operated by different providers is a non-trivial task. In this article, we present a methodology that permits to express security requirements for IoT applications, as well as infrastructure security capabilities, in a simple and declarative manner, and to automatically obtain an explainable assessment of the security level of the possible application deployments. The methodology also considers the impact of trust relations among different stakeholders using or managing Cloud-Edge infrastructures. A lifelike example is used to showcase the prototyped implementation of the methodology

Must Realists Be Pessimists About Democracy? Responding to Epistemic and Oligarchic Challenges

In this paper we show how a realistic normative democratic theory can work within the constraints set by the most pessimistic empirical results about voting behaviour and elite capture of the policy process. After setting out the empirical evidence and discussing some extant responses by political theorists, we argue that the evidence produces a two-pronged challenge for democracy: an epistemic challenge concerning the quality and focus of decision-making and an oligarchic challenge concerning power concentration. To address the challenges we then put forward three main normative claims, each of which is compatible with the evidence. We start with a critique of the epistocratic position commonly thought to be supported by the evidence. We then introduce a qualified critique of referenda and other forms of plebiscite, and an outline of a tribune-based system of popular control over oligarchic influence on the policy process. Our discussion points towards a renewal of democracy in a plebeian but not plebiscitarian direction: Attention to the relative power of social classes matters more than formal dispersal of power through voting. We close with some methodological reflections about the compatibility between our normative claims and the realist program in political philosophy

Evaluation of Anonymized ONS Queries

Electronic Product Code (EPC) is the basis of a pervasive infrastructure for the automatic identification of objects on supply chain applications (e.g., pharmaceutical or military applications). This infrastructure relies on the use of the (1) Radio Frequency Identification (RFID) technology to tag objects in motion and (2) distributed services providing information about objects via the Internet. A lookup service, called the Object Name Service (ONS) and based on the use of the Domain Name System (DNS), can be publicly accessed by EPC applications looking for information associated with tagged objects. Privacy issues may affect corporate infrastructures based on EPC technologies if their lookup service is not properly protected. A possible solution to mitigate these issues is the use of online anonymity. We present an evaluation experiment that compares the of use of Tor (The second generation Onion Router) on a global ONS/DNS setup, with respect to benefits, limitations, and latency.Comment: 14 page