Gurret: Decentralized data management using subscription-based file attribute propagation

Research institutions and funding agencies are increasingly adopting open-data science, where data is freely available or available under some data sharing policy. In addition to making publication efforts easier, open data science also promotes collaborative work using data from various sources around the world. While the research datasets are often static and immutable, the metadata of a file can be ever-changing. For researchers who frequently work with metadata, accessing the latest version may be essential. However, this is not trivial in a distributed environment where multiple people access the same file. We hypothesize that the publisher subscriber model is a useful abstraction to achieve this system. To this, we present Gurret: a distributed system for open science that uses a publisher-subscriber based substrate to propagate metadata updates to client machines. Gurret offers a transparent system infrastructure that lets users subscribe to metadata, configure update frequencies, and define custom metadata to create data policies. Additionally, Gurret tracks information flow inside a filesystem container to prevent data leakage and policy violations. Our evaluations show that Gurret has minimal overhead for small to medium-sized files and that Gurret can support hundreds of custom metadata without losing transparency

IIoT Data Ness: From Streaming to Added Value

In the emerging Industry 4.0 paradigm, the internet of things has been an innovation driver, allowing for environment visibility and control through sensor data analysis. However the data is of such volume and velocity that data quality cannot be assured by conventional architectures. It has been argued that the quality and observability of data are key to a project’s success, allowing users to interact with data more effectively and rapidly. In order for a project to become successful in this context, it is of imperative importance to incorporate data quality mechanisms in order to extract the most value out of data. If this goal is achieved one can expect enormous advantages that could lead to financial and innovation gains for the industry. To cope with this reality, this work presents a data mesh oriented methodology based on the state-of-the-art data management tools that exist to design a solution which leverages data quality in the Industrial Internet of Things (IIoT) space, through data contextualization. In order to achieve this goal, practices such as FAIR data principles and data observability concepts were incorporated into the solution. The result of this work allowed for the creation of an architecture that focuses on data and metadata management to elevate data context, ownership and quality.O conceito de Internet of Things (IoT) é um dos principais fatores de sucesso para a nova Indústria 4.0. Através de análise de dados sobre os valores que os sensores coletam no seu ambiente, é possível a construção uma plataforma capaz de identificar condições de sucesso e eventuais problemas antes que estes ocorram, resultando em ganho monetário relevante para as empresas. No entanto, este caso de uso não é de fácil implementação, devido à elevada quantidade e velocidade de dados proveniente de um ambiente de IIoT (Industrial Internet of Things)

Automating Cyber Analytics

Model based security metrics are a growing area of cyber security research concerned with measuring the risk exposure of an information system. These metrics are typically studied in isolation, with the formulation of the test itself being the primary finding in publications. As a result, there is a flood of metric specifications available in the literature but a corresponding dearth of analyses verifying results for a given metric calculation under different conditions or comparing the efficacy of one measurement technique over another. The motivation of this thesis is to create a systematic methodology for model based security metric development, analysis, integration, and validation. In doing so we hope to fill a critical gap in the way we view and improve a system’s security. In order to understand the security posture of a system before it is rolled out and as it evolves, we present in this dissertation an end to end solution for the automated measurement of security metrics needed to identify risk early and accurately. To our knowledge this is a novel capability in design time security analysis which provides the foundation for ongoing research into predictive cyber security analytics. Modern development environments contain a wealth of information in infrastructure-as-code repositories, continuous build systems, and container descriptions that could inform security models, but risk evaluation based on these sources is ad-hoc at best, and often simply left until deployment. Our goal in this work is to lay the groundwork for security measurement to be a practical part of the system design, development, and integration lifecycle. In this thesis we provide a framework for the systematic validation of the existing security metrics body of knowledge. In doing so we endeavour not only to survey the current state of the art, but to create a common platform for future research in the area to be conducted. We then demonstrate the utility of our framework through the evaluation of leading security metrics against a reference set of system models we have created. We investigate how to calibrate security metrics for different use cases and establish a new methodology for security metric benchmarking. We further explore the research avenues unlocked by automation through our concept of an API driven S-MaaS (Security Metrics-as-a-Service) offering. We review our design considerations in packaging security metrics for programmatic access, and discuss how various client access-patterns are anticipated in our implementation strategy. Using existing metric processing pipelines as reference, we show how the simple, modular interfaces in S-MaaS support dynamic composition and orchestration. Next we review aspects of our framework which can benefit from optimization and further automation through machine learning. First we create a dataset of network models labeled with the corresponding security metrics. By training classifiers to predict security values based only on network inputs, we can avoid the computationally expensive attack graph generation steps. We use our findings from this simple experiment to motivate our current lines of research into supervised and unsupervised techniques such as network embeddings, interaction rule synthesis, and reinforcement learning environments. Finally, we examine the results of our case studies. We summarize our security analysis of a large scale network migration, and list the friction points along the way which are remediated by this work. We relate how our research for a large-scale performance benchmarking project has influenced our vision for the future of security metrics collection and analysis through dev-ops automation. We then describe how we applied our framework to measure the incremental security impact of running a distributed stream processing system inside a hardware trusted execution environment

Configuração automática de plataforma de gestão de desempenho em ambientes NFV e SDN

Mestrado em Engenharia de Computadores e TelemáticaWith 5G set to arrive within the next three years, this next-generation of mobile networks will transform the mobile industry with a profound impact both on its customers as well as on the existing technologies and network architectures. Software-Defined Networking (SDN), together with Network Functions Virtualization (NFV), are going to play key roles for the operators as they prepare the migration from 4G to 5G allowing them to quickly scale their networks. This dissertation will present a research work done on this new paradigm of virtualized and programmable networks focusing on the performance management, supervision and monitoring domains, aiming to address Self-Organizing Networks (SON) scenarios in a NFV/SDN context, with one of the scenarios being the detection and prediction of potential network and service anomalies. The research work itself was done while participating in a R&D project designated SELFNET (A Framework for Self-Organized Network Management in Virtualized and Software Defined Networks) funded by the European Commission under the H2020 5G-PPP programme, with Altice Labs being one of the participating partners of this project. Performance management system advancements in a 5G scenario require aggregation, correlation and analysis of data gathered from these virtualized and programmable network elements. Both opensource monitoring tools and customized catalog-driven tools were either integrated on or developed with this purpose, and the results show that they were able to successfully address these requirements of the SELFNET project. Current performance management platforms of the network operators in production are designed for non virtualized (non- NFV) and non programmable (non-SDN) networks, and the knowledge gathered while doing this research work allowed Altice Labs to understand how its Altaia performance management platform must evolve in order to be prepared for the upcoming 5G next generation mobile networks.Com o 5G prestes a chegar nos próximos três anos, esta próxima geração de redes móveis irá transformar a indústria de telecomunicações móveis com um impacto profundo nos seus clientes assim como nas tecnologias e arquiteturas de redes. As redes programáveis (SDN), em conjunto com a virtualização de funções de rede (NFV), irão desempenhar papéis vitais para as operadoras na sua migração do 4G para o 5G, permitindo-as escalar as suas redes rapidamente. Esta dissertação irá apresentar um trabalho de investigação realizado sobre este novo paradigma de virtualização e programação de redes, concentrando-se no domínio da gestão de desempenho, supervisionamento e monitoria, abordando cenários de redes auto-organizadas (SON) num contexto NFV/SDN, sendo um destes cenários a deteção e predição de potenciais anomalias de redes e serviços. O trabalho de investigação foi enquadrado num projeto de I&D designado SELFNET (A Framework for Self-Organized Network Management in Virtualized and Software Defined Networks) financiado pela Comissão Europeia no âmbito do programa H2020 5G-PPP, sendo a Altice Labs um dos parceiros participantes deste projeto. Avanços em sistemas de gestão de desempenho em cenários 5G requerem agregação, correlação e análise de dados recolhidos destes elementos de rede programáveis e virtualizados. Ferramentas de monitoria open-source e ferramentas catalog-driven foram integradas ou desenvolvidas com este propósito, e os resultados mostram que estas preencheram os requisitos do projeto SELFNET com sucesso. As plataformas de gestão de desempenho das operadoras de rede atualmente em produção estão concebidas para redes não virtualizadas (non-NFV) e não programáveis (non- SDN), e o conhecimento adquirido durante este trabalho de investigação permitiu à Altice Labs compreender como a sua plataforma de gestão de desempenho (Altaia) terá que evoluir por forma a preparar-se para a próxima geração de redes móveis 5G

Incentive-Based Instruments for Water Management

This report provides a synthesis review of a set of incentive-based instruments that have been employed to varying degrees around the world. It is part of an effort by The Rockefeller Foundation to improve understanding of both the potential of these instruments and their limitations. The report is divided into five sections. Section 1 provides an introduction to the synthesis review. Section 2 describes the research methodology. Section 3 provides background on policy instruments and detail on three incentive-based instruments -- water trading, payment for ecosystem services, and water quality trading -- describing the application of each, including their environmental, economic, and social performances, and the conditions needed for their implementation. Section 4 highlights the role of the private sector in implementing these instruments, and Section 5 provides a summary and conclusions