8,141 research outputs found
Aggregating and Deploying Network Access Control Policies
The existence of errors or inconsistencies in the configuration of security
components, such as filtering routers and/or firewalls, may lead to weak access
control policies -- potentially easy to be evaded by unauthorized parties. We
present in this paper a proposal to create, manage, and deploy consistent
policies in those components in an efficient way. To do so, we combine two main
approaches. The first approach is the use of an aggregation mechanism that
yields consistent configurations or signals inconsistencies. Through this
mechanism we can fold existing policies of a given system and create a
consistent and global set of access control rules -- easy to maintain and
manage by using a single syntax. The second approach is the use of a refinement
mechanism that guarantees the proper deployment of such a global set of rules
into the system, yet free of inconsistencies.Comment: 9 page
A Virtual Network PaaS for 3GPP 4G and Beyond Core Network Services
Cloud computing and Network Function Virtualization (NFV) are emerging as key
technologies to overcome the challenges facing 4G and beyond mobile systems.
Over the last few years, Platform-as-a-Service (PaaS) has gained momentum and
has become more widely adopted throughout IT enterprises. It simplifies the
applications provisioning and accelerates time-to-market while lowering costs.
Telco can leverage the same model to provision the 4G and beyond core network
services using NFV technology. However, many challenges have to be addressed,
mainly due to the specificities of network services. This paper proposes an
architecture for a Virtual Network Platform-as-a-Service (VNPaaS) to provision
3GPP 4G and beyond core network services in a distributed environment. As an
illustrative use case, the proposed architecture is employed to provision the
3GPP Home Subscriber Server (HSS) as-a-Service (HSSaaS). The HSSaaS is built
from Virtualized Network Functions (VNFs) resulting from a novel decomposition
of HSS. A prototype is implemented and early measurements are made.Comment: 7 pages, 6 figures, 2 tables, 5th IEEE International Conference on
Cloud Networking (IEEE CloudNet 2016
Secure Cloud-Edge Deployments, with Trust
Assessing the security level of IoT applications to be deployed to
heterogeneous Cloud-Edge infrastructures operated by different providers is a
non-trivial task. In this article, we present a methodology that permits to
express security requirements for IoT applications, as well as infrastructure
security capabilities, in a simple and declarative manner, and to automatically
obtain an explainable assessment of the security level of the possible
application deployments. The methodology also considers the impact of trust
relations among different stakeholders using or managing Cloud-Edge
infrastructures. A lifelike example is used to showcase the prototyped
implementation of the methodology
Must Realists Be Pessimists About Democracy? Responding to Epistemic and Oligarchic Challenges
In this paper we show how a realistic normative democratic theory can work within the constraints set by the most pessimistic empirical results about voting behaviour and elite capture of the policy process. After setting out the empirical evidence and discussing some extant responses by political theorists, we argue that the evidence produces a two-pronged challenge for democracy: an epistemic challenge concerning the quality and focus of decision-making and an oligarchic challenge concerning power concentration. To address the challenges we then put forward three main normative claims, each of which is compatible with the evidence. We start with a critique of the epistocratic position commonly thought to be supported by the evidence. We then introduce a qualified critique of referenda and other forms of plebiscite, and an outline of a tribune-based system of popular control over oligarchic influence on the policy process. Our discussion points towards a renewal of democracy in a plebeian but not plebiscitarian direction: Attention to the relative power of social classes matters more than formal dispersal of power through voting. We close with some methodological reflections about the compatibility between our normative claims and the realist program in political philosophy
Evaluation of Anonymized ONS Queries
Electronic Product Code (EPC) is the basis of a pervasive infrastructure for
the automatic identification of objects on supply chain applications (e.g.,
pharmaceutical or military applications). This infrastructure relies on the use
of the (1) Radio Frequency Identification (RFID) technology to tag objects in
motion and (2) distributed services providing information about objects via the
Internet. A lookup service, called the Object Name Service (ONS) and based on
the use of the Domain Name System (DNS), can be publicly accessed by EPC
applications looking for information associated with tagged objects. Privacy
issues may affect corporate infrastructures based on EPC technologies if their
lookup service is not properly protected. A possible solution to mitigate these
issues is the use of online anonymity. We present an evaluation experiment that
compares the of use of Tor (The second generation Onion Router) on a global
ONS/DNS setup, with respect to benefits, limitations, and latency.Comment: 14 page
- âŠ