9,017 research outputs found
Multi-Provider Service Chain Embedding With Nestor
Network function (NF) virtualization decouples NFs from the underlying middlebox hardware and promotes their deployment on virtualized network infrastructures. This essentially paves the way for the migration of NFs into clouds (i.e., NF-as-a-Service), achieving a drastic reduction of middlebox investment and operational costs for enterprises. In this context, service chains (expressing middlebox policies in the enterprise network) should be mapped onto datacenter networks, ensuring correctness, resource efficiency, as well as compliance with the provider's policy. The network service embedding (NSE) problem is further exacerbated by two challenging aspects: 1) traffic scaling caused by certain NFs (e.g., caches and WAN optimizers) and 2) NF location dependencies. Traffic scaling requires resource reservations different from the ones specified in the service chain, whereas NF location dependencies, in conjunction with the limited geographic footprint of NF providers (NFPs), raise the need for NSE across multiple NFPs. In this paper, we present a holistic solution to the multi-provider NSE problem. We decompose NSE into: 1) NF-graph partitioning performed by a centralized coordinator and 2) NF-subgraph mapping onto datacenter networks. We present linear programming formulations to derive near-optimal solutions for both problems. We address the challenging aspect of traffic scaling by introducing a new service model that supports demand transformations. We also define topology abstractions for NF-graph partitioning. Furthermore, we discuss the steps required to embed service chains across multiple NFPs, using our NSE orchestrator (Nestor). We perform an evaluation study of multi-provider NSE with emphasis on NF-graph partitioning optimizations tailored to the client and NFPs. Our evaluation results further uncover significant savings in terms of service cost and resource consumption due to the demand transformations. © 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works..EU/FP7/T-NOVA/619520DFG/Collaborative Research Center/1053 (MAKI)EU/FP7/T-NOVADFG/CRC/105
Automation for network security configuration: state of the art and research trends
The size and complexity of modern computer networks are progressively increasing, as a consequence of novel architectural paradigms such as the Internet of Things and network virtualization. Consequently, a manual orchestration and configuration of network security functions is no more feasible, in an environment where cyber attacks can dramatically exploit breaches related to any minimum configuration error. A new frontier is then the introduction of automation in network security configuration, i.e., automatically designing the architecture of security services and the configurations of network security functions, such as firewalls, VPN gateways, etc. This opportunity has been enabled by modern computer networks technologies, such as virtualization. In view of these considerations, the motivations for the introduction of automation in network security configuration are first introduced, alongside with the key automation enablers. Then, the current state of the art in this context is surveyed, focusing on both the achieved improvements and the current limitations. Finally, possible future trends in the field are illustrated
Rule-based Methodologies for the Specification and Analysis of Complex Computing Systems
Desde los orígenes del hardware y el software hasta la época actual, la complejidad
de los sistemas de cálculo ha supuesto un problema al cual informáticos, ingenieros
y programadores han tenido que enfrentarse. Como resultado de este esfuerzo han
surgido y madurado importantes áreas de investigación. En esta disertación abordamos
algunas de las líneas de investigación actuales relacionada con el análisis y
la verificación de sistemas de computación complejos utilizando métodos formales y
lenguajes de dominio específico.
En esta tesis nos centramos en los sistemas distribuidos, con un especial interés por
los sistemas Web y los sistemas biológicos. La primera parte de la tesis está dedicada
a aspectos de seguridad y técnicas relacionadas, concretamente la certificación del
software. En primer lugar estudiamos sistemas de control de acceso a recursos y proponemos
un lenguaje para especificar políticas de control de acceso que están fuertemente
asociadas a bases de conocimiento y que proporcionan una descripción sensible
a la semántica de los recursos o elementos a los que se accede. También hemos desarrollado
un marco novedoso de trabajo para la Code-Carrying Theory, una metodología
para la certificación del software cuyo objetivo es asegurar el envío seguro de código
en un entorno distribuido. Nuestro marco de trabajo está basado en un sistema de
transformación de teorías de reescritura mediante operaciones de plegado/desplegado.
La segunda parte de esta tesis se concentra en el análisis y la verificación de sistemas
Web y sistemas biológicos. Proponemos un lenguaje para el filtrado de información
que permite la recuperación de informaciones en grandes almacenes de datos. Dicho
lenguaje utiliza información semántica obtenida a partir de ontologías remotas
para re nar el proceso de filtrado. También estudiamos métodos de validación para
comprobar la consistencia de contenidos web con respecto a propiedades sintácticas
y semánticas. Otra de nuestras contribuciones es la propuesta de un lenguaje que
permite definir y comprobar automáticamente restricciones semánticas y sintácticas
en el contenido estático de un sistema Web. Finalmente, también consideramos los
sistemas biológicos y nos centramos en un formalismo basado en lógica de reescritura
para el modelado y el análisis de aspectos cuantitativos de los procesos biológicos.
Para evaluar la efectividad de todas las metodologías propuestas, hemos prestado
especial atención al desarrollo de prototipos que se han implementado utilizando
lenguajes basados en reglas.Baggi ., M. (2010). Rule-based Methodologies for the Specification and Analysis of Complex Computing Systems [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/8964Palanci
Service Function Graph Design And Embedding In Next Generation Internet
Network Function Virtualization (NFV) and Software Defined Networking (SDN) are viewed as the techniques to design, deploy and manage future Internet services. NFV provides an effective way to decouple network functions from the proprietary hardware, allowing the network providers to implement network functions as virtual machines running on standard servers. In the NFV environment, an NFV service request is provisioned in the form of a Service Function Graph (SFG). The SFG defines the exact set of actions or Virtual Network Functions (VNFs) that the data stream from the service request is subjected to. These actions or VNFs need to be embedded onto specific physical (substrate) networks to provide network services for end users. Similarly, SDN decouples the control plane from network devices such as routers and switches. The network control management is performed via an open interface and the underlying infrastructure turned into simple programmable forwarding devices. NFV and SDN are complementary to each other. Specifically, similar to running network functions on general purpose servers, SDN control plane can be implemented as pure software running on industry standard hardware. Moreover, automation and virtualization provide both NFV and SDN the tools to achieve their respective goals. In this dissertation, we motivate the importance of service function graph design, and we focus our attention on the problem of embedding network service requests. Throughout the dissertation, we highlight the unique properties of the service requests and investigate how to efficiently design and embed an SFG for a service request onto substrate network. We address variations of the embedding service requests such as dependence awareness and branch awareness in service function graph design and embedding. We propose novel algorithms to design and embed service requests with dependence and branch awareness. We also provide the intuition behind our proposed schemes and analyze our suggested approaches over multiple metrics against other embedding techniques
AIMS: An Automatic Semantic Machine Learning Microservice Framework to Support Biomedical and Bioengineering Research
The fusion of machine learning and biomedical research offers novel ways to understand, diagnose, and treat various health conditions. However, the complexities of biomedical data, coupled with the intricate process of developing and deploying machine learning solutions, often pose significant challenges to researchers in these fields. Our pivotal achievement in this research is the introduction of the Automatic Semantic Machine Learning Microservice Framework (AIMS). AIMS addresses these challenges by automating various stages of the machine learning pipeline, with a particular emphasis on the ontology of machine learning services tailored for the biomedical domain. This ontology encompasses everything from task representation, service modeling, and knowledge acquisition to knowledge reasoning and the establishment of a self-supervised learning policy. Our framework has been crafted to prioritize model interpretability, integrate domain knowledge effortlessly, and handle biomedical data with efficiency. Additionally, AIMS boasts a distinctive feature: it leverages self-supervised knowledge learning through reinforcement learning techniques, paired with an ontology-based policy recording schema. This enables it to autonomously generate, fine-tune, and continually adapt to machine learning models, especially when faced with new tasks and data. Our work has two standout contributions of demonstrating that machine learning processes in the biomedical domain can be automated, while integrating a rich domain knowledge base and providing a way for machines to have a self-learning ability, ensuring they handle new tasks effectively. To showcase AIMS in action, we've highlighted its prowess in three case studies from biomedical tasks. These examples emphasize how our framework can simplify research routines, uplift the caliber of scientific exploration, and set the stage for notable advances
Software-Defined Cloud Computing: Architectural Elements and Open Challenges
The variety of existing cloud services creates a challenge for service
providers to enforce reasonable Software Level Agreements (SLA) stating the
Quality of Service (QoS) and penalties in case QoS is not achieved. To avoid
such penalties at the same time that the infrastructure operates with minimum
energy and resource wastage, constant monitoring and adaptation of the
infrastructure is needed. We refer to Software-Defined Cloud Computing, or
simply Software-Defined Clouds (SDC), as an approach for automating the process
of optimal cloud configuration by extending virtualization concept to all
resources in a data center. An SDC enables easy reconfiguration and adaptation
of physical resources in a cloud infrastructure, to better accommodate the
demand on QoS through a software that can describe and manage various aspects
comprising the cloud environment. In this paper, we present an architecture for
SDCs on data centers with emphasis on mobile cloud applications. We present an
evaluation, showcasing the potential of SDC in two use cases-QoS-aware
bandwidth allocation and bandwidth-aware, energy-efficient VM placement-and
discuss the research challenges and opportunities in this emerging area.Comment: Keynote Paper, 3rd International Conference on Advances in Computing,
Communications and Informatics (ICACCI 2014), September 24-27, 2014, Delhi,
Indi
Context-Aware Composition of Agent Policies by Markov Decision Process Entity Embeddings and Agent Ensembles
Computational agents support humans in many areas of life and are therefore
found in heterogeneous contexts. This means they operate in rapidly changing
environments and can be confronted with huge state and action spaces. In order
to perform services and carry out activities in a goal-oriented manner, agents
require prior knowledge and therefore have to develop and pursue
context-dependent policies. However, prescribing policies in advance is limited
and inflexible, especially in dynamically changing environments. Moreover, the
context of an agent determines its choice of actions. Since the environments
can be stochastic and complex in terms of the number of states and feasible
actions, activities are usually modelled in a simplified way by Markov decision
processes so that, e.g., agents with reinforcement learning are able to learn
policies, that help to capture the context and act accordingly to optimally
perform activities. However, training policies for all possible contexts using
reinforcement learning is time-consuming. A requirement and challenge for
agents is to learn strategies quickly and respond immediately in cross-context
environments and applications, e.g., the Internet, service robotics,
cyber-physical systems. In this work, we propose a novel simulation-based
approach that enables a) the representation of heterogeneous contexts through
knowledge graphs and entity embeddings and b) the context-aware composition of
policies on demand by ensembles of agents running in parallel. The evaluation
we conducted with the "Virtual Home" dataset indicates that agents with a need
to switch seamlessly between different contexts, can request on-demand composed
policies that lead to the successful completion of context-appropriate
activities without having to learn these policies in lengthy training steps and
episodes, in contrast to agents that use reinforcement learning.Comment: 30 pages, 11 figures, 9 tables, 3 listings, Re-submitted to Semantic
Web Journal, Currently, under revie
- …