VIoLET: A Large-scale Virtual Environment for Internet of Things

IoT deployments have been growing manifold, encompassing sensors, networks, edge, fog and cloud resources. Despite the intense interest from researchers and practitioners, most do not have access to large-scale IoT testbeds for validation. Simulation environments that allow analytical modeling are a poor substitute for evaluating software platforms or application workloads in realistic computing environments. Here, we propose VIoLET, a virtual environment for defining and launching large-scale IoT deployments within cloud VMs. It offers a declarative model to specify container-based compute resources that match the performance of the native edge, fog and cloud devices using Docker. These can be inter-connected by complex topologies on which private/public networks, and bandwidth and latency rules are enforced. Users can configure synthetic sensors for data generation on these devices as well. We validate VIoLET for deployments with > 400 devices and > 1500 device-cores, and show that the virtual IoT environment closely matches the expected compute and network performance at modest costs. This fills an important gap between IoT simulators and real deployments.Comment: To appear in the Proceedings of the 24TH International European Conference On Parallel and Distributed Computing (EURO-PAR), August 27-31, 2018, Turin, Italy, europar2018.org. Selected as a Distinguished Paper for presentation at the Plenary Session of the conferenc

SDN/NFV-enabled satellite communications networks: opportunities, scenarios and challenges

In the context of next generation 5G networks, the satellite industry is clearly committed to revisit and revamp the role of satellite communications. As major drivers in the evolution of (terrestrial) fixed and mobile networks, Software Defined Networking (SDN) and Network Function Virtualisation (NFV) technologies are also being positioned as central technology enablers towards improved and more flexible integration of satellite and terrestrial segments, providing satellite network further service innovation and business agility by advanced network resources management techniques. Through the analysis of scenarios and use cases, this paper provides a description of the benefits that SDN/NFV technologies can bring into satellite communications towards 5G. Three scenarios are presented and analysed to delineate different potential improvement areas pursued through the introduction of SDN/NFV technologies in the satellite ground segment domain. Within each scenario, a number of use cases are developed to gain further insight into specific capabilities and to identify the technical challenges stemming from them.Peer ReviewedPostprint (author's final draft

Enterprise Cloud Security Guidance and Strategies for Enterprises

Hinnanguliselt 72% ettevõtetest kasutavad vähemalt ühte pilves olevat rakendust või on mingi osa nende IT infrastruktuurist pilves. Uurimistööd näitavad, et 56% tehnoloogia valdkonna otsustajatest uurivad erinevaid võimalusi pilvelahenduste kasutamiseks. Eel-toodu tõttu on oluline mõista erinevaid pilveteenuste kasutusvõimalusi, ärivajadusi ja investeeringuid. Antud magistritöö hindab paljusid kasutegureid, mida pilverakenduste ja pilvearvutuse kasutamine pakub äritegevusele. Pilvearvutus pakub paindliku, taskuko-hast ja end tõestanud platvormi ärilahenduste ja IT lahenduste loomiseks. Pilvearvutuse kasutamine pakub ettevõtetele harukordset võimalust muuta teenuse pakkumist tõhusa-maks, juhtimist sujuvamaks ning viia IT teenused vastavusse pidevalt muutuvate äriva-jadustega. Pilvearvutuse kasutamine pakub rohkem kui ühe võimaluse ärivaldkondade usaldusväärseks toeks ning ühtlasi tõstab võimekust luua uusi ja innovaatilisi teenuseid. Olemasoleva kirjanduse mittetäielik analüüs toob esile selle, et enne ettevõtetes pilvela-henduste ja pilvearvutuse kasutuselevõttu on väga oluline pöörata tähelepanu kaasneva-tele turvalisuse väljakutsetele. Antud magistritöös on detailselt käsitletud peamisi pil-vandmetöötluse valdkonna turvalisuse probleeme ning töö järeldusena pakutakse välja soovitusi pilve turvalisuse juurutamiseks.Today an estimated 72% of enterprises use at least one cloud application or a percentage of their I.T infrastructure in the cloud. Research shows that 56% of the decision makers in technology are investigating more ways of leveraging the cloud. This makes it impor-tant to understand the different usage plans in cloud service models, business drivers and investments. This thesis measures the myriad benefits of using cloud applications, and the effect of cloud computing on business performance. As will be seen in the the-sis, cloud computing offers a flexible, affordable as well as proven platform for the pro-vision of business and IT services via the internet. Cloud computing provides companies with the rare opportunity of strengthening their efficiencies in service delivery, mana-gement streamlining, and the aligning of IT services with the ever changing business needs. In more ways than one, cloud computing provides solid support for business functions, alongside increasing the capacity for the development of new as well as inno-vative services. A non-exhaustive review of the existing literature revels that the security challenges faced by enterprises during cloud adoption and interoperability have to be addressed before the implementation of cloud computing. In this thesis, we provide a detailed overview of the key security issues in the realm of cloud computing and con-clude with the recommendations on the implementation of cloud security

Elastic Highly Available Cloud Computing

High availability and elasticity are two the cloud computing services technical features. Elasticity is a key feature of cloud computing where provisioning of resources is closely tied to the runtime demand. High availability assure that cloud applications are resilient to failures. Existing cloud solutions focus on providing both features at the level of the virtual resource through virtual machines by managing their restart, addition, and removal as needed. These existing solutions map applications to a specific design, which is not suitable for many applications especially virtualized telecommunication applications that are required to meet carrier grade standards. Carrier grade applications typically rely on the underlying platform to manage their availability by monitoring heartbeats, executing recoveries, and attempting repairs to bring the system back to normal. Migrating such applications to the cloud can be particularly challenging, especially if the elasticity policies target the application only, without considering the underlying platform contributing to its high availability (HA). In this thesis, a Network Function Virtualization (NFV) framework is introduced; the challenges and requirements of its use in mobile networks are discussed. In particular, an architecture for NFV framework entities in the virtual environment is proposed. In order to reduce signaling traffic congestion and achieve better performance, a criterion to bundle multiple functions of virtualized evolved packet-core in a single physical device or a group of adjacent devices is proposed. The analysis shows that the proposed grouping can reduce the network control traffic by 70 percent. Moreover, a comprehensive framework for the elasticity of highly available applications that considers the elastic deployment of the platform and the HA placement of the application’s components is proposed. The approach is applied to an internet protocol multimedia subsystem (IMS) application and demonstrate how, within a matter of seconds, the IMS application can be scaled up while maintaining its HA status

Security Configuration Management in Intrusion Detection and Prevention Systems

Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defense against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. IDPSs can be network or host-based and can collaborate in order to provide better detection of malicious traffic. Although several IDPS systems have been proposed, their appropriate con figuration and control for e effective detection/ prevention of attacks and efficient resource consumption is still far from trivial. Another concern is related to the slowing down of system performance when maximum security is applied, hence the need to trade o between security enforcement levels and the performance and usability of an enterprise information system. In this dissertation, we present a security management framework for the configuration and control of the security enforcement mechanisms of an enterprise information system. The approach leverages the dynamic adaptation of security measures based on the assessment of system vulnerability and threat prediction, and provides several levels of attack containment. Furthermore, we study the impact of security enforcement levels on the performance and usability of an enterprise information system. In particular, we analyze the impact of an IDPS con figuration on the resulting security of the network, and on the network performance. We also analyze the performance of the IDPS for different con figurations and under different traffic characteristics. The analysis can then be used to predict the impact of a given security con figuration on the prediction of the impact on network performance