4,407 research outputs found
Autonomic Systems
An autonomic system is defined as self-configuring, self-optimizing, self-healing, and self-protecting. We implemented the Autonomic Cluster Management System (ACMS), a low overhead Java application designed to manage and load balance a cluster, while working at NASA GSFC. The ACMS is a mobile multi-agent system in which each agent is designed to fulfill a specific role. The agents collaborate and coordinate their activities in order to achieve system management goals. The ACMS is scalable and extensible to facilitate future development
Routing and Mobility on IPv6 over LoWPAN
The IoT means a world-wide network of interconnected objects based on standard communication
protocols. An object in this context is a quotidian physical device augmented with
sensing/actuating, processing, storing and communication capabilities. These objects must be
able to interact with the surrounding environment where they are placed and to cooperate with
neighbouring objects in order to accomplish a common objective. The IoT objects have also the
capabilities of converting the sensed data into automated instructions and communicating them
to other objects through the communication networks, avoiding the human intervention in several
tasks. Most of IoT deployments are based on small devices with restricted computational
resources and energy constraints. For this reason, initially the scientific community did not
consider the use of IP protocol suite in this scenarios because there was the perception that it
was too heavy to the available resources on such devices. Meanwhile, the scientific community
and the industry started to rethink about the use of IP protocol suite in all IoT devices and now
it is considered as the solution to provide connectivity between the IoT devices, independently
of the Layer 2 protocol in use, and to connect them to the Internet. Despite the use of IP suite
protocol in all devices and the amount of solutions proposed, many open issues remain unsolved
in order to reach a seamless integration between the IoT and the Internet and to provide the
conditions to IoT service widespread. This thesis addressed the challenges associated with the
interconnectivity between the Internet and the IoT devices and with the security aspects of
the IoT. In the interconnectivity between the IoT devices and the Internet the problem is how
to provide valuable information to the Internet connected devices, independently of the supported
IP protocol version, without being necessary accessed directly to the IoT nodes. In order
to solve this problem, solutions based on Representational state transfer (REST) web services
and IPv4 to IPv6 dual stack transition mechanism were proposed and evaluated. The REST web
service and the transition mechanism runs only at the border router without penalizing the IoT
constrained devices. The mitigation of the effects of internal and external security attacks
minimizing the overhead imposed on the IoT devices is the security challenge addressed in this
thesis. Three different solutions were proposed. The first is a mechanism to prevent remotely
initiated transport level Denial of Service attacks that avoids the use of inefficient and hard to
manage traditional firewalls. It is based on filtering at the border router the traffic received
from the Internet and destined to the IoT network according to the conditions announced by
each IoT device. The second is a network access security framework that can be used to control
the nodes that have access to the network, based on administrative approval, and to enforce
security compliance to the authorized nodes. The third is a network admission control framework
that prevents IoT unauthorized nodes to communicate with IoT authorized nodes or with
the Internet, which drastically reduces the number of possible security attacks. The network
admission control was also exploited as a management mechanism as it can be used to manage
the network size in terms of number of nodes, making the network more manageable, increasing
its reliability and extending its lifetime.A IoT (Internet of Things) tem suscitado o interesse tanto da comunidade académica como
da indústria, uma vez que os campos de aplicação são inúmeros assim como os potenciais ganhos
que podem ser obtidos através do uso deste tipo de tecnologia. A IoT significa uma rede
global de objetos ligados entre si através de uma rede de comunicações baseada em protocolos
standard. Neste contexto, um objeto é um objeto físico do dia a dia ao qual foi adicionada a
capacidade de medir e de atuar sobre variáveis físicas, de processar e armazenar dados e de
comunicar. Estes objetos têm a capacidade de interagir com o meio ambiente envolvente e de
cooperar com outros objetos vizinhos de forma a atingirem um objetivo comum. Estes objetos
também têm a capacidade de converter os dados lidos em instruções e de as comunicar a outros
objetos através da rede de comunicações, evitando desta forma a intervenção humana em
diversas tarefas. A maior parte das concretizações de sistemas IoT são baseados em pequenos
dispositivos autónomos com restrições ao nível dos recursos computacionais e de retenção de
energia. Por esta razão, inicialmente a comunidade científica não considerou adequado o uso
da pilha protocolar IP neste tipo de dispositivos, uma vez que havia a perceção de que era muito
pesada para os recursos computacionais disponíveis. Entretanto, a comunidade científica e a
indústria retomaram a discussão acerca dos benefícios do uso da pilha protocolar em todos os
dispositivos da IoT e atualmente é considerada a solução para estabelecer a conetividade entre
os dispositivos IoT independentemente do protocolo da camada dois em uso e para os ligar à
Internet. Apesar do uso da pilha protocolar IP em todos os dispositivos e da quantidade de
soluções propostas, são vários os problemas por resolver no que concerne à integração contínua
e sem interrupções da IoT na Internet e de criar as condições para a adoção generalizada deste
tipo de tecnologias.
Esta tese versa sobre os desafios associados à integração da IoT na Internet e dos aspetos de
segurança da IoT. Relativamente à integração da IoT na Internet o problema é como fornecer
informação válida aos dispositivos ligados à Internet, independentemente da versão do protocolo
IP em uso, evitando o acesso direto aos dispositivos IoT. Para a resolução deste problema foram
propostas e avaliadas soluções baseadas em web services REST e em mecanismos de transição
IPv4 para IPv6 do tipo pilha dupla (dual stack). O web service e o mecanismo de transição são
suportados apenas no router de fronteira, sem penalizar os dispositivos IoT. No que concerne
à segurança, o problema é mitigar os efeitos dos ataques de segurança internos e externos
iniciados local e remotamente. Foram propostas três soluções diferentes, a primeira é um
mecanismo que minimiza os efeitos dos ataques de negação de serviço com origem na Internet e
que evita o uso de mecanismos de firewalls ineficientes e de gestão complexa. Este mecanismo
filtra no router de fronteira o tráfego com origem na Internet é destinado à IoT de acordo
com as condições anunciadas por cada um dos dispositivos IoT da rede. A segunda solução,
é uma framework de network admission control que controla quais os dispositivos que podem
aceder à rede com base na autorização administrativa e que aplica políticas de conformidade
relativas à segurança aos dispositivos autorizados. A terceira é um mecanismo de network
admission control para redes 6LoWPAN que evita que dispositivos não autorizados comuniquem
com outros dispositivos legítimos e com a Internet o que reduz drasticamente o número de
ataques à segurança. Este mecanismo também foi explorado como um mecanismo de gestão uma
vez que pode ser utilizado a dimensão da rede quanto ao número de dispositivos, tornando-a
mais fácil de gerir e aumentando a sua fiabilidade e o seu tempo de vida
MOBILITY SUPPORT ARCHITECTURES FOR NEXT-GENERATION WIRELESS NETWORKS
With the convergence of the wireless networks and the Internet and the booming
demand for multimedia applications, the next-generation (beyond the third generation, or
B3G) wireless systems are expected to be all IP-based and provide real-time and non-real-time
mobile services anywhere and anytime. Powerful and efficient mobility support is
thus the key enabler to fulfil such an attractive vision by supporting various mobility
scenarios. This thesis contributes to this interesting while challenging topic.
After a literature review on mobility support architectures and protocols, the thesis
starts presenting our contributions with a generic multi-layer mobility support framework,
which provides a general approach to meet the challenges of handling comprehensive
mobility issues. The cross-layer design methodology is introduced to coordinate the
protocol layers for optimised system design. Particularly, a flexible and efficient cross-layer
signalling scheme is proposed for interlayer interactions. The proposed generic
framework is then narrowed down with several fundamental building blocks identified to
be focused on as follows.
As widely adopted, we assume that the IP-based access networks are organised into
administrative domains, which are inter-connected through a global IP-based wired core
network. For a mobile user who roams from one domain to another, macro (inter-domain)
mobility management should be in place for global location tracking and effective handoff
support for both real-time and non-real-lime applications. Mobile IP (MIP) and the Session
Initiation Protocol (SIP) are being adopted as the two dominant standard-based macro-mobility
architectures, each of which has mobility entities and messages in its own right.
The work explores the joint optimisations and interactions of MIP and SIP when utilising
the complementary power of both protocols. Two distinctive integrated MIP-SIP
architectures are designed and evaluated, compared with their hybrid alternatives and other
approaches. The overall analytical and simulation results shown significant performance
improvements in terms of cost-efficiency, among other metrics.
Subsequently, for the micro (intra-domain) mobility scenario where a mobile user
moves across IP subnets within a domain, a micro mobility management architecture is
needed to support fast handoffs and constrain signalling messaging loads incurred by intra-domain
movements within the domain. The Hierarchical MIPv6 (HMIPv6) and the Fast
Handovers for MIPv6 (FMIPv6) protocols are selected to fulfil the design requirements.
The work proposes enhancements to these protocols and combines them in an optimised
way. resulting in notably improved performances in contrast to a number of alternative
approaches
Conserve and Protect Resources in Software-Defined Networking via the Traffic Engineering Approach
Software Defined Networking (SDN) is revolutionizing the architecture and operation of computer networks and promises a more agile and cost-efficient network management. SDN centralizes the network control logic and separates the control plane from the data plane, thus enabling flexible management of networks. A network based on SDN consists of a data plane and a control plane. To assist management of devices and data flows, a network also has an independent monitoring plane. These coexisting network planes have various types of resources, such as bandwidth utilized to transmit monitoring data, energy spent to power data forwarding devices and computational resources to control a network. Unwise management, even abusive utilization of these resources lead to the degradation of the network performance and increase the Operating Expenditure (Opex) of the network owner. Conserving and protecting limited network resources is thus among the key requirements for efficient networking.
However, the heterogeneity of the network hardware and network traffic workloads expands the configuration space of SDN, making it a challenging task to operate a network efficiently. Furthermore, the existing approaches usually lack the capability to automatically adapt network configurations to handle network dynamics and diverse optimization requirements. Addtionally, a centralized SDN controller has to run in a protected environment against certain attacks. This thesis builds upon the centralized management capability of SDN, and uses cross-layer network optimizations to perform joint traffic engineering, e.g., routing, hardware and software configurations. The overall goal is to overcome the management complexities in conserving and protecting resources in multiple functional planes in SDN when facing network heterogeneities and system dynamics. This thesis presents four contributions: (1) resource-efficient network monitoring, (2) resource-efficient data forwarding, (3) using self-adaptive algorithms to improve network resource efficiency, and (4) mitigating abusive usage of resources for network controlling.
The first contribution of this thesis is a resource-efficient network monitoring solution. In this thesis, we consider one specific type of virtual network management function: flow packet inspection. This type of the network monitoring application requires to duplicate packets of target flows and send them to packet monitors for in-depth analysis. To avoid the competition for resources between the original data and duplicated data, the network operators can transmit the data flows through physically (e.g., different communication mediums) or virtually (e.g., distinguished network slices) separated channels having different resource consumption properties. We propose the REMO solution, namely Resource Efficient distributed Monitoring, to reduce the overall network resource consumption incurred by both types of data, via jointly considering the locations of the packet monitors, the selection of devices forking the data packets, and flow path scheduling strategies.
In the second contribution of this thesis, we investigate the resource efficiency problem in hybrid, server-centric data center networks equipped with both traditional wired connections (e.g., InfiniBand or Ethernet) and advanced high-data-rate wireless links (e.g., directional 60GHz wireless technology). The configuration space of hybrid SDN equipped with both wired and wireless communication technologies is massively large due to the complexity brought by the device heterogeneity. To tackle this problem, we present the ECAS framework to reduce the power consumption and maintain the network performance.
The approaches based on the optimization models and heuristic algorithms are considered as the traditional way to reduce the operation and facility resource consumption in SDN. These approaches are either difficult to directly solve or specific for a particular problem space. As the third contribution of this thesis, we investigates the approach of using Deep Reinforcement Learning (DRL) to improve the adaptivity of the management modules for network resource and data flow scheduling. The goal of the DRL agent in the SDN network is to reduce the power consumption of SDN networks without severely degrading the network performance.
The fourth contribution of this thesis is a protection mechanism based upon flow rate limiting to mitigate abusive usage of the SDN control plane resource. Due to the centralized architecture of SDN and its handling mechanism for new data flows, the network controller can be the failure point due to the crafted cyber-attacks, especially the Control-Plane- Saturation (CPS) attack. We proposes an In-Network Flow mAnagement Scheme (INFAS) to effectively reduce the generation of malicious control packets depending on the parameters configured for the proposed mitigation algorithm.
In summary, the contributions of this thesis address various unique challenges to construct resource-efficient and secure SDN. This is achieved by designing and implementing novel and intelligent models and algorithms to configure networks and perform network traffic engineering, in the protected centralized network controller
A Novel Addressing Scheme for PMIPv6 Based Global IP-WSNs
IP based Wireless Sensor Networks (IP-WSNs) are being used in healthcare, home automation, industrial control and agricultural monitoring. In most of these applications global addressing of individual IP-WSN nodes and layer-three routing for mobility enabled IP-WSN with special attention to reliability, energy efficiency and end to end delay minimization are a few of the major issues to be addressed. Most of the routing protocols in WSN are based on layer-two approaches. For reliability and end to end communication enhancement the necessity of layer-three routing for IP-WSNs is generating significant attention among the research community, but due to the hurdle of maintaining routing state and other communication overhead, it was not possible to introduce a layer-three routing protocol for IP-WSNs. To address this issue we propose in this paper a global addressing scheme and layer-three based hierarchical routing protocol. The proposed addressing and routing approach focuses on all the above mentioned issues. Simulation results show that the proposed addressing and routing approach significantly enhances the reliability, energy efficiency and end to end delay minimization. We also present architecture, message formats and different routing scenarios in this paper
Host mobility management with identifier-locator split protocols in hierarchical and flat networks
Includes abstractIncludes bibliographical references.As the Internet increasingly becomes more mobile focused and overloaded with mobile hosts, mobile users are bound to roam freely and attach to a variety of networks. These different networks converge over an IP-based core to enable ubiquitous network access, anytime and anywhere, to support the provision of services, that is, any service, to mobile users. Therefore, in this thesis, the researcher proposed network-based mobility solutions at different layers to securely support seamless handovers between heterogeneous networks in hierarchical and flat network architectures
Improvement of DHRA-DMDC Physical Access Software DBIDS Using Cloud Computing Technology: a Case Study
The U.S government has created and been executing an Identity and Management (IdM) vision to support a global, robust, trusted and interoperable identity management capability that provides the ability to correctly identify individuals and non-person entities in support of DoD mission operations. Many Directives and Instructions have been issued to standardize the process to design, re-designed new and old systems with latest available technologies to meet the visions requirements. In this thesis we introduce a cloud-based architecture for the Defense Biometric Identification System (DBIDS), along with a set of DBIDS Cloud Services that supports the proposed architecture. This cloud-based architecture will move DBIDS in the right direction to meet Dod IdM visions and goals by decoupling current DBIDS functions into DBIDS core services to create interoperability and flexibility to expand future DBIDS with new requirements. The thesis will show its readers how DBIDS Cloud Services will help Defense Manpower Data Center (DMDC) easily expanding DBIDS functionalities such as connecting to other DMDC services or federated services for vetting purposes. This thesis will also serve as a recommendation of a blue-print for DBIDS architecture to support new generation of DBIDS application. This is a step closer in moving DMDC Identity Enterprise Solution toward DoD IdM realizing vision and goals. The thesis also includes a discussion of how to utilize virtualized DBIDS workstations to address software-deployment and maintenance issues to resolve configuration and deployment issues which have been costly problems for DMDC over the years.http://archive.org/details/improvementofdhr109457379Civilian, Department of Defens
Automated Injection of Curated Knowledge Into Real-Time Clinical Systems: CDS Architecture for the 21st Century
abstract: Clinical Decision Support (CDS) is primarily associated with alerts, reminders, order entry, rule-based invocation, diagnostic aids, and on-demand information retrieval. While valuable, these foci have been in production use for decades, and do not provide a broader, interoperable means of plugging structured clinical knowledge into live electronic health record (EHR) ecosystems for purposes of orchestrating the user experiences of patients and clinicians. To date, the gap between knowledge representation and user-facing EHR integration has been considered an “implementation concern” requiring unscalable manual human efforts and governance coordination. Drafting a questionnaire engineered to meet the specifications of the HL7 CDS Knowledge Artifact specification, for example, carries no reasonable expectation that it may be imported and deployed into a live system without significant burdens. Dramatic reduction of the time and effort gap in the research and application cycle could be revolutionary. Doing so, however, requires both a floor-to-ceiling precoordination of functional boundaries in the knowledge management lifecycle, as well as formalization of the human processes by which this occurs.
This research introduces ARTAKA: Architecture for Real-Time Application of Knowledge Artifacts, as a concrete floor-to-ceiling technological blueprint for both provider heath IT (HIT) and vendor organizations to incrementally introduce value into existing systems dynamically. This is made possible by service-ization of curated knowledge artifacts, then injected into a highly scalable backend infrastructure by automated orchestration through public marketplaces. Supplementary examples of client app integration are also provided. Compilation of knowledge into platform-specific form has been left flexible, in so far as implementations comply with ARTAKA’s Context Event Service (CES) communication and Health Services Platform (HSP) Marketplace service packaging standards.
Towards the goal of interoperable human processes, ARTAKA’s treatment of knowledge artifacts as a specialized form of software allows knowledge engineers to operate as a type of software engineering practice. Thus, nearly a century of software development processes, tools, policies, and lessons offer immediate benefit: in some cases, with remarkable parity. Analyses of experimentation is provided with guidelines in how choice aspects of software development life cycles (SDLCs) apply to knowledge artifact development in an ARTAKA environment.
Portions of this culminating document have been further initiated with Standards Developing Organizations (SDOs) intended to ultimately produce normative standards, as have active relationships with other bodies.Dissertation/ThesisDoctoral Dissertation Biomedical Informatics 201
Video-on-Demand over Internet: a survey of existing systems and solutions
Video-on-Demand is a service where movies are delivered to distributed users with low delay and free interactivity. The traditional client/server architecture experiences scalability issues to provide video streaming services, so there have been many proposals of systems, mostly based on a peer-to-peer or on a hybrid server/peer-to-peer solution, to solve this issue. This work presents a survey of the currently existing or proposed systems and solutions, based upon a subset of representative systems, and defines selection criteria allowing to classify these systems. These criteria are based on common questions such as, for example, is it video-on-demand or live streaming, is the architecture based on content delivery network, peer-to-peer or both, is the delivery overlay tree-based or mesh-based, is the system push-based or pull-based, single-stream or multi-streams, does it use data coding, and how do the clients choose their peers. Representative systems are briefly described to give a summarized overview of the proposed solutions, and four ones are analyzed in details. Finally, it is attempted to evaluate the most promising solutions for future experiments. Résumé La vidéo à la demande est un service où des films sont fournis à distance aux utilisateurs avec u
- …