Procedura Tecnica di Accreditamento dei Registrar del ccTLD.it

Questo documento descrive le operazioni che un aspirante Registrar deve sottoporre, tramite una propria applicazione client, al server EPP (Extensible Provisioning Protocol) del Registro del ccTLD .it per effettuare la procedura tecnica di accreditamento e diventare un Registrar accreditato presso il Registro stesso. Il test permette di verificare che il client EPP utilizzato dal Registrar sia stato correttamente implementato, che esso interagisca in maniera corretta con il server EPP del Registro Italiano e che il Registrar sia in grado di effettuare le principali operazioni previste nel sistema di registrazione sincrono e definite nelle linee guida del ccTLD .i

Management of synchronous operations on domain names of the ccTLD .it

This document details the operations needed for registering and maintaining domain names in accordance with synchronous registration. The synchronous system for registering and maintaining a domain name is provided by organizations (henceforth Registrars) that have an active contract with the Registry (henceforth .it Registry or Registry of the ccTLD.it), which is subordinate to an accreditation procedure. The Registrar will always be an intermediary with the Registry for all domain name registering and maintenance and also for correctly updating the Database of Assigned Names (DBNA) by using the synchronous registration system. The synchronous registration system allows Registrars to register and maintain domain names in realtime within the limits set out in the "Rules for assigning and managing domain names in the ccTLD.it" (hereafter, "Rules"). The synchronous system for registering and maintaining domain names of the .it Registry uses the protocol EPP (Extensible Provisioning Protocol) to comply with internationally accepted standards and to comply with decisions already made by other ccTLDs and gTLDs. EPP is a synchronous client-server protocol based on XML

Management Tools for DNS Registraries

Tato diplomová práce pojednává o registraci domén a s tím spojenými registračními systémy správců domén. Hlavní zaměření je na registraci domén přes registrátory, s čímž souvisí rozhraní pro registrátory registračních systémů. Součástí rozhraní pro registrátory je komunikační protokol EPP, který je v této práci podrobně popsán. Dále je zde uveden přehled volně dostupných registračních systémů. Po tomto přehledu se práce podrobněji zaměřuje na český registrační systém FRED, přesněji na část řešící komunikaci s registrátory. Součástí je i provedený malý průzkum mezi registrátory zaměřený na jejich řešení přístupu k registračnímu systému. Pro zjednodušení tohoto přístupu se tato práce dále věnuje implementaci klientské knihovny, která odstiňuje programátora od detailů komunikačního protokolu mezi registrátorem a registračním systémem a poskytuje rozhraní pro snadnou implementaci klienta pro systém FRED.This master's thesis deals with domain registration and related registration systems administrators domains. The main focus is on domain registration via registrars, which is connected with an interface for the registrars registration systems. A part of the interface for the registrars is EPP communication protocol, which is in the project described in detail. Furthermore, there is an overview of freely available registration systems. After this overview, the work focuses more on the czech registration system FRED, specifically the section solving communication with the registrars. A part of is a little research conducted among the registrars aimed at their solving access to the registration system. To facilitate this approach, this work focuses on the implementation of the client library that shield programmers from the details of the communication protocol between the registrar and the registration system and provides an interface for easy implementation of client for the FRED system.

Access Control in Industrial Internet of Things

The Industrial Internet of Things (IIoT) is an ecosystem that consists of - among others - various networked sensors and actuators, achieving mainly advancements related with lowering production costs and providing workflow flexibility. Introducing access control in such environments is considered to be challenging, mainly due to the variety of technologies and protocols in IIoT devices and networks. Thus, various access control models and mechanisms should be examined, as well as the additional access control requirements posed by these industrial environments. To achieve these aims, we elaborate on existing state-of-the-art access control models and architectures and investigate access control requirements in IIoT, respectively. These steps provide valuable indications on what type of an access control model and architecture may be beneficial for application in the IIoT. We describe an access control architecture capable of achieving access control in IIoT using a layered approach and based on existing virtualization concepts (e.g., the cloud). Furthermore, we provide information on the functionality of the individual access control related components, as well as where these should be placed in the overall architecture. Considering this research area to be challenging, we finally discuss open issues and anticipate these directions to provide interesting multi-disciplinary insights in both industry and academia

Evidence-based Accountability Audits for Cloud Computing

Cloud computing is known for its on-demand service provisioning and has now become mainstream. Many businesses as well as individuals are using cloud services on a daily basis. There is a big variety of services that ranges from the provision of computing resources to services such as productivity suites and social networks. The nature of these services varies heavily in terms of what kind of information is being out-sourced to the cloud provider. Often, that data is sensitive, for instance when PII is being shared by an individual. Also, businesses that move (parts of) their processes to the cloud are actively participating in a major paradigm shift from having data on-premise to transfering data to a third-party provider. However, many new challenges come along with this trend, which are closely tied to the loss of control over data. When moving to the cloud, direct control over geographical storage location, who has access to it and how it is shared and processed is given up. Because of this loss of control, cloud customers have to trust cloud providers that they treat their data in an appropriate and responsible way. Cloud audits can be used to check how data has been processed in the cloud (i.e., by whom, for what purpose) and whether or not this happened in compliance with what has been defined in agreed-upon privacy and data storage, usage and maintenance (i.e., data handling) policies. This way, a cloud customer can regain some of the control he has given up by moving to the cloud. In this thesis, accountability audits are presented as a way to strengthen trust in cloud computing by providing assurance about the processing of data in the cloud according to data handling and privacy policies. In cloud accountability audits, various distributed evidence sources need to be considered. The research presented in this thesis discusses the use of various heterogeous evidence sources on all cloud layers. This way, a complete picture of the actual data handling practices that is based on hard facts can be presented to the cloud consumer. Furthermore, this strengthens transparency of data processing in the cloud, which can lead to improved trust in cloud providers, if they choose to adopt these mechanisms in order to assure their customers that their data is being handled according to their expectations. The system presented in this thesis enables continuous auditing of a cloud provider's adherence to data handling policies in an automated way that shortens audit intervals and that is based on evidence that is produced by cloud subsystems. An important aspect of many cloud offerings is the combination of multiple distinct cloud services that are offered by independent providers. Data is thereby freuqently exchanged between the cloud providers. This also includes trans-border flows of data, where one provider may be required to adhere to more strict data protection requirements than the others. The system presented in this thesis addresses such scenarios by enabling the collection of evidence at providers and evaluating it during audits. Securing evidence quickly becomes a challenge in the system design, when information that is needed for the audit is deemed sensitive or confidential. This means that securing the evidence at-rest as well as in-transit is of utmost importance, in order not to introduce a new liability by building an insecure data heap. This research presents the identification of security and privacy protection requirements alongside proposed solutions that enable the development of an architecture for secure, automated, policy-driven and evidence-based accountability audits

Signaling strategies for consumer oriented Grid over Optical Burst Switching networks

Dissertação mest., Engenharia Eléctrica e Telecomunicações, Universidade do Algarve, 2009The concept of Grid networks has recently emerged as an infrastructure able to support, both scientific and commercial applications. The Grid is a dynamic, distributed collection of heterogeneous computational, storage and network resources geographically distributed and shared between organizations. Optical Burst Switching (OBS) networks have been identified as a technology with potential to support the requirements of the Grids. This approach, known as Grid over Optical Burst Switching (GOBS) is currently the object of intensive research. This dissertation focus is on GOBS architectures employing Active OBS Routers with centralized control. This approach enables the balance of the overall network traffic potentially minimizing congestion and consequently reducing job blocking. Two different strategies are explored. The first strategy is a novel signaling scheme applied to a GOBS network employing Active Routers. The Active Router reduces the job blocking probability, because the path used by the Data Burst to reach the Grid Job Resource is selected based on the network actual status. Since the Active Router maintains the network status always updated, the bursts are only dropped when is not possible to connect the source to the end node. Another study associated with this signaling scheme is the reservation time. It is demonstrated that this approach decreases the network blocking probability at the same time that decreases the time delay that a job suffers until it reaches the Grid service provider. In the second strategy, the Active Router only select the Grid Resource used to resolve the job, the path used to reach it is selected by the Grid client based on the probabilistic model for the link demands. The probabilistic model is used to predict a possible network usage based on the demands from all nodes to all nodes. The results obtained show overall performance improvement

Standardization Roadmap for Unmanned Aircraft Systems, Version 2.0

This Standardization Roadmap for Unmanned Aircraft Systems, Version 2.0 (“roadmap”) is an update to version 1.0 of this document published in December 2018. It identifies existing standards and standards in development, assesses gaps, and makes recommendations for priority areas where there is a perceived need for additional standardization and/or pre-standardization R&D. The roadmap has examined 78 issue areas, identified a total of 71 open gaps and corresponding recommendations across the topical areas of airworthiness; flight operations (both general concerns and application-specific ones including critical infrastructure inspections, commercial services, and public safety operations); and personnel training, qualifications, and certification. Of that total, 47 gaps/recommendations have been identified as high priority, 21 as medium priority, and 3 as low priority. A “gap” means no published standard or specification exists that covers the particular issue in question. In 53 cases, additional R&D is needed. As with the earlier version of this document, the hope is that the roadmap will be broadly adopted by the standards community and that it will facilitate a more coherent and coordinated approach to the future development of standards for UAS. To that end, it is envisioned that the roadmap will continue to be promoted in the coming year. It is also envisioned that a mechanism may be established to assess progress on its implementation

Privacidade em redes de próxima geração

Doutoramento em Engenharia InformáticaIn the modern society, communications and digital transactions are becoming the norm rather than the exception. As we allow networked computing devices into our every-day actions, we build a digital lifestyle where networks and devices enrich our interactions. However, as we move our information towards a connected digital environment, privacy becomes extremely important as most of our personal information can be found in the network. This is especially relevant as we design and adopt next generation networks that provide ubiquitous access to services and content, increasing the impact and pervasiveness of existing networks. The environments that provide widespread connectivity and services usually rely on network protocols that have few privacy considerations, compromising user privacy. The presented work focuses on the network aspects of privacy, considering how network protocols threaten user privacy, especially on next generation networks scenarios. We target the identifiers that are present in each network protocol and support its designed function. By studying how the network identifiers can compromise user privacy, we explore how these threats can stem from the identifier itself and from relationships established between several protocol identifiers. Following the study focused on identifiers, we show that privacy in the network can be explored along two dimensions: a vertical dimension that establishes privacy relationships across several layers and protocols, reaching the user, and a horizontal dimension that highlights the threats exposed by individual protocols, usually confined to a single layer. With these concepts, we outline an integrated perspective on privacy in the network, embracing both vertical and horizontal interactions of privacy. This approach enables the discussion of several mechanisms to address privacy threats on individual layers, leading to architectural instantiations focused on user privacy. We also show how the different dimensions of privacy can provide insight into the relationships that exist in a layered network stack, providing a potential path towards designing and implementing future privacy-aware network architectures.Na sociedade moderna, as comunicações e transacções digitais estão a tornar-se a regra e não a excepção. À medida que permitimos a intromissão de dispositivos electrónicos de rede no nosso quotidiano, vamos construíndo um estilo de vida digital onde redes e dispositivos enrirquecem as nossas interacções. Contudo, ao caminharmos para um ambiente digital em rede, a nossa privacidade vai-se revestindo de maior importãncia, pois a nossa informação pessoal passa a encontrar-se cada vez mais na rede. Isto torna-se particularmente relevante ao adoptarmos redes de próxima geração, que permitem acesso ubíquo a redes, serviços e conteúdos, aumentando o impacte e pervasividade das redes actuais. Os ambientes onde a conectividade e os serviços se tornam uma constante, assentam em protocolos de rede que normalmente contemplam poucas considerações sobre privacidade, comprometendo desta forma o utlizador. O presente trabalho centra-se nos aspectos de privacidade que dizem respeito à rede devido à forma como os protocolos são utilizados nas diferentes camadas, e que resultando em ameaças à privacidade do utilizador. Abordamos especificamente os identificadores presentes nos protocolos de rede, e que são essenciais à sua função. Neste contexto exploramos a possibilidade destes identificadores comprometerem a privacidade do utilizador através da informação neles contida, bem como das relações que podem ser estabelecidas entre identificadores de diferentes protocolos. Após este estudo centrado nos identificadores, mostramos como a privacidade em redes pode ser explorada ao longo de duas dimensões: uma dimensão que acentua as relações verticais de privacidade, cruzando vários protocolos até chegar ao utilizador, e uma dimensão horizontal que destaca as ameaças causadas por cada protocolo, de forma individual, normalmente limitadas a uma única camada. Através destes conceitos, mostramos uma visão integrada de privacidade em redes, abrangendo tanto as interacçoes de privacidade verticais como as horizontais. Esta visão permite discutir vários mecanismos para mitigar ameaças específicas a cada camada de rede, resultando em instânciações arquitecturais orientadas à privacidade do utilizador. Finalmente, mostramos como as diferentes dimensões de privacidade podem fornecer uma visão diferente sobre as relações estabelecidas na pilha protocolar que assenta em camadas, mostrando um caminho possível para o desenvolvimento de futuras arquitecturas de rede com suporte para privacidade

A Modular Approach to Adaptive Reactive Streaming Systems

The latest generations of FPGA devices offer large resource counts that provide the headroom to implement large-scale and complex systems. However, there are increasing challenges for the designer, not just because of pure size and complexity, but also in harnessing effectively the flexibility and programmability of the FPGA. A central issue is the need to integrate modules from diverse sources to promote modular design and reuse. Further, the capability to perform dynamic partial reconfiguration (DPR) of FPGA devices means that implemented systems can be made reconfigurable, allowing components to be changed during operation. However, use of DPR typically requires low-level planning of the system implementation, adding to the design challenge. This dissertation presents ReShape: a high-level approach for designing systems by interconnecting modules, which gives a ‘plug and play’ look and feel to the designer, is supported by tools that carry out implementation and verification functions, and is carried through to support system reconfiguration during operation. The emphasis is on the inter-module connections and abstracting the communication patterns that are typical between modules – for example, the streaming of data that is common in many FPGA-based systems, or the reading and writing of data to and from memory modules. ShapeUp is also presented as the static precursor to ReShape. In both, the details of wiring and signaling are hidden from view, via metadata associated with individual modules. ReShape allows system reconfiguration at the module level, by supporting type checking of replacement modules and by managing the overall system implementation, via metadata associated with its FPGA floorplan. The methodology and tools have been implemented in a prototype for a broad domain-specific setting – networking systems – and have been validated on real telecommunications design projects

Personalised privacy in pervasive and ubiquitous systems

Our world is edging closer to the realisation of pervasive systems and their integration in our everyday life. While pervasive systems are capable of offering many benefits for everyone, the amount and quality of personal information that becomes available raise concerns about maintaining user privacy and create a real need to reform existing privacy practices and provide appropriate safeguards for the user of pervasive environments. This thesis presents the PERSOnalised Negotiation, Identity Selection and Management (PersoNISM) system; a comprehensive approach to privacy protection in pervasive environments using context aware dynamic personalisation and behaviour learning. The aim of the PersoNISM system is twofold: to provide the user with a comprehensive set of privacy protecting tools and to help them make the best use of these tools according to their privacy needs. The PersoNISM system allows users to: a) configure the terms and conditions of data disclosure through the process of privacy policy negotiation, which addresses the current “take it or leave it” approach; b) use multiple identities to interact with pervasive services to avoid the accumulation of vast amounts of personal information in a single user profile; and c) selectively disclose information based on the type of information, who requests it, under what context, for what purpose and how the information will be treated. The PersoNISM system learns user privacy preferences by monitoring the behaviour of the user and uses them to personalise and/or automate the decision making processes in order to unburden the user from manually controlling these complex mechanisms. The PersoNISM system has been designed, implemented, demonstrated and evaluated during three EU funded projects