An adaptive admission control and load balancing algorithm for a QoS-aware Web system

The main objective of this thesis focuses on the design of an adaptive algorithm for admission control and content-aware load balancing for Web traffic. In order to set the context of this work, several reviews are included to introduce the reader in the background concepts of Web load balancing, admission control and the Internet traffic characteristics that may affect the good performance of a Web site. The admission control and load balancing algorithm described in this thesis manages the distribution of traffic to a Web cluster based on QoS requirements. The goal of the proposed scheduling algorithm is to avoid situations in which the system provides a lower performance than desired due to servers' congestion. This is achieved through the implementation of forecasting calculations. Obviously, the increase of the computational cost of the algorithm results in some overhead. This is the reason for designing an adaptive time slot scheduling that sets the execution times of the algorithm depending on the burstiness that is arriving to the system. Therefore, the predictive scheduling algorithm proposed includes an adaptive overhead control. Once defined the scheduling of the algorithm, we design the admission control module based on throughput predictions. The results obtained by several throughput predictors are compared and one of them is selected to be included in our algorithm. The utilisation level that the Web servers will have in the near future is also forecasted and reserved for each service depending on the Service Level Agreement (SLA). Our load balancing strategy is based on a classical policy. Hence, a comparison of several classical load balancing policies is also included in order to know which of them better fits our algorithm. A simulation model has been designed to obtain the results presented in this thesis

Internet of Things From Hype to Reality

The Internet of Things (IoT) has gained significant mindshare, let alone attention, in academia and the industry especially over the past few years. The reasons behind this interest are the potential capabilities that IoT promises to offer. On the personal level, it paints a picture of a future world where all the things in our ambient environment are connected to the Internet and seamlessly communicate with each other to operate intelligently. The ultimate goal is to enable objects around us to efficiently sense our surroundings, inexpensively communicate, and ultimately create a better environment for us: one where everyday objects act based on what we need and like without explicit instructions

A session-based architecture for Internet mobility

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, February 2003.Includes bibliographical references (p. 179-189).The proliferation of mobile computing devices and wireless networking products over the past decade has led to an increasingly nomadic computing lifestyle. A computer is no longer an immobile, gargantuan machine that remains in one place for the lifetime of its operation. Today's personal computing devices are portable, and Internet access is becoming ubiquitous. A well-traveled laptop user might use half a dozen different networks throughout the course of a day: a cable modem from home, wide-area wireless on the commute, wired Ethernet at the office, a Bluetooth network in the car, and a wireless, local-area network at the airport or the neighborhood coffee shop. Mobile hosts are prone to frequent, unexpected disconnections that vary greatly in duration. Despite the prevalence of these multi-homed mobile devices, today's operating systems on both mobile hosts and fixed Internet servers lack fine-grained support for network applications on intermittently connected hosts. We argue that network communication is well-modeled by a session abstraction, and present Migrate, an architecture based on system support for a flexible session primitive. Migrate works with application-selected naming services to enable seamless, mobile "suspend/resume" operation of legacy applications and provide enhanced functionality for mobile-aware, session-based network applications, enabling adaptive operation of mobile clients and allowing Internet servers to support large numbers of intermittently connected sessions. We describe our UNIX-based implementation of Migrate and show that sessions are a flexible, robust, and efficient way to manage mobile end points, even for legacy applications.(cont.) In addition, we demonstrate two popular Internet servers that have been extended to leverage our novel notion of session continuations to enable support for large numbers of suspended clients with only minimal resource impact. Experimental results show that Migrate introduces only minor throughput degradation (less than 2% for moderate block sizes) when used over popular access link technologies, gracefully detects and suspends disconnected sessions, rapidly resumes from suspension, and integrates well with existing applications.by Mark Alexander Connell Snoeren.Ph.D

Secure Connectivity With Persistent Identities

In the current Internet the Internet Protocol address is burdened with two roles. It serves as the identifier and the locator for the host. As the host moves its identity changes with its locator. The research community thinks that the Future Internet will include identifier-locator split in some form. Identifier-locator split is seen as the solution to multiple problems. However, identifier-locator split introduces multiple new problems to the Internet. In this dissertation we concentrate on: the feasibility of using identifier-locator split with legacy applications, securing the resolution steps, using the persistent identity for access control, improving mobility in environments using multiple address families and so improving the disruption tolerance for connectivity. The proposed methods achieve theoretical and practical improvements over the earlier state of the art. To raise the overall awareness, our results have been published in interdisciplinary forums.Nykypäivän Internetissä IP-osoite on kuormitettu kahdella eri roolilla. IP toimii päätelaitteen osoitteena, mutta myös usein sen identiteetinä. Tällöin laitteen identiteetti muuttuu laitteen liikkuessa, koska laitteen osoite vaihtuu. Tutkimusyhteisön mielestä paikan ja identiteetin erottaminen on välttämätöntä tulevaisuuden Internetissä. Paikan ja identiteetin erottaminen tuo kuitenkin esiin joukon uusia ongelmia. Tässä väitöskirjassa keskitytään selvittämään paikan ja identiteetin erottamisen vaikutusta olemassa oleviin verkkoa käyttäviin sovelluksiin, turvaamaan nimien muuntaminen osoitteiksi, helpottamaan pitkäikäisten identiteettien käyttöä pääsyvalvonnassa ja parantamaan yhteyksien mahdollisuuksia selviytyä liikkumisesta usean osoiteperheen ympäristöissä. Väitöskirjassa ehdotetut menetelmät saavuttavat sekä teoreettisia että käytännön etuja verrattuna aiempiin kirjallisuudessa esitettyihin menetelmiin. Saavutetut tulokset on julkaistu eri osa-alojen foorumeilla

Detecting cloud virtual network isolation security for data leakage

This thesis considers information leakage in cloud virtually isolated networks. Virtual Network (VN) Isolation is a core element of cloud security yet research literature shows that no experimental work, to date, has been conducted to test, discover and evaluate VN isolation data leakage. Consequently, this research focussed on that gap. Deep Dives of the cloud infrastructures were performed, followed by (Kali) penetration tests to detect any leakage. This data was compared to information gathered in the Deep Dive, to determine the level of cloud network infrastructure being exposed. As a major contribution to research, this is the first empirical work to use a Deep Dive approach and a penetration testing methodology applied to both CloudStack and OpenStack to demonstrate cloud network isolation vulnerabilities. The outcomes indicated that Cloud manufacturers need to test their isolation mechanisms more fully and enhance them with available solutions. However, this field needs more industrial data to confirm if the found issues are applicable to non-open source cloud technologies. If the problems revealed are widespread then this is a major issue for cloud security. Due to the time constraints, only two cloud testbeds were built and analysed, but many potential future works are listed for analysing more complicated VN, analysing leveraged VN plugins and testing if system complexity will cause more leakage or protect the VN. This research is one of the first empirical building blocks in the field and gives future researchers the basis for building their research on top of the presented methodology and results and for proposing more effective solutions

Direct Web Switch Routing with State Migration, TCP Masquerade, and Cookie Name Rewriting

Abstract — Existing layer 4 load balancers are content-blind and often have difficulty in redirecting HTTP requests to the appropriate server in the session manner. Layer 7 load balancers, also referred to as web switches, are content-aware and support session persistence. However, most web switches employ a bidirection architecture, which means both request and response traffic must both pass through the load balancer. This makes a web switch become a bottleneck easily. In this paper, we present a direct routing architecture to prevent response traffic from passing through the web switch. Our solution is highly scalable in the number of back-end servers. In addition, two simple but effective mechanisms, one-packet TCP state migration and cookie name rewriting to packet filter, are presented to support persistent connection and session persistence. Through the external benchmark, we prove that our system outperforms existing solutions. The internal benchmark investigates the bottlenecks of our system and suggests the future improvement. I

Design and implementation of a network revenue management architecture for marginalised communities

Rural Internet connectivity projects aimed at bridging the digital divide have mushroomed across many developing countries. Most of the projects are deployed as community centred projects. In most of the cases the initial deployment of these projects is funded by governments, multilateral institutions and non-governmental organizations. After the initial deployment, financial sustainability remains one of the greatest challenges facing these projects. In the light of this, externally funded ICT4D interventions should just be used for “bootstrapping” purposes. The communities should be “groomed” to take care of and sustain these projects, eliminating as soon as possible a dependency on external funding. This master thesis presents the design and the implementation of a generic architecture for the management of the costs associated with running a computer network connected to the Internet, The proposed system, called the Network Revenue Management System, enables a network to generate revenue, by charging users for the utilization of network resources. The novelty of the system resides in its flexibility and adaptability, which allow the exploration of both conventional and non-conventional billing options, via the use of suitable ‘adapters’. The final goal of the exploration made possible by this system is the establishment of what is regarded as equitable charging in rural, marginalized communities - such as the community in Dwesa, South Africa

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security