Mecanismos dinâmicos de segurança para redes softwarizadas e virtualizadas

The relationship between attackers and defenders has traditionally been asymmetric, with attackers having time as an upper hand to devise an exploit that compromises the defender. The push towards the Cloudification of the world makes matters more challenging, as it lowers the cost of an attack, with a de facto standardization on a set of protocols. The discovery of a vulnerability now has a broader impact on various verticals (business use cases), while previously, some were in a segregated protocol stack requiring independent vulnerability research. Furthermore, defining a perimeter within a cloudified system is non-trivial, whereas before, the dedicated equipment already created a perimeter. This proposal takes the newer technologies of network softwarization and virtualization, both Cloud-enablers, to create new dynamic security mechanisms that address this asymmetric relationship using novel Moving Target Defense (MTD) approaches. The effective use of the exploration space, combined with the reconfiguration capabilities of frameworks like Network Function Virtualization (NFV) and Management and Orchestration (MANO), should allow for adjusting defense levels dynamically to achieve the required security as defined by the currently acceptable risk. The optimization tasks and integration tasks of this thesis explore these concepts. Furthermore, the proposed novel mechanisms were evaluated in real-world use cases, such as 5G networks or other Network Slicing enabled infrastructures.A relação entre atacantes e defensores tem sido tradicionalmente assimétrica, com os atacantes a terem o tempo como vantagem para conceberem uma exploração que comprometa o defensor. O impulso para a Cloudificação do mundo torna a situação mais desafiante, pois reduz o custo de um ataque, com uma padronização de facto sobre um conjunto de protocolos. A descoberta de uma vulnerabilidade tem agora um impacto mais amplo em várias verticais (casos de uso empresarial), enquanto anteriormente, alguns estavam numa pilha de protocolos segregados que exigiam uma investigação independente das suas vulnerabilidades. Além disso, a definição de um perímetro dentro de um sistema Cloud não é trivial, enquanto antes, o equipamento dedicado já criava um perímetro. Esta proposta toma as mais recentes tecnologias de softwarização e virtualização da rede, ambas facilitadoras da Cloud, para criar novos mecanismos dinâmicos de segurança que incidem sobre esta relação assimétrica utilizando novas abordagens de Moving Target Defense (MTD). A utilização eficaz do espaço de exploração, combinada com as capacidades de reconfiguração de frameworks como Network Function Virtualization (NFV) e Management and Orchestration (MANO), deverá permitir ajustar dinamicamente os níveis de defesa para alcançar a segurança necessária, tal como definida pelo risco actualmente aceitável. As tarefas de optimização e de integração desta tese exploram estes conceitos. Além disso, os novos mecanismos propostos foram avaliados em casos de utilização no mundo real, tais como redes 5G ou outras infraestruturas de Network Slicing.Programa Doutoral em Engenharia Informátic

Invasion genetics and development of rapid diagnostics of insect pests on traded plants

Background: Global trade of plant products is a major driving force for the unintended spread of economically harmful insect pests. This PhD thesis aimed at (i) developing and implementing molecular tools for the on-site identification of invasive insect pests at points of entry (POEs) for plant import products as a prevention measure; and (ii) investigating the invasion history of the mosaic leafhopper Orientus ishidae, a potential vector of grapevine Flavescence dorée phytoplasma. Methods: To achieve the first goal, loop-mediated isothermal amplification (LAMP)-based genetic assays for the rapid on-site identification of Bemisia tabaci, Thrips palmi and several invasive fruit flies of the genera Bactrocera and Zeugodacus were developed. Using publicly available DNA sequences, LAMP primers were designed to specifically target a fragment of the mitochondrial cytochrome c oxidase subunit 1 gene. To address the second goal of this PhD thesis, the invasion genetics of O. ishidae was studied, an invasive insect species that spread from its native range from in East Asia to North America in the first half of the 20th century and only recently colonised Europe. Possible source populations and invasion pathways were investigated by assessing the genetic structure of 41 O. ishidae populations from Asia, Europe, and North America based on a mitochondrial marker and 641 single nucleotide polymorphisms (SNPs) generated by double digest restriction-site associated DNA (ddRAD) sequencing. Results: Validation performed under laboratory and on-site conditions demonstrated the robustness and reliability of the developed LAMP identification assays. Analysing 319 insect specimens, the overall diagnostic test efficiency was 98% and the overall diagnostic test specificity was 100%. The small number of false-negative results (2%) originated either from previously unknown biotypes, not included in the initial primer design, or from handling errors during LAMP preparation. The results from the molecular genetic analyses of O. ishidae revealed a clear genetic separation between a native population from Asia and the non-native populations from Europe and North America. Among the non-native populations, only faint signals of spatial genetic structuring were found. However, when comparing non-native populations from Europe and North America, elevated levels of admixture of genetically distant mitochondrial haplotypes were observed for European populations. Conclusion: Characterised by high analysis speed (<1 h) and simplicity in use (only 1 pipetting step), the validated LAMP assays were found to be suitable identification tools for on-site application by plant health inspectors. Since completion of the validation phase, the developed identification assays are routinely deployed in the phytosanitary import control process of Switzerland. The considerable genetic separation between native and non-native populations of O. ishidae together with the strikingly high genetic similarity of European and North American populations suggest an invasion scenario in which North American populations served as source for the European invasion. A slightly reduced genetic structure combined with increased admixture of genetically distant mitochondrial haplotypes furthermore indicate that the European colonisation history was shaped by multiple introductions from North America, complemented by frequent intra-European gene flow. Taken together, it is hypothesised that the overall genetic complexity of non-native populations was strongly driven by frequent international trade of plants infested by O. ishidae

MR-CUDASW - GPU accelerated Smith-Waterman algorithm for medium-length (meta)genomic data

The idea of using a graphics processing unit (GPU) for more than simply graphic output purposes has been around for quite some time in scientific communities. However, it is only recently that its benefits for a range of bioinformatics and life sciences compute-intensive tasks has been recognized. This thesis investigates the possibility of improving the performance of the overlap determination stage of an Overlap Layout Consensus (OLC)-based assembler by using a GPU-based implementation of the Smith-Waterman algorithm. In this thesis an existing GPU-accelerated sequence alignment algorithm is adapted and expanded to reduce its completion time. A number of improvements and changes are made to the original software. Workload distribution, query profile construction, and thread scheduling techniques implemented by the original program are replaced by custom methods specifically designed to handle medium-length reads. Accordingly, this algorithm is the first highly parallel solution that has been specifically optimized to process medium-length nucleotide reads (DNA/RNA) from modern sequencing machines (i.e. Ion Torrent). Results show that the software reaches up to 82 GCUPS (Giga Cell Updates Per Second) on a single-GPU graphic card running on a commodity desktop hardware. As a result it is the fastest GPU-based implemen- tation of the Smith-Waterman algorithm tailored for processing medium-length nucleotide reads. Despite being designed for performing the Smith-Waterman algorithm on medium-length nucleotide sequences, this program also presents great potential for improving heterogeneous computing with CUDA-enabled GPUs in general and is expected to make contributions to other research problems that require sensitive pairwise alignment to be applied to a large number of reads. Our results show that it is possible to improve the performance of bioinformatics algorithms by taking full advantage of the compute resources of the underlying commodity hardware and further, these results are especially encouraging since GPU performance grows faster than multi-core CPUs