УСОВЕРШЕНСТВОВАННАЯ МОДЕЛЬ БЫСТРОЙ ПЕРЕМАРШРУТИЗАЦИИ С РЕАЛИЗАЦИЕЙ СХЕМЫ ЗАЩИТЫ ПУТИ И ПРОПУСКНОЙ СПОСОБНОСТИ В ПРОГРАММНО-КОНФИГУРИРУЕМЫХ СЕТЯХ

Предметом дослідження в статті є процеси швидкої перемаршрутизації з реалізацією схеми захисту шляху та пропускної здатності. Мета роботи – вдосконалення моделі швидкої перемаршрутизації з реалізацією схеми захисту шляху та пропускної здатності, яка може бути використана для програмно-конфігурованих мереж. У статті вирішуються наступні завдання: вдосконалення та дослідження математичної моделі швидкої перемаршрутизації з реалізацією схеми захисту шляху та пропускної здатності. Використовуються такі методи: теорія графів, теорія масового обслуговування та методи математичного програмування. Отримано наступні результати: вдосконалено та досліджено математичну модель швидкої перемаршрутизації, яка завдяки введенню додаткових умов дозволяє реалізувати схему захисту шляху 1:n та пропускну здатність у програмно-конфігурованих мережах. Висновки: В рамках запропонованої моделі швидкої перемаршрутизації з реалізацією схеми захисту шляху та пропускної здатності було вирішено завдання розрахунку множини основних і резервних шляхів, що не перетинаються, яке зводилося до розв’язання оптимізаційної задачі цілочисельного лінійного програмування. Перевагою вдосконаленої моделі є можливість реалізації схем захисту 1:1, 1:2,…, 1:n без введення додаткової множини керуючих (маршрутних) змінних, що сприяє зменшенню розмірності оптимізаційної задачі, що розв’язується, та обчислювальної складності її практичної реалізації. Критерій оптимальності маршрутних рішень сприяє формуванню основних і резервних шляхів, що не перетинаються, з максимально високою пропускною здатністю. У цьому випадку шлях з найвищою пропускною здатністю буде відповідати основному шляху, тоді як решта шляхів будуть використовуватися як резервні в порядку зменшення їх пропускної здатності. Загальна кількість обчислених шляхів, що не перетинаються, залежить від обраної схеми надмірності.The subject matter of the article is the fast rerouting processes with the implementation of the protection scheme of the path and its bandwidth. The goal of the work is to improve the performance-based Fast ReRoute model with the protection scheme of the path and its bandwidth, which can be used for Software-Defined Networks. The following tasks are solved in the article: improvement and research of the Fast ReRoute model with the protection scheme of the path and its bandwidth. The following methods are used: graph theory, queuing theory, and mathematical programming methods. The following results were obtained: Fast ReRoute model was improved and investigated. That allows implementing the 1:n protection scheme of the path and its bandwidth in Software-Defined Networks. Conclusions: Within the framework of the proposed Fast ReRoute model with the schemes of the path protection and its bandwidth, the problem of calculating the set of primary and backup disjoint paths was solved. The proposed mathematical model, using the introduction of additional conditions, allowed us to reduce the solution of the technological problem of fast rerouting to the solution of the optimization problem of mixed integer linear programming. The advantage of the improved model is the possibility of implementing protection schemes 1:1, 1:2, ..., 1:n without introducing an additional set of control (routing) variables. This helps to reduce the dimension of the optimization problem to be solved and the computational complexity of its implementation. The optimality criterion of routing solutions contributes to the formation of primary and backup disjoint paths with the maximum bandwidth. In this case, the path with the highest bandwidth will correspond to the primary path, while the remaining paths will be used as a backup, in order to reduce their bandwidth. The total number of calculated disjoint paths depends on the selected redundancy scheme.Предметом исследования в статье являются процессы быстрой перемаршрутизации с реализацией схемы защиты пути и пропускной способности. Цель работы – усовершенствование модели быстрой перемаршрутизации с реализацией схемы защиты пути и пропускной способности, которая может быть использована для программно-конфигурируемых сетей. В статье решаются следующие задачи: усовершенствование и исследование математической модели быстрой перемаршрутизации с реализацией схемы защиты пути и пропускной способности. Используются следующие методы: теория графов, теория массового обслуживания и методы математического программирования. Получены следующие результаты: усовершенствована и исследована математическая модель быстрой перемаршрутизации, которая благодаря введению дополнительных условий позволяет реализовать схему защиты пути 1:n и пропускной способности в программно-конфигурируемых сетях. Выводы: В рамках предложенной модели быстрой перемаршрутизации с реализацией схемы защиты пути и пропускной способности была решена задача расчета множества основных и резервных непересекающихся путей, которая сводилась к решению оптимизационной задачи целочисленного линейного программирования. Преимуществом усовершенствованной модели является возможность реализации схем защиты 1:1, 1:2, ..., 1:n без введения дополнительного множества управляющих (маршрутных) переменных, что способствует уменьшению размерности решаемой оптимизационной задачи и вычислительной сложности ее практической реализации. Критерий оптимальности маршрутных решений способствует формированию основных и резервных непересекающихся путей с максимальной пропускной способностью. В этом случае путь с наивысшей пропускной способностью будет соответствовать основному пути, тогда как остальные пути будут использоваться как резервные, в порядке уменьшения их пропускной способности. Общее количество рассчитанных непересекающихся путей зависит от выбранной схемы резервирования

A study of the applicability of software-defined networking in industrial networks

173 p.Las redes industriales interconectan sensores y actuadores para llevar a cabo funciones de monitorización, control y protección en diferentes entornos, tales como sistemas de transporte o sistemas de automatización industrial. Estos sistemas ciberfísicos generalmente están soportados por múltiples redes de datos, ya sean cableadas o inalámbricas, a las cuales demandan nuevas prestaciones, de forma que el control y gestión de tales redes deben estar acoplados a las condiciones del propio sistema industrial. De este modo, aparecen requisitos relacionados con la flexibilidad, mantenibilidad y adaptabilidad, al mismo tiempo que las restricciones de calidad de servicio no se vean afectadas. Sin embargo, las estrategias de control de red tradicionales generalmente no se adaptan eficientemente a entornos cada vez más dinámicos y heterogéneos.Tras definir un conjunto de requerimientos de red y analizar las limitaciones de las soluciones actuales, se deduce que un control provisto independientemente de los propios dispositivos de red añadiría flexibilidad a dichas redes. Por consiguiente, la presente tesis explora la aplicabilidad de las redes definidas por software (Software-Defined Networking, SDN) en sistemas de automatización industrial. Para llevar a cabo este enfoque, se ha tomado como caso de estudio las redes de automatización basadas en el estándar IEC 61850, el cual es ampliamente usado en el diseño de las redes de comunicaciones en sistemas de distribución de energía, tales como las subestaciones eléctricas. El estándar IEC 61850 define diferentes servicios y protocolos con altos requisitos en terminos de latencia y disponibilidad de la red, los cuales han de ser satisfechos mediante técnicas de ingeniería de tráfico. Como resultado, aprovechando la flexibilidad y programabilidad ofrecidas por las redes definidas por software, en esta tesis se propone una arquitectura de control basada en el protocolo OpenFlow que, incluyendo tecnologías de gestión y monitorización de red, permite establecer políticas de tráfico acorde a su prioridad y al estado de la red.Además, las subestaciones eléctricas son un ejemplo representativo de infraestructura crítica, que son aquellas en las que un fallo puede resultar en graves pérdidas económicas, daños físicos y materiales. De esta forma, tales sistemas deben ser extremadamente seguros y robustos, por lo que es conveniente la implementación de topologías redundantes que ofrezcan un tiempo de reacción ante fallos mínimo. Con tal objetivo, el estándar IEC 62439-3 define los protocolos Parallel Redundancy Protocol (PRP) y High-availability Seamless Redundancy (HSR), los cuales garantizan un tiempo de recuperación nulo en caso de fallo mediante la redundancia activa de datos en redes Ethernet. Sin embargo, la gestión de redes basadas en PRP y HSR es estática e inflexible, lo que, añadido a la reducción de ancho de banda debida la duplicación de datos, hace difícil un control eficiente de los recursos disponibles. En dicho sentido, esta tesis propone control de la redundancia basado en el paradigma SDN para un aprovechamiento eficiente de topologías malladas, al mismo tiempo que se garantiza la disponibilidad de las aplicaciones de control y monitorización. En particular, se discute cómo el protocolo OpenFlow permite a un controlador externo configurar múltiples caminos redundantes entre dispositivos con varias interfaces de red, así como en entornos inalámbricos. De esta forma, los servicios críticos pueden protegerse en situaciones de interferencia y movilidad.La evaluación de la idoneidad de las soluciones propuestas ha sido llevada a cabo, principalmente, mediante la emulación de diferentes topologías y tipos de tráfico. Igualmente, se ha estudiado analítica y experimentalmente cómo afecta a la latencia el poder reducir el número de saltos en las comunicaciones con respecto al uso de un árbol de expansión, así como balancear la carga en una red de nivel 2. Además, se ha realizado un análisis de la mejora de la eficiencia en el uso de los recursos de red y la robustez alcanzada con la combinación de los protocolos PRP y HSR con un control llevado a cabo mediante OpenFlow. Estos resultados muestran que el modelo SDN podría mejorar significativamente las prestaciones de una red industrial de misión crítica

Resilient and Scalable Forwarding for Software-Defined Networks with P4-Programmable Switches

Traditional networking devices support only fixed features and limited configurability. Network softwarization leverages programmable software and hardware platforms to remove those limitations. In this context the concept of programmable data planes allows directly to program the packet processing pipeline of networking devices and create custom control plane algorithms. This flexibility enables the design of novel networking mechanisms where the status quo struggles to meet high demands of next-generation networks like 5G, Internet of Things, cloud computing, and industry 4.0. P4 is the most popular technology to implement programmable data planes. However, programmable data planes, and in particular, the P4 technology, emerged only recently. Thus, P4 support for some well-established networking concepts is still lacking and several issues remain unsolved due to the different characteristics of programmable data planes in comparison to traditional networking. The research of this thesis focuses on two open issues of programmable data planes. First, it develops resilient and efficient forwarding mechanisms for the P4 data plane as there are no satisfying state of the art best practices yet. Second, it enables BIER in high-performance P4 data planes. BIER is a novel, scalable, and efficient transport mechanism for IP multicast traffic which has only very limited support of high-performance forwarding platforms yet. The main results of this thesis are published as 8 peer-reviewed and one post-publication peer-reviewed publication. The results cover the development of suitable resilience mechanisms for P4 data planes, the development and implementation of resilient BIER forwarding in P4, and the extensive evaluations of all developed and implemented mechanisms. Furthermore, the results contain a comprehensive P4 literature study. Two more peer-reviewed papers contain additional content that is not directly related to the main results. They implement congestion avoidance mechanisms in P4 and develop a scheduling concept to find cost-optimized load schedules based on day-ahead forecasts

State of the art 2015: a literature review of social media intelligence capabilities for counter-terrorism

Overview This paper is a review of how information and insight can be drawn from open social media sources. It focuses on the specific research techniques that have emerged, the capabilities they provide, the possible insights they offer, and the ethical and legal questions they raise. These techniques are considered relevant and valuable in so far as they can help to maintain public safety by preventing terrorism, preparing for it, protecting the public from it and pursuing its perpetrators. The report also considers how far this can be achieved against the backdrop of radically changing technology and public attitudes towards surveillance. This is an updated version of a 2013 report paper on the same subject, State of the Art. Since 2013, there have been significant changes in social media, how it is used by terrorist groups, and the methods being developed to make sense of it.  The paper is structured as follows: Part 1 is an overview of social media use, focused on how it is used by groups of interest to those involved in counter-terrorism. This includes new sections on trends of social media platforms; and a new section on Islamic State (IS). Part 2 provides an introduction to the key approaches of social media intelligence (henceforth ‘SOCMINT’) for counter-terrorism. Part 3 sets out a series of SOCMINT techniques. For each technique a series of capabilities and insights are considered, the validity and reliability of the method is considered, and how they might be applied to counter-terrorism work explored. Part 4 outlines a number of important legal, ethical and practical considerations when undertaking SOCMINT work

Enabling NATO’s Collective Defense: Critical Infrastructure Security and Resiliency (NATO COE-DAT Handbook 1)

In 2014 NATO’s Center of Excellence-Defence Against Terrorism (COE-DAT) launched the inaugural course on “Critical Infrastructure Protection Against Terrorist Attacks.” As this course garnered increased attendance and interest, the core lecturer team felt the need to update the course in critical infrastructure (CI) taking into account the shift from an emphasis on “protection” of CI assets to “security and resiliency.” What was lacking in the fields of academe, emergency management, and the industry practitioner community was a handbook that leveraged the collective subject matter expertise of the core lecturer team, a handbook that could serve to educate government leaders, state and private-sector owners and operators of critical infrastructure, academicians, and policymakers in NATO and partner countries. Enabling NATO’s Collective Defense: Critical Infrastructure Security and Resiliency is the culmination of such an effort, the first major collaborative research project under a Memorandum of Understanding between the US Army War College Strategic Studies Institute (SSI), and NATO COE-DAT. The research project began in October 2020 with a series of four workshops hosted by SSI. The draft chapters for the book were completed in late January 2022. Little did the research team envision the Russian invasion of Ukraine in February this year. The Russian occupation of the Zaporizhzhya nuclear power plant, successive missile attacks against Ukraine’s electric generation and distribution facilities, rail transport, and cyberattacks against almost every sector of the country’s critical infrastructure have been on world display. Russian use of its gas supplies as a means of economic warfare against Europe—designed to undermine NATO unity and support for Ukraine—is another timely example of why adversaries, nation-states, and terrorists alike target critical infrastructure. Hence, the need for public-private sector partnerships to secure that infrastructure and build the resiliency to sustain it when attacked. Ukraine also highlights the need for NATO allies to understand where vulnerabilities exist in host nation infrastructure that will undermine collective defense and give more urgency to redressing and mitigating those fissures.https://press.armywarcollege.edu/monographs/1951/thumbnail.jp

View on 5G Architecture: Version 1.0

The current white paper focuses on the produced results after one year research mainly from 16 projects working on the abovementioned domains. During several months, representatives from these projects have worked together to identify the key findings of their projects and capture the commonalities and also the different approaches and trends. Also they have worked to determine the challenges that remain to be overcome so as to meet the 5G requirements. The goal of 5G Architecture Working Group is to use the results captured in this white paper to assist the participating projects achieve a common reference framework. The work of this working group will continue during the following year so as to capture the latest results to be produced by the projects and further elaborate this reference framework. The 5G networks will be built around people and things and will natively meet the requirements of three groups of use cases: • Massive broadband (xMBB) that delivers gigabytes of bandwidth on demand • Massive machine-type communication (mMTC) that connects billions of sensors and machines • Critical machine-type communication (uMTC) that allows immediate feedback with high reliability and enables for example remote control over robots and autonomous driving. The demand for mobile broadband will continue to increase in the next years, largely driven by the need to deliver ultra-high definition video. However, 5G networks will also be the platform enabling growth in many industries, ranging from the IT industry to the automotive, manufacturing industries entertainment, etc. 5G will enable new applications like for example autonomous driving, remote control of robots and tactile applications, but these also bring a lot of challenges to the network. Some of these are related to provide low latency in the order of few milliseconds and high reliability compared to fixed lines. But the biggest challenge for 5G networks will be that the services to cater for a diverse set of services and their requirements. To achieve this, the goal for 5G networks will be to improve the flexibility in the architecture. The white paper is organized as follows. In section 2 we discuss the key business and technical requirements that drive the evolution of 4G networks into the 5G. In section 3 we provide the key points of the overall 5G architecture where as in section 4 we elaborate on the functional architecture. Different issues related to the physical deployment in the access, metro and core networks of the 5G network are discussed in section 5 while in section 6 we present software network enablers that are expected to play a significant role in the future networks. Section 7 presents potential impacts on standardization and section 8 concludes the white paper

Cyber Law and Espionage Law as Communicating Vessels

Professor Lubin\u27s contribution is Cyber Law and Espionage Law as Communicating Vessels, pp. 203-225. Existing legal literature would have us assume that espionage operations and “below-the-threshold” cyber operations are doctrinally distinct. Whereas one is subject to the scant, amorphous, and under-developed legal framework of espionage law, the other is subject to an emerging, ever-evolving body of legal rules, known cumulatively as cyber law. This dichotomy, however, is erroneous and misleading. In practice, espionage and cyber law function as communicating vessels, and so are better conceived as two elements of a complex system, Information Warfare (IW). This paper therefore first draws attention to the similarities between the practices – the fact that the actors, technologies, and targets are interchangeable, as are the knee-jerk legal reactions of the international community. In light of the convergence between peacetime Low-Intensity Cyber Operations (LICOs) and peacetime Espionage Operations (EOs) the two should be subjected to a single regulatory framework, one which recognizes the role intelligence plays in our public world order and which adopts a contextual and consequential method of inquiry. The paper proceeds in the following order: Part 2 provides a descriptive account of the unique symbiotic relationship between espionage and cyber law, and further explains the reasons for this dynamic. Part 3 places the discussion surrounding this relationship within the broader discourse on IW, making the claim that the convergence between EOs and LICOs, as described in Part 2, could further be explained by an even larger convergence across all the various elements of the informational environment. Parts 2 and 3 then serve as the backdrop for Part 4, which details the attempt of the drafters of the Tallinn Manual 2.0 to compartmentalize espionage law and cyber law, and the deficits of their approach. The paper concludes by proposing an alternative holistic understanding of espionage law, grounded in general principles of law, which is more practically transferable to the cyber realmhttps://www.repository.law.indiana.edu/facbooks/1220/thumbnail.jp