Autonomic Systems

An autonomic system is defined as self-configuring, self-optimizing, self-healing, and self-protecting. We implemented the Autonomic Cluster Management System (ACMS), a low overhead Java application designed to manage and load balance a cluster, while working at NASA GSFC. The ACMS is a mobile multi-agent system in which each agent is designed to fulfill a specific role. The agents collaborate and coordinate their activities in order to achieve system management goals. The ACMS is scalable and extensible to facilitate future development

Routing and Mobility on IPv6 over LoWPAN

The IoT means a world-wide network of interconnected objects based on standard communication protocols. An object in this context is a quotidian physical device augmented with sensing/actuating, processing, storing and communication capabilities. These objects must be able to interact with the surrounding environment where they are placed and to cooperate with neighbouring objects in order to accomplish a common objective. The IoT objects have also the capabilities of converting the sensed data into automated instructions and communicating them to other objects through the communication networks, avoiding the human intervention in several tasks. Most of IoT deployments are based on small devices with restricted computational resources and energy constraints. For this reason, initially the scientific community did not consider the use of IP protocol suite in this scenarios because there was the perception that it was too heavy to the available resources on such devices. Meanwhile, the scientific community and the industry started to rethink about the use of IP protocol suite in all IoT devices and now it is considered as the solution to provide connectivity between the IoT devices, independently of the Layer 2 protocol in use, and to connect them to the Internet. Despite the use of IP suite protocol in all devices and the amount of solutions proposed, many open issues remain unsolved in order to reach a seamless integration between the IoT and the Internet and to provide the conditions to IoT service widespread. This thesis addressed the challenges associated with the interconnectivity between the Internet and the IoT devices and with the security aspects of the IoT. In the interconnectivity between the IoT devices and the Internet the problem is how to provide valuable information to the Internet connected devices, independently of the supported IP protocol version, without being necessary accessed directly to the IoT nodes. In order to solve this problem, solutions based on Representational state transfer (REST) web services and IPv4 to IPv6 dual stack transition mechanism were proposed and evaluated. The REST web service and the transition mechanism runs only at the border router without penalizing the IoT constrained devices. The mitigation of the effects of internal and external security attacks minimizing the overhead imposed on the IoT devices is the security challenge addressed in this thesis. Three different solutions were proposed. The first is a mechanism to prevent remotely initiated transport level Denial of Service attacks that avoids the use of inefficient and hard to manage traditional firewalls. It is based on filtering at the border router the traffic received from the Internet and destined to the IoT network according to the conditions announced by each IoT device. The second is a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes. The third is a network admission control framework that prevents IoT unauthorized nodes to communicate with IoT authorized nodes or with the Internet, which drastically reduces the number of possible security attacks. The network admission control was also exploited as a management mechanism as it can be used to manage the network size in terms of number of nodes, making the network more manageable, increasing its reliability and extending its lifetime.A IoT (Internet of Things) tem suscitado o interesse tanto da comunidade académica como da indústria, uma vez que os campos de aplicação são inúmeros assim como os potenciais ganhos que podem ser obtidos através do uso deste tipo de tecnologia. A IoT significa uma rede global de objetos ligados entre si através de uma rede de comunicações baseada em protocolos standard. Neste contexto, um objeto é um objeto físico do dia a dia ao qual foi adicionada a capacidade de medir e de atuar sobre variáveis físicas, de processar e armazenar dados e de comunicar. Estes objetos têm a capacidade de interagir com o meio ambiente envolvente e de cooperar com outros objetos vizinhos de forma a atingirem um objetivo comum. Estes objetos também têm a capacidade de converter os dados lidos em instruções e de as comunicar a outros objetos através da rede de comunicações, evitando desta forma a intervenção humana em diversas tarefas. A maior parte das concretizações de sistemas IoT são baseados em pequenos dispositivos autónomos com restrições ao nível dos recursos computacionais e de retenção de energia. Por esta razão, inicialmente a comunidade científica não considerou adequado o uso da pilha protocolar IP neste tipo de dispositivos, uma vez que havia a perceção de que era muito pesada para os recursos computacionais disponíveis. Entretanto, a comunidade científica e a indústria retomaram a discussão acerca dos benefícios do uso da pilha protocolar em todos os dispositivos da IoT e atualmente é considerada a solução para estabelecer a conetividade entre os dispositivos IoT independentemente do protocolo da camada dois em uso e para os ligar à Internet. Apesar do uso da pilha protocolar IP em todos os dispositivos e da quantidade de soluções propostas, são vários os problemas por resolver no que concerne à integração contínua e sem interrupções da IoT na Internet e de criar as condições para a adoção generalizada deste tipo de tecnologias. Esta tese versa sobre os desafios associados à integração da IoT na Internet e dos aspetos de segurança da IoT. Relativamente à integração da IoT na Internet o problema é como fornecer informação válida aos dispositivos ligados à Internet, independentemente da versão do protocolo IP em uso, evitando o acesso direto aos dispositivos IoT. Para a resolução deste problema foram propostas e avaliadas soluções baseadas em web services REST e em mecanismos de transição IPv4 para IPv6 do tipo pilha dupla (dual stack). O web service e o mecanismo de transição são suportados apenas no router de fronteira, sem penalizar os dispositivos IoT. No que concerne à segurança, o problema é mitigar os efeitos dos ataques de segurança internos e externos iniciados local e remotamente. Foram propostas três soluções diferentes, a primeira é um mecanismo que minimiza os efeitos dos ataques de negação de serviço com origem na Internet e que evita o uso de mecanismos de firewalls ineficientes e de gestão complexa. Este mecanismo filtra no router de fronteira o tráfego com origem na Internet é destinado à IoT de acordo com as condições anunciadas por cada um dos dispositivos IoT da rede. A segunda solução, é uma framework de network admission control que controla quais os dispositivos que podem aceder à rede com base na autorização administrativa e que aplica políticas de conformidade relativas à segurança aos dispositivos autorizados. A terceira é um mecanismo de network admission control para redes 6LoWPAN que evita que dispositivos não autorizados comuniquem com outros dispositivos legítimos e com a Internet o que reduz drasticamente o número de ataques à segurança. Este mecanismo também foi explorado como um mecanismo de gestão uma vez que pode ser utilizado a dimensão da rede quanto ao número de dispositivos, tornando-a mais fácil de gerir e aumentando a sua fiabilidade e o seu tempo de vida

MOBILITY SUPPORT ARCHITECTURES FOR NEXT-GENERATION WIRELESS NETWORKS

With the convergence of the wireless networks and the Internet and the booming demand for multimedia applications, the next-generation (beyond the third generation, or B3G) wireless systems are expected to be all IP-based and provide real-time and non-real-time mobile services anywhere and anytime. Powerful and efficient mobility support is thus the key enabler to fulfil such an attractive vision by supporting various mobility scenarios. This thesis contributes to this interesting while challenging topic. After a literature review on mobility support architectures and protocols, the thesis starts presenting our contributions with a generic multi-layer mobility support framework, which provides a general approach to meet the challenges of handling comprehensive mobility issues. The cross-layer design methodology is introduced to coordinate the protocol layers for optimised system design. Particularly, a flexible and efficient cross-layer signalling scheme is proposed for interlayer interactions. The proposed generic framework is then narrowed down with several fundamental building blocks identified to be focused on as follows. As widely adopted, we assume that the IP-based access networks are organised into administrative domains, which are inter-connected through a global IP-based wired core network. For a mobile user who roams from one domain to another, macro (inter-domain) mobility management should be in place for global location tracking and effective handoff support for both real-time and non-real-lime applications. Mobile IP (MIP) and the Session Initiation Protocol (SIP) are being adopted as the two dominant standard-based macro-mobility architectures, each of which has mobility entities and messages in its own right. The work explores the joint optimisations and interactions of MIP and SIP when utilising the complementary power of both protocols. Two distinctive integrated MIP-SIP architectures are designed and evaluated, compared with their hybrid alternatives and other approaches. The overall analytical and simulation results shown significant performance improvements in terms of cost-efficiency, among other metrics. Subsequently, for the micro (intra-domain) mobility scenario where a mobile user moves across IP subnets within a domain, a micro mobility management architecture is needed to support fast handoffs and constrain signalling messaging loads incurred by intra-domain movements within the domain. The Hierarchical MIPv6 (HMIPv6) and the Fast Handovers for MIPv6 (FMIPv6) protocols are selected to fulfil the design requirements. The work proposes enhancements to these protocols and combines them in an optimised way. resulting in notably improved performances in contrast to a number of alternative approaches

Conserve and Protect Resources in Software-Defined Networking via the Traffic Engineering Approach

Software Defined Networking (SDN) is revolutionizing the architecture and operation of computer networks and promises a more agile and cost-efficient network management. SDN centralizes the network control logic and separates the control plane from the data plane, thus enabling flexible management of networks. A network based on SDN consists of a data plane and a control plane. To assist management of devices and data flows, a network also has an independent monitoring plane. These coexisting network planes have various types of resources, such as bandwidth utilized to transmit monitoring data, energy spent to power data forwarding devices and computational resources to control a network. Unwise management, even abusive utilization of these resources lead to the degradation of the network performance and increase the Operating Expenditure (Opex) of the network owner. Conserving and protecting limited network resources is thus among the key requirements for efficient networking. However, the heterogeneity of the network hardware and network traffic workloads expands the configuration space of SDN, making it a challenging task to operate a network efficiently. Furthermore, the existing approaches usually lack the capability to automatically adapt network configurations to handle network dynamics and diverse optimization requirements. Addtionally, a centralized SDN controller has to run in a protected environment against certain attacks. This thesis builds upon the centralized management capability of SDN, and uses cross-layer network optimizations to perform joint traffic engineering, e.g., routing, hardware and software configurations. The overall goal is to overcome the management complexities in conserving and protecting resources in multiple functional planes in SDN when facing network heterogeneities and system dynamics. This thesis presents four contributions: (1) resource-efficient network monitoring, (2) resource-efficient data forwarding, (3) using self-adaptive algorithms to improve network resource efficiency, and (4) mitigating abusive usage of resources for network controlling. The first contribution of this thesis is a resource-efficient network monitoring solution. In this thesis, we consider one specific type of virtual network management function: flow packet inspection. This type of the network monitoring application requires to duplicate packets of target flows and send them to packet monitors for in-depth analysis. To avoid the competition for resources between the original data and duplicated data, the network operators can transmit the data flows through physically (e.g., different communication mediums) or virtually (e.g., distinguished network slices) separated channels having different resource consumption properties. We propose the REMO solution, namely Resource Efficient distributed Monitoring, to reduce the overall network resource consumption incurred by both types of data, via jointly considering the locations of the packet monitors, the selection of devices forking the data packets, and flow path scheduling strategies. In the second contribution of this thesis, we investigate the resource efficiency problem in hybrid, server-centric data center networks equipped with both traditional wired connections (e.g., InfiniBand or Ethernet) and advanced high-data-rate wireless links (e.g., directional 60GHz wireless technology). The configuration space of hybrid SDN equipped with both wired and wireless communication technologies is massively large due to the complexity brought by the device heterogeneity. To tackle this problem, we present the ECAS framework to reduce the power consumption and maintain the network performance. The approaches based on the optimization models and heuristic algorithms are considered as the traditional way to reduce the operation and facility resource consumption in SDN. These approaches are either difficult to directly solve or specific for a particular problem space. As the third contribution of this thesis, we investigates the approach of using Deep Reinforcement Learning (DRL) to improve the adaptivity of the management modules for network resource and data flow scheduling. The goal of the DRL agent in the SDN network is to reduce the power consumption of SDN networks without severely degrading the network performance. The fourth contribution of this thesis is a protection mechanism based upon flow rate limiting to mitigate abusive usage of the SDN control plane resource. Due to the centralized architecture of SDN and its handling mechanism for new data flows, the network controller can be the failure point due to the crafted cyber-attacks, especially the Control-Plane- Saturation (CPS) attack. We proposes an In-Network Flow mAnagement Scheme (INFAS) to effectively reduce the generation of malicious control packets depending on the parameters configured for the proposed mitigation algorithm. In summary, the contributions of this thesis address various unique challenges to construct resource-efficient and secure SDN. This is achieved by designing and implementing novel and intelligent models and algorithms to configure networks and perform network traffic engineering, in the protected centralized network controller

A Novel Addressing Scheme for PMIPv6 Based Global IP-WSNs

IP based Wireless Sensor Networks (IP-WSNs) are being used in healthcare, home automation, industrial control and agricultural monitoring. In most of these applications global addressing of individual IP-WSN nodes and layer-three routing for mobility enabled IP-WSN with special attention to reliability, energy efficiency and end to end delay minimization are a few of the major issues to be addressed. Most of the routing protocols in WSN are based on layer-two approaches. For reliability and end to end communication enhancement the necessity of layer-three routing for IP-WSNs is generating significant attention among the research community, but due to the hurdle of maintaining routing state and other communication overhead, it was not possible to introduce a layer-three routing protocol for IP-WSNs. To address this issue we propose in this paper a global addressing scheme and layer-three based hierarchical routing protocol. The proposed addressing and routing approach focuses on all the above mentioned issues. Simulation results show that the proposed addressing and routing approach significantly enhances the reliability, energy efficiency and end to end delay minimization. We also present architecture, message formats and different routing scenarios in this paper

Host mobility management with identifier-locator split protocols in hierarchical and flat networks

Includes abstractIncludes bibliographical references.As the Internet increasingly becomes more mobile focused and overloaded with mobile hosts, mobile users are bound to roam freely and attach to a variety of networks. These different networks converge over an IP-based core to enable ubiquitous network access, anytime and anywhere, to support the provision of services, that is, any service, to mobile users. Therefore, in this thesis, the researcher proposed network-based mobility solutions at different layers to securely support seamless handovers between heterogeneous networks in hierarchical and flat network architectures

Improvement of DHRA-DMDC Physical Access Software DBIDS Using Cloud Computing Technology: a Case Study

The U.S government has created and been executing an Identity and Management (IdM) vision to support a global, robust, trusted and interoperable identity management capability that provides the ability to correctly identify individuals and non-person entities in support of DoD mission operations. Many Directives and Instructions have been issued to standardize the process to design, re-designed new and old systems with latest available technologies to meet the visions requirements. In this thesis we introduce a cloud-based architecture for the Defense Biometric Identification System (DBIDS), along with a set of DBIDS Cloud Services that supports the proposed architecture. This cloud-based architecture will move DBIDS in the right direction to meet Dod IdM visions and goals by decoupling current DBIDS functions into DBIDS core services to create interoperability and flexibility to expand future DBIDS with new requirements. The thesis will show its readers how DBIDS Cloud Services will help Defense Manpower Data Center (DMDC) easily expanding DBIDS functionalities such as connecting to other DMDC services or federated services for vetting purposes. This thesis will also serve as a recommendation of a blue-print for DBIDS architecture to support new generation of DBIDS application. This is a step closer in moving DMDC Identity Enterprise Solution toward DoD IdM realizing vision and goals. The thesis also includes a discussion of how to utilize virtualized DBIDS workstations to address software-deployment and maintenance issues to resolve configuration and deployment issues which have been costly problems for DMDC over the years.http://archive.org/details/improvementofdhr109457379Civilian, Department of Defens

Automated Injection of Curated Knowledge Into Real-Time Clinical Systems: CDS Architecture for the 21st Century

abstract: Clinical Decision Support (CDS) is primarily associated with alerts, reminders, order entry, rule-based invocation, diagnostic aids, and on-demand information retrieval. While valuable, these foci have been in production use for decades, and do not provide a broader, interoperable means of plugging structured clinical knowledge into live electronic health record (EHR) ecosystems for purposes of orchestrating the user experiences of patients and clinicians. To date, the gap between knowledge representation and user-facing EHR integration has been considered an “implementation concern” requiring unscalable manual human efforts and governance coordination. Drafting a questionnaire engineered to meet the specifications of the HL7 CDS Knowledge Artifact specification, for example, carries no reasonable expectation that it may be imported and deployed into a live system without significant burdens. Dramatic reduction of the time and effort gap in the research and application cycle could be revolutionary. Doing so, however, requires both a floor-to-ceiling precoordination of functional boundaries in the knowledge management lifecycle, as well as formalization of the human processes by which this occurs. This research introduces ARTAKA: Architecture for Real-Time Application of Knowledge Artifacts, as a concrete floor-to-ceiling technological blueprint for both provider heath IT (HIT) and vendor organizations to incrementally introduce value into existing systems dynamically. This is made possible by service-ization of curated knowledge artifacts, then injected into a highly scalable backend infrastructure by automated orchestration through public marketplaces. Supplementary examples of client app integration are also provided. Compilation of knowledge into platform-specific form has been left flexible, in so far as implementations comply with ARTAKA’s Context Event Service (CES) communication and Health Services Platform (HSP) Marketplace service packaging standards. Towards the goal of interoperable human processes, ARTAKA’s treatment of knowledge artifacts as a specialized form of software allows knowledge engineers to operate as a type of software engineering practice. Thus, nearly a century of software development processes, tools, policies, and lessons offer immediate benefit: in some cases, with remarkable parity. Analyses of experimentation is provided with guidelines in how choice aspects of software development life cycles (SDLCs) apply to knowledge artifact development in an ARTAKA environment. Portions of this culminating document have been further initiated with Standards Developing Organizations (SDOs) intended to ultimately produce normative standards, as have active relationships with other bodies.Dissertation/ThesisDoctoral Dissertation Biomedical Informatics 201

Video-on-Demand over Internet: a survey of existing systems and solutions

Video-on-Demand is a service where movies are delivered to distributed users with low delay and free interactivity. The traditional client/server architecture experiences scalability issues to provide video streaming services, so there have been many proposals of systems, mostly based on a peer-to-peer or on a hybrid server/peer-to-peer solution, to solve this issue. This work presents a survey of the currently existing or proposed systems and solutions, based upon a subset of representative systems, and defines selection criteria allowing to classify these systems. These criteria are based on common questions such as, for example, is it video-on-demand or live streaming, is the architecture based on content delivery network, peer-to-peer or both, is the delivery overlay tree-based or mesh-based, is the system push-based or pull-based, single-stream or multi-streams, does it use data coding, and how do the clients choose their peers. Representative systems are briefly described to give a summarized overview of the proposed solutions, and four ones are analyzed in details. Finally, it is attempted to evaluate the most promising solutions for future experiments. Résumé La vidéo à la demande est un service où des films sont fournis à distance aux utilisateurs avec u