114 research outputs found
Gurret: Decentralized data management using subscription-based file attribute propagation
Research institutions and funding agencies are increasingly adopting open-data science, where data is freely available or available under some data sharing policy. In addition to making publication efforts easier, open data science also promotes collaborative work using data from various sources around the world.
While the research datasets are often static and immutable, the metadata of a file can be ever-changing. For researchers who frequently work with metadata, accessing the latest version may be essential. However, this is not trivial in a distributed environment where multiple people access the same file. We hypothesize that the publisher subscriber model is a useful abstraction to achieve this system.
To this, we present Gurret: a distributed system for open science that uses a publisher-subscriber based substrate to propagate metadata updates to client machines. Gurret offers a transparent system infrastructure that lets users subscribe to metadata, configure update frequencies, and define custom metadata to create data policies. Additionally, Gurret tracks information flow inside a filesystem container to prevent data leakage and policy violations. Our evaluations show that Gurret has minimal overhead for small to medium-sized files and that Gurret can support hundreds of custom metadata without losing transparency
IIoT Data Ness: From Streaming to Added Value
In the emerging Industry 4.0 paradigm, the internet of things has been an innovation driver, allowing for
environment visibility and control through sensor data analysis. However the data is of such volume and
velocity that data quality cannot be assured by conventional architectures. It has been argued that the
quality and observability of data are key to a project’s success, allowing users to interact with data more
effectively and rapidly. In order for a project to become successful in this context, it is of imperative
importance to incorporate data quality mechanisms in order to extract the most value out of data. If this
goal is achieved one can expect enormous advantages that could lead to financial and innovation gains
for the industry. To cope with this reality, this work presents a data mesh oriented methodology based
on the state-of-the-art data management tools that exist to design a solution which leverages data quality
in the Industrial Internet of Things (IIoT) space, through data contextualization. In order to achieve this
goal, practices such as FAIR data principles and data observability concepts were incorporated into the
solution. The result of this work allowed for the creation of an architecture that focuses on data and
metadata management to elevate data context, ownership and quality.O conceito de Internet of Things (IoT) é um dos principais fatores de sucesso para a nova Indústria 4.0. Através de análise de dados sobre os valores que os sensores coletam no seu ambiente, é possÃvel a construção uma plataforma capaz de identificar condições de sucesso e eventuais problemas antes que estes ocorram, resultando em ganho monetário relevante para as empresas. No entanto, este caso de uso não é de fácil implementação, devido à elevada quantidade e velocidade de dados proveniente de um ambiente de IIoT (Industrial Internet of Things)
Automating Cyber Analytics
Model based security metrics are a growing area of cyber security research concerned with measuring the risk exposure of an information system. These metrics are typically studied in isolation, with the formulation of the test itself being the primary finding in publications. As a result, there is a flood of metric specifications available in the literature but a corresponding dearth of analyses verifying results for a given metric calculation under different conditions or comparing the efficacy of one measurement technique over another. The motivation of this thesis is to create a systematic methodology for model based security metric development, analysis, integration, and validation. In doing so we hope to fill a critical gap in the way we view and improve a system’s security. In order to understand the security posture of a system before it is rolled out and as it evolves, we present in this dissertation an end to end solution for the automated measurement of security metrics needed to identify risk early and accurately. To our knowledge this is a novel capability in design time security analysis which provides the foundation for ongoing research into predictive cyber security analytics. Modern development environments contain a wealth of information in infrastructure-as-code repositories, continuous build systems, and container descriptions that could inform security models, but risk evaluation based on these sources is ad-hoc at best, and often simply left until deployment. Our goal in this work is to lay the groundwork for security measurement to be a practical part of the system design, development, and integration lifecycle. In this thesis we provide a framework for the systematic validation of the existing security metrics body of knowledge. In doing so we endeavour not only to survey the current state of the art, but to create a common platform for future research in the area to be conducted. We then demonstrate the utility of our framework through the evaluation of leading security metrics against a reference set of system models we have created. We investigate how to calibrate security metrics for different use cases and establish a new methodology for security metric benchmarking. We further explore the research avenues unlocked by automation through our concept of an API driven S-MaaS (Security Metrics-as-a-Service) offering. We review our design considerations in packaging security metrics for programmatic access, and discuss how various client access-patterns are anticipated in our implementation strategy. Using existing metric processing pipelines as reference, we show how the simple, modular interfaces in S-MaaS support dynamic composition and orchestration. Next we review aspects of our framework which can benefit from optimization and further automation through machine learning. First we create a dataset of network models labeled with the corresponding security metrics. By training classifiers to predict security values based only on network inputs, we can avoid the computationally expensive attack graph generation steps. We use our findings from this simple experiment to motivate our current lines of research into supervised and unsupervised techniques such as network embeddings, interaction rule synthesis, and reinforcement learning environments. Finally, we examine the results of our case studies. We summarize our security analysis of a large scale network migration, and list the friction points along the way which are remediated by this work. We relate how our research for a large-scale performance benchmarking project has influenced our vision for the future of security metrics collection and analysis through dev-ops automation. We then describe how we applied our framework to measure the incremental security impact of running a distributed stream processing system inside a hardware trusted execution environment
Configuração automática de plataforma de gestão de desempenho em ambientes NFV e SDN
Mestrado em Engenharia de Computadores e TelemáticaWith 5G set to arrive within the next three years, this next-generation
of mobile networks will transform the mobile industry with a profound
impact both on its customers as well as on the existing technologies
and network architectures. Software-Defined Networking (SDN), together
with Network Functions Virtualization (NFV), are going to play
key roles for the operators as they prepare the migration from 4G to
5G allowing them to quickly scale their networks. This dissertation will
present a research work done on this new paradigm of virtualized and
programmable networks focusing on the performance management, supervision
and monitoring domains, aiming to address Self-Organizing
Networks (SON) scenarios in a NFV/SDN context, with one of the scenarios
being the detection and prediction of potential network and service
anomalies. The research work itself was done while participating in
a R&D project designated SELFNET (A Framework for Self-Organized
Network Management in Virtualized and Software Defined Networks)
funded by the European Commission under the H2020 5G-PPP programme,
with Altice Labs being one of the participating partners of
this project. Performance management system advancements in a 5G
scenario require aggregation, correlation and analysis of data gathered
from these virtualized and programmable network elements. Both opensource
monitoring tools and customized catalog-driven tools were either
integrated on or developed with this purpose, and the results show
that they were able to successfully address these requirements of the
SELFNET project. Current performance management platforms of the
network operators in production are designed for non virtualized (non-
NFV) and non programmable (non-SDN) networks, and the knowledge
gathered while doing this research work allowed Altice Labs to understand
how its Altaia performance management platform must evolve in
order to be prepared for the upcoming 5G next generation mobile networks.Com o 5G prestes a chegar nos próximos três anos, esta próxima geração
de redes móveis irá transformar a indústria de telecomunicações
móveis com um impacto profundo nos seus clientes assim como nas
tecnologias e arquiteturas de redes. As redes programáveis (SDN),
em conjunto com a virtualização de funções de rede (NFV), irão desempenhar
papéis vitais para as operadoras na sua migração do 4G
para o 5G, permitindo-as escalar as suas redes rapidamente. Esta
dissertação irá apresentar um trabalho de investigação realizado sobre
este novo paradigma de virtualização e programação de redes,
concentrando-se no domÃnio da gestão de desempenho, supervisionamento
e monitoria, abordando cenários de redes auto-organizadas
(SON) num contexto NFV/SDN, sendo um destes cenários a deteção
e predição de potenciais anomalias de redes e serviços. O trabalho de
investigação foi enquadrado num projeto de I&D designado SELFNET
(A Framework for Self-Organized Network Management in Virtualized
and Software Defined Networks) financiado pela Comissão Europeia
no âmbito do programa H2020 5G-PPP, sendo a Altice Labs um dos
parceiros participantes deste projeto. Avanços em sistemas de gestão
de desempenho em cenários 5G requerem agregação, correlação e
análise de dados recolhidos destes elementos de rede programáveis
e virtualizados. Ferramentas de monitoria open-source e ferramentas
catalog-driven foram integradas ou desenvolvidas com este propósito,
e os resultados mostram que estas preencheram os requisitos do projeto
SELFNET com sucesso. As plataformas de gestão de desempenho
das operadoras de rede atualmente em produção estão concebidas
para redes não virtualizadas (non-NFV) e não programáveis (non-
SDN), e o conhecimento adquirido durante este trabalho de investigação
permitiu à Altice Labs compreender como a sua plataforma de gestão
de desempenho (Altaia) terá que evoluir por forma a preparar-se
para a próxima geração de redes móveis 5G
Incentive-Based Instruments for Water Management
This report provides a synthesis review of a set of incentive-based instruments that have been employed to varying degrees around the world. It is part of an effort by The Rockefeller Foundation to improve understanding of both the potential of these instruments and their limitations. The report is divided into five sections. Section 1 provides an introduction to the synthesis review. Section 2 describes the research methodology. Section 3 provides background on policy instruments and detail on three incentive-based instruments -- water trading, payment for ecosystem services, and water quality trading -- describing the application of each, including their environmental, economic, and social performances, and the conditions needed for their implementation. Section 4 highlights the role of the private sector in implementing these instruments, and Section 5 provides a summary and conclusions
Secure, Reliable and Efficient Data Integrity Auditing (DIA) Solution for Public Cloud Storage (PCS)
- …