Policy Conflict Management in Distributed SDN Environments

abstract: The ease of programmability in Software-Defined Networking (SDN) makes it a great platform for implementation of various initiatives that involve application deployment, dynamic topology changes, and decentralized network management in a multi-tenant data center environment. However, implementing security solutions in such an environment is fraught with policy conflicts and consistency issues with the hardness of this problem being affected by the distribution scheme for the SDN controllers. In this dissertation, a formalism for flow rule conflicts in SDN environments is introduced. This formalism is realized in Brew, a security policy analysis framework implemented on an OpenDaylight SDN controller. Brew has comprehensive conflict detection and resolution modules to ensure that no two flow rules in a distributed SDN-based cloud environment have conflicts at any layer; thereby assuring consistent conflict-free security policy implementation and preventing information leakage. Techniques for global prioritization of flow rules in a decentralized environment are presented, using which all SDN flow rule conflicts are recognized and classified. Strategies for unassisted resolution of these conflicts are also detailed. Alternately, if administrator input is desired to resolve conflicts, a novel visualization scheme is implemented to help the administrators view the conflicts in an aesthetic manner. The correctness, feasibility and scalability of the Brew proof-of-concept prototype is demonstrated. Flow rule conflict avoidance using a buddy address space management technique is studied as an alternate to conflict detection and resolution in highly dynamic cloud systems attempting to implement an SDN-based Moving Target Defense (MTD) countermeasures.Dissertation/ThesisDoctoral Dissertation Computer Science 201

Highly reliable, low-latency communication in low-power wireless networks

Low-power wireless networks consist of spatially distributed, resource-constrained devices – also referred to as nodes – that are typically equipped with integrated or external sensors and actuators. Nodes communicate with each other using wireless transceivers, and thus, relay data – e. g., collected sensor values or commands for actuators – cooperatively through the network. This way, low-power wireless networks can support a plethora of different applications, including, e. g., monitoring the air quality in urban areas or controlling the heating, ventilation and cooling of large buildings. The use of wireless communication in such monitoring and actuating applications allows for a higher flexibility and ease of deployment – and thus, overall lower costs – compared to wired solutions. However, wireless communication is notoriously error-prone. Message losses happen often and unpredictably, making it challenging to support applications requiring both high reliability and low latency. Highly reliable, low-latency communication – along with high energy-efficiency – are, however, key requirements to support several important application scenarios and most notably the open-/closed-loop control functions found in e. g., industry and factory automation applications. Communication protocols that rely on synchronous transmissions have been shown to be able to overcome this limitation. These protocols depart from traditional single-link transmissions and do not attempt to avoid concurrent transmissions from different nodes to prevent collisions. On the contrary, they make nodes send the same message at the same time over several paths. Phenomena like constructive interference and capture then ensure that messages are received correctly with high probability. While many approaches relying on synchronous transmissions have been presented in the literature, two important aspects received only little consideration: (i) reliable operation in harsh environments and (ii) support for event-based data traffic. This thesis addresses these two open challenges and proposes novel communication protocols to overcome them

Actas da 10ª Conferência sobre Redes de Computadores

Universidade do MinhoCCTCCentro AlgoritmiCisco SystemsIEEE Portugal Sectio

FLOSSTV Free, Libre, Open Source Software (FLOSS) within participatory 'TV hacking' Media and Arts Practices

This research operates in the context of a European political discourse, where the main concern is counter­cultural approaches to non­ mandatory collaboration and contractual agreements. FLOSSTV (Free, Libre, Open Source Software TV) covers a broad range of practices, from television via documentary up to media arts productions. This thesis documents the endeavour to formulate a policy for FLOSS culture. FLOSSTV studies the impact of new intellectual property legislation on media production, as well as conceptions and applications of collective authorship and alternative licensing schemes. FLOSSTV sets out to explore methods that can facilitate media and arts practitioners wishing to engage in collaborative media productions. The thesis sets out to investigate the theories and histories of collaborative media and arts productions in order to set the ground for an exploration of the tools, technologies and aesthetics of such collaborations. The FLOSSTV thesis proposes a set of contracts and policies that allow for such collaborations to develop. It is through practice that this research explores FLOSS culture, including its methods, licensing schemes and technologies. In order to focus the research within the field of FLOSSTV I initiated the practice ­based Deptford.TV pilot project as the central research experiment for the FLOSSTV thesis. DVD ONE contains a series of films produced collaboratively for Deptford.TV that express the characteristics and contractual arrangements of FLOSS culture. Deptford.TV is an online audiovisual database primarily collecting media assets around the Deptford area, in South­East London, UK. Deptford.TV functions as an open, collaborative platform that allows artists, film­makers, researchers and participants of the local workshops in and around Deptford, and also beyond Deptford, to store, share, re­edit and redistribute their footage and projects. The open and collaborative nature of the Deptford.TV project demonstrates a form of shared media practice in two ways: audiences become producers by submitting their own footage, and the database enables the contributors to interact with each other. Through my practice­lead research project Deptford.TV I argue that, by supporting collaborative methods and practices, FLOSS (Free, Libre, Open Source Software) can empower media and arts practitioners to collaborate in production and distribution processes of media and arts practices

Security Enhanced Applications for Information Systems

Every day, more users access services and electronically transmit information which is usually disseminated over insecure networks and processed by websites and databases, which lack proper security protection mechanisms and tools. This may have an impact on both the users’ trust as well as the reputation of the system’s stakeholders. Designing and implementing security enhanced systems is of vital importance. Therefore, this book aims to present a number of innovative security enhanced applications. It is titled “Security Enhanced Applications for Information Systems” and includes 11 chapters. This book is a quality guide for teaching purposes as well as for young researchers since it presents leading innovative contributions on security enhanced applications on various Information Systems. It involves cases based on the standalone, network and Cloud environments

A strategic perspective on the emergence and evolution of e-Banking in Saudi Arabia

The aim of the thesis is to look at the emergence and evolution of e-banking in Saudi Arabia, with particular emphasis on the processes of how banks implement e-banking to build their capabilities and create new value strategies. The research process focuses on understanding (1) how banks implement e-banking to build their capabilities as well as to create new value strategies, (2) how e-banking capabilities have been built, and (3) the role played by e-banking in shaping the strategic direction of banks. This requires understanding of a variety of aspects (i) the value created by e-banking products and services within different banks, (ii) the process of e-banking development within the different banks, (iii) how banks approach e-banking products and services, and (iv) how the banks align the demand and supply factors surrounding e-banking products and servicesThe theoretical approach blends inputs from different disciplines relevant to understand and deal with the subject matter of this thesis, including value creation and capability-building literature, technology implementation literature, with particular emphasis on the processes of implementing network technologies and e-businesses, as well as literature on process approaches. The methodological approach makes use of the case study strategy (Yin 2003) as research strategy, a multiple-case embedded design, as research design strategy, and three sources of evidence: (1) a survey distributed to all Saudi Arabian banks, (2) semi-structured interviews, and (3) archival records of e-banking transactions. The main fieldwork is longitudinal and takes place during three rounds: SeptemberOctober 2003, December 2003-March 2004, and December 2005-January 2006.The thesis investigates the emergence and evolution of e-banking at six Saudi Arabian banks: Samba Financial Group (Samba), AlRajhi Bank (AlRajhi), Saudi Investment Bank (Saib), Saudi Hollandi Bank (Hollandi), National Commercial Bank (AlAhli), and Riyad Bank (Riyad). This is followed by an investigation of the emergence and evolution of electronic securities trading systems at the Saudi Capital Market (i. e., Tadawul), providing an external view of the emergence and evolution of ebanking in Saudi Arabia.The analysis of the empirical material implements the theoretical propositions strategy via utilisation of the "sociotechnical constituencies" approach (Molina 1990; 1993) and its associated analytical tools of the "diamond of alignment" (Molina 1995), "alignment web" (Molina 2003) and "dynamic strategy mapping" (DSM) (Molina 2005). The aim is not only to use the approach to reveal how banks build their e-banking capabilities and create new value strategies, but also to test critically the applicability of the "sociotechnical constituencies" approach and its associated analytical tools for understanding e-banking value creation and capability-building strategies.The overall result of the investigation conducted by this thesis suggests that the Saudi Arabian ebanking' constituency-building process shows distinctive processes of sociotechnical alignment by each one of the specific Saudi banks' e-banking constituencies in the study. In addition, the use of Molina's "alignment web" to assess the state of each of the specific e-banking constituency-building processes helps identify the areas of strengths and weaknesses in these processes of sociotechnical alignment. The distinctiveness of development by each sociotechnical constituency is also highlighted by the application of the Molina's "dynamic strategy mapping" (DSM), showing that each constituency has its own combination of strategic ingredients.Although this thesis demonstrates strengths in the areas of logic replication, narrative writing, and validating procedure, in future studies it would be interesting to enhance its theoretical background, chronological structure, and quantitative assessment. This thesis contributes to providing a rich insight into the emergence and evolution of e-banking in Saudi Arabia, particularly at six of eleven Saudi banks as well as the technological systems of the Saudi Capital Market. Such contribution may be used to inform the future alignment strategy pursued by each the Saudi Arabian e-banking constituencies

Organization based multiagent architecture for distributed environments

[EN]Distributed environments represent a complex field in which applied solutions should be flexible and include significant adaptation capabilities. These environments are related to problems where multiple users and devices may interact, and where simple and local solutions could possibly generate good results, but may not be effective with regards to use and interaction. There are many techniques that can be employed to face this kind of problems, from CORBA to multi-agent systems, passing by web-services and SOA, among others. All those methodologies have their advantages and disadvantages that are properly analyzed in this documents, to finally explain the new architecture presented as a solution for distributed environment problems. The new architecture for solving complex solutions in distributed environments presented here is called OBaMADE: Organization Based Multiagent Architecture for Distributed Environments. It is a multiagent architecture based on the organizations of agents paradigm, where the agents in the architecture are structured into organizations to improve their organizational capabilities. The reasoning power of the architecture is based on the Case-Based Reasoning methology, being implemented in a internal organization that uses agents to create services to solve the external request made by the users. The OBaMADE architecture has been successfully applied to two different case studies where its prediction capabilities have been properly checked. Those case studies have showed optimistic results and, being complex systems, have demonstrated the abstraction and generalizations capabilities of the architecture. Nevertheless OBaMADE is intended to be able to solve much other kind of problems in distributed environments scenarios. It should be applied to other varieties of situations and to other knowledge fields to fully develop its potencial.[ES]Los entornos distribuidos representan un campo de conocimiento complejo en el que las soluciones a aplicar deben ser flexibles y deben contar con gran capacidad de adaptación. Este tipo de entornos está normalmente relacionado con problemas donde varios usuarios y dispositivos entran en juego. Para solucionar dichos problemas, pueden utilizarse sistemas locales que, aunque ofrezcan buenos resultados en términos de calidad de los mismos, no son tan efectivos en cuanto a la interacción y posibilidades de uso. Existen múltiples técnicas que pueden ser empleadas para resolver este tipo de problemas, desde CORBA a sistemas multiagente, pasando por servicios web y SOA, entre otros. Todas estas mitologías tienen sus ventajas e inconvenientes, que se analizan en este documento, para explicar, finalmente, la nueva arquitectura presentada como una solución para los problemas generados en entornos distribuidos. La nueva arquitectura aquí se llama OBaMADE, que es el acrónimo del inglés Organization Based Multiagent Architecture for Distributed Environments (Arquitectura Multiagente Basada en Organizaciones para Entornos Distribuidos). Se trata de una arquitectura multiagente basasa en el paradigma de las organizaciones de agente, donde los agentes que forman parte de la arquitectura se estructuran en organizaciones para mejorar sus capacidades organizativas. La capacidad de razonamiento de la arquitectura está basada en la metodología de razonamiento basado en casos, que se ha implementado en una de las organizaciones internas de la arquitectura por medio de agentes que crean servicios que responden a las solicitudes externas de los usuarios. La arquitectura OBaMADE se ha aplicado de forma exitosa a dos casos de estudio diferentes, en los que se han demostrado sus capacidades predictivas. Aplicando OBaMADE a estos casos de estudio se han obtenido resultados esperanzadores y, al ser sistemas complejos, se han demostrado las capacidades tanto de abstracción como de generalización de la arquitectura presentada. Sin embargo, esta arquitectura está diseñada para poder ser aplicada a más tipo de problemas de entornos distribuidos. Debe ser aplicada a más variadas situaciones y a otros campos de conocimiento para desarrollar completamente el potencial de esta arquitectura

RFID Technology in Intelligent Tracking Systems in Construction Waste Logistics Using Optimisation Techniques

Construction waste disposal is an urgent issue for protecting our environment. This paper proposes a waste management system and illustrates the work process using plasterboard waste as an example, which creates a hazardous gas when land filled with household waste, and for which the recycling rate is less than 10% in the UK. The proposed system integrates RFID technology, Rule-Based Reasoning, Ant Colony optimization and knowledge technology for auditing and tracking plasterboard waste, guiding the operation staff, arranging vehicles, schedule planning, and also provides evidence to verify its disposal. It h relies on RFID equipment for collecting logistical data and uses digital imaging equipment to give further evidence; the reasoning core in the third layer is responsible for generating schedules and route plans and guidance, and the last layer delivers the result to inform users. The paper firstly introduces the current plasterboard disposal situation and addresses the logistical problem that is now the main barrier to a higher recycling rate, followed by discussion of the proposed system in terms of both system level structure and process structure. And finally, an example scenario will be given to illustrate the system’s utilization

Threats to Autonomy from Emerging ICT’s

This thesis investigates possible future threats to human autonomy created by currently emerging ICT’s. Prepared for evaluation as PhD by Publication, it consists of four journal papers and one book chapter, together with explanatory material. The ICT’s under examination are drawn from the results of the ETICA project, which sought to identify emerging ICT’s of ethical import. We first evaluate this research and identify elements in need of enhancement – the social aspects pertaining to ethical impact and the need to introduce elements of General Systems Theory in order to account for ICT’s as socio-technical systems. The first two publications for evaluation present arguments from marxist and capitalist perspectives which provide an account of the social dimensions through which an ICT can reduce human autonomy. There are many competing accounts of what constitutes human autonomy. These may be grouped into classes by their primary characteristics. The third publication for evaluation cross-references these classes with the ICT’s identified by the ETICA project, showing which version of autonomy could be restricted by each ICT and how. Finally, this paper induces from this analysis some general characteristics which any ICT must exhibit if it is to restrict autonomy of any form. Since ICT’s all operate in the same environment, the ultimate effect on the individual is the aggregated effect of all those ICT’s with which they interact and can be treated as an open system. Our fourth paper for evaluation therefore develops a theory of ICT’s as systems of a socio-technical nature, titled “Integrated Domain Theory”. Our fifth publication uses Integrated Domain Theory to explore the manner in which sociotechnical systems can restrict human autonomy, no matter how conceived. This thesis thus offers two complementary answers to the primary research question

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse