3,063 research outputs found
Location aware self-adapting firewall policies
Private access to corporate servers from Internet can be achieved using various security mechanisms. This article presents a network access control mechanism that employs a policy management architecture empowered with dynamic firewalls. With the existence of such an architecture, system and/or network administrators do not need to reconfigure firewalls when there is a location change in user settings, reconfiguration will be automatic and seamless. The proposed architecture utilizes dynamic firewalls, which adapt their policies according to user locations through the guidance of a policy server. This architecture is composed of a VPN client at user site, a domain firewall with VPN capabilities, a policy server containing a policy decision engine, and policy agents residing in dynamic firewalls, which map policy server decisions to firewall policy rules, at server site
Specifying and Analysing SOC Applications with COWS
COWS is a recently defined process calculus for specifying and combining service-oriented applications, while modelling their dynamic behaviour. Since its introduction, a number of methods and tools have been devised to analyse COWS specifications, like e.g. a type system to check confidentiality properties, a logic and a model checker to express and check functional properties of services. In this paper, by means of a case study in the area of automotive systems, we demonstrate that COWS, with some mild linguistic additions, can model all the phases of the life cycle of service-oriented applications, such as publication, discovery, negotiation, orchestration, deployment, reconfiguration and execution. We also provide a flavour of the properties that can be analysed by using the tools mentioned above
An Autonomous Engine for Services Configuration and Deployment.
The runtime management of the infrastructure providing service-based systems is a complex task, up to the point where manual operation struggles to be cost effective. As the functionality is provided by a set of dynamically composed distributed services, in order to achieve a management objective multiple operations have to be applied over the distributed elements of the managed infrastructure. Moreover, the manager must cope with the highly heterogeneous characteristics and management interfaces of the runtime resources. With this in mind, this paper proposes to support the configuration and deployment of services with an automated closed control loop. The automation is enabled by the definition of a generic information model, which captures all the information relevant to the management of the services with the same abstractions, describing the runtime elements, service dependencies, and business objectives. On top of that, a technique based on satisfiability is described which automatically diagnoses the state of the managed environment and obtains the required changes for correcting it (e.g., installation, service binding, update, or configuration). The results from a set of case studies extracted from the banking domain are provided to validate the feasibility of this propos
Design and Experimental Validation of a Software-Defined Radio Access Network Testbed with Slicing Support
Network slicing is a fundamental feature of 5G systems to partition a single
network into a number of segregated logical networks, each optimized for a
particular type of service, or dedicated to a particular customer or
application. The realization of network slicing is particularly challenging in
the Radio Access Network (RAN) part, where multiple slices can be multiplexed
over the same radio channel and Radio Resource Management (RRM) functions shall
be used to split the cell radio resources and achieve the expected behaviour
per slice. In this context, this paper describes the key design and
implementation aspects of a Software-Defined RAN (SD-RAN) experimental testbed
with slicing support. The testbed has been designed consistently with the
slicing capabilities and related management framework established by 3GPP in
Release 15. The testbed is used to demonstrate the provisioning of RAN slices
(e.g. preparation, commissioning and activation phases) and the operation of
the implemented RRM functionality for slice-aware admission control and
scheduling
Logico-numerical Control for Software Components Reconfiguration
International audienceWe target the problem of the safe control of reconfigurations in component-based software systems, where strategies of adaptation to variations in both their environment and internal resource demands need to be enforced. In this context, the computing system involves software components that are subject to control decisions. We approach this problem under the angle of Discrete Event Systems (DES), involving properties on events observed during the execution (e.g., requests of computing tasks, work overload), and a state space representing different configurations such as activity or assemblies of components. We consider in particular the potential of applying novel logico-numerical control techniques to extend the expressivity of control models and objectives, thereby extending the application of DES in component-based software systems. We elaborate methodological guidelines for the application of logico-numerical control based on a case- study, and validate the result experimentally
Adaptive management of applications across multiple clouds:the SeaClouds approach
How to deploy and manage, in an efficient and adaptive way, complex applications across
multiple heterogeneous cloud platforms is one of the problems that have emerged with
the cloud revolution. In this paper we present context, motivations and objectives of the
EU research project SeaClouds, which aims at enabling a seamless adaptive multi-cloud
management of complex applications by supporting the distribution, monitoring and
migration of application modules over multiple heterogeneous cloud platforms. After
positioning SeaClouds with respect to related cloud initiatives, we present the SeaClouds
architecture and discuss some of its aspect, such as the use of the OASIS standard TOSCA
and the compatibility with the OASIS CAMP initiative
Orchestration in the Cloud-to-Things Compute Continuum: Taxonomy, Survey and Future Directions
IoT systems are becoming an essential part of our environment. Smart cities,
smart manufacturing, augmented reality, and self-driving cars are just some
examples of the wide range of domains, where the applicability of such systems
has been increasing rapidly. These IoT use cases often require simultaneous
access to geographically distributed arrays of sensors, and heterogeneous
remote, local as well as multi-cloud computational resources. This gives birth
to the extended Cloud-to-Things computing paradigm. The emergence of this new
paradigm raised the quintessential need to extend the orchestration
requirements i.e., the automated deployment and run-time management) of
applications from the centralised cloud-only environment to the entire spectrum
of resources in the Cloud-to-Things continuum. In order to cope with this
requirement, in the last few years, there has been a lot of attention to the
development of orchestration systems in both industry and academic
environments. This paper is an attempt to gather the research conducted in the
orchestration for the Cloud-to-Things continuum landscape and to propose a
detailed taxonomy, which is then used to critically review the landscape of
existing research work. We finally discuss the key challenges that require
further attention and also present a conceptual framework based on the
conducted analysis.Comment: Journal of Cloud Computing Pages: 2
Network Security Automation
L'abstract è presente nell'allegato / the abstract is in the attachmen
- …