44 research outputs found

    Strengthening Privacy and Cybersecurity through Anonymization and Big Data

    Get PDF
    L'abstract Ăš presente nell'allegato / the abstract is in the attachmen

    Securing Distributed Systems: A Survey on Access Control Techniques for Cloud, Blockchain, IoT and SDN

    Get PDF
    Access Control is a crucial defense mechanism organizations can deploy to meet modern cybersecurity needs and legal compliance with data privacy. The aim is to prevent unauthorized users and systems from accessing protected resources in a way that exceeds their permissions. The present survey aims to summarize state-of-the-art Access Control techniques, presenting recent research trends in this area. Moreover, as the cyber-attack landscape and zero-trust networking challenges require organizations to consider their Information Security management strategies carefully, in this study, we present a review of contemporary Access Control techniques and technologies being discussed in the literature and the various innovations and evolution of the technology. We also discuss adopting and applying different Access Control techniques and technologies in four upcoming and crucial domains: Cloud Computing, Blockchain, the Internet of Things, and Software-Defined Networking. Finally, we discuss the business adoption strategies for Access Control and how the technology can be integrated into a cybersecurity and network architecture strategy

    Modelling, Dimensioning and Optimization of 5G Communication Networks, Resources and Services

    Get PDF
    This reprint aims to collect state-of-the-art research contributions that address challenges in the emerging 5G networks design, dimensioning and optimization. Designing, dimensioning and optimization of communication networks resources and services have been an inseparable part of telecom network development. The latter must convey a large volume of traffic, providing service to traffic streams with highly differentiated requirements in terms of bit-rate and service time, required quality of service and quality of experience parameters. Such a communication infrastructure presents many important challenges, such as the study of necessary multi-layer cooperation, new protocols, performance evaluation of different network parts, low layer network design, network management and security issues, and new technologies in general, which will be discussed in this book

    A one-pass clustering based sketch method for network monitoring

    Get PDF
    Network monitoring solutions need to cope with increasing network traffic volumes, as a result, sketch-based monitoring methods have been extensively studied to trade accuracy for memory scalability and storage reduction. However, sketches are sensitive to skewness in network flow distributions due to hash collisions, and need complicated performance optimization to adapt to line-rate packet streams. We provide Jellyfish, an efficient sketch method that performs one-pass clustering over the network stream. One-pass clustering is realized by adapting the monitoring granularity from the whole network flow to fragments called subflows, which not only reduces the ingestion rate but also provides an efficient intermediate representation for the input to the sketch. Jellyfish provides the network-flow level query interface by reconstructing the network-flow level counters by merging subflow records from the same network flow. We provide probabilistic analysis of the expected accuracy of both existing sketch methods and Jellyfish. Real-world trace-driven experiments show that Jellyfish reduces the average estimation errors by up to six orders of magnitude for per-flow queries, by six orders of magnitude for entropy queries, and up to ten times for heavy-hitter queries.This work was supported in part by the National Natural Science Foundation of China (NSFC) under Grant 61972409; in part by Hong Kong Research Grants Council (RGC) under Grant TRS T41-603/20-R, Grant GRF-16213621, and Grant ITF ACCESS; in part by the Spanish I+D+i project TRAINER-A, funded by MCIN/AEI/10.13039/501100011033, under Grant PID2020-118011GB-C21; and in part by the Catalan Institution for Research and Advanced Studies (ICREA Academia).Peer ReviewedPostprint (author's final draft

    LIPIcs, Volume 274, ESA 2023, Complete Volume

    Get PDF
    LIPIcs, Volume 274, ESA 2023, Complete Volum

    Accelerating orchestration with in-network offloading

    Get PDF
    The demand for low-latency Internet applications has pushed functionality that was originally placed in commodity hardware into the network. Either in the form of binaries for the programmable data plane or virtualised network functions, services are implemented within the network fabric with the aim of improving their performance and placing them close to the end user. Training of machine learning algorithms, aggregation of networking traffic, virtualised radio access components, are just some of the functions that have been deployed within the network. Therefore, as the network fabric becomes the accelerator for various applications, it is imperative that the orchestration of their components is also adapted to the constraints and capabilities of the deployment environment. This work identifies performance limitations of in-network compute use cases for both cloud and edge environments and makes suitable adaptations. Within cloud infrastructure, this thesis proposes a platform that relies on programmable switches to accelerate the performance of data replication. It then proceeds to discuss design adaptations of an orchestrator that will allow in-network data offloading and enable accelerated service deployment. At the edge, the topic of inefficient orchestration of virtualised network functions is explored, mainly with respect to energy usage and resource contention. An orchestrator is adapted to schedule requests by taking into account edge constraints in order to minimise resource contention and accelerate service processing times. With data transfers consuming valuable resources at the edge, an efficient data representation mechanism is implemented to provide statistical insight on the provenance of data at the edge and enable smart query allocation to nodes with relevant data. Taking into account the previous state of the art, the proposed data plane replication method appears to be the most computationally efficient and scalable in-network data replication platform available, with significant improvements in throughput and up to an order of magnitude decrease in latency. The orchestrator of virtual network functions at the edge was shown to reduce event rejections, total processing time, and energy consumption imbalances over the default orchestrator, thus proving more efficient use of the infrastructure. Lastly, computational cost at the edge was further reduced with the use of the proposed query allocation mechanism which minimised redundant engagement of nodes

    LIPIcs, Volume 244, ESA 2022, Complete Volume

    Get PDF
    LIPIcs, Volume 244, ESA 2022, Complete Volum

    On the malware detection problem : challenges and novel approaches

    Get PDF
    Orientador: AndrĂ© Ricardo Abed GrĂ©gioCoorientador: Paulo LĂ­cio de GeusTese (doutorado) - Universidade Federal do ParanĂĄ, Setor de CiĂȘncias Exatas, Programa de PĂłs-Graduação em InformĂĄtica. Defesa : Curitiba,Inclui referĂȘnciasÁrea de concentração: CiĂȘncia da ComputaçãoResumo: Software Malicioso (malware) Ă© uma das maiores ameaças aos sistemas computacionais atuais, causando danos Ă  imagem de indivĂ­duos e corporaçÔes, portanto requerendo o desenvolvimento de soluçÔes de detecção para prevenir que exemplares de malware causem danos e para permitir o uso seguro dos sistemas. Diversas iniciativas e soluçÔes foram propostas ao longo do tempo para detectar exemplares de malware, de Anti-VĂ­rus (AVs) a sandboxes, mas a detecção de malware de forma efetiva e eficiente ainda se mantĂ©m como um problema em aberto. Portanto, neste trabalho, me proponho a investigar alguns desafios, falĂĄcias e consequĂȘncias das pesquisas em detecção de malware de modo a contribuir para o aumento da capacidade de detecção das soluçÔes de segurança. Mais especificamente, proponho uma nova abordagem para o desenvolvimento de experimentos com malware de modo prĂĄtico mas ainda cientĂ­fico e utilizo-me desta abordagem para investigar quatro questĂ”es relacionadas a pesquisa em detecção de malware: (i) a necessidade de se entender o contexto das infecçÔes para permitir a detecção de ameaças em diferentes cenĂĄrios; (ii) a necessidade de se desenvolver melhores mĂ©tricas para a avaliação de soluçÔes antivĂ­rus; (iii) a viabilidade de soluçÔes com colaboração entre hardware e software para a detecção de malware de forma mais eficiente; (iv) a necessidade de predizer a ocorrĂȘncia de novas ameaças de modo a permitir a resposta Ă  incidentes de segurança de forma mais rĂĄpida.Abstract: Malware is a major threat to most current computer systems, causing image damages and financial losses to individuals and corporations, thus requiring the development of detection solutions to prevent malware to cause harm and allow safe computers usage. Many initiatives and solutions to detect malware have been proposed over time, from AntiViruses (AVs) to sandboxes, but effective and efficient malware detection remains as a still open problem. Therefore, in this work, I propose taking a look on some malware detection challenges, pitfalls and consequences to contribute towards increasing malware detection system's capabilities. More specifically, I propose a new approach to tackle malware research experiments in a practical but still scientific manner and leverage this approach to investigate four issues: (i) the need for understanding context to allow proper detection of localized threats; (ii) the need for developing better metrics for AV solutions evaluation; (iii) the feasibility of leveraging hardware-software collaboration for efficient AV implementation; and (iv) the need for predicting future threats to allow faster incident responses
    corecore