Design and Implementation of the L-Bone and Logistical Tools

The purpose of this paper is to outline the design criteria and implementation of the Logistical Backbone (L-Bone) and the Logistical Tools. These tools, along with IBP and the exNode Library, allow storage to be used as a network resource. These are components of the Network Storage Stack, a design by the Logistical Computing and Internetworking Lab at the University of Tennessee. Having storage as a network resource enables users to do many things that are either difficult or not possible today, such as moving and sharing very large files across administrative domains, improving performance through caching and improving fault-tolerance through replication and striping. Next, this paper reviews the L-Bone, a directory service for Internet Backplane Protocol (IBP) storage servers (depots) which stores information about the depots and allows clients to query the service for depots matching specific requirements. The L-Bone has three major components: a client API, a stateless RPC server and a database backend. Because the L-Bone is intended to be a service available to anyone on the wide-area network, response time is critical. The current implementation provides a reliable service and a fast service. Average response times from remote clients are less than half a second. Lastly, this paper examines the Logistical Tools. The Logistical Tools are a set of command line tools wrapped around a C API. They provide a higher level of functionality built on top of the exNode Library as well as the L-Bone library, IBP library and the Network Weather Service (NWS) library. This set of tools allows a user to upload a file into an exNode, download the data from that exNode, add more replicas or remove replicas from the exNode, check the status of the exNode and modify the expiration times of the IBP allocations. To highlight the capabilities of these tools and the overall benefits of using exNodes, I perform tests that look at the performance improvements through local replication (caching) as well as tests that look at the higher levels of fault-tolerance through replication. These tests show that using replication for caching can improve access time from 2 to 16 times and that using simple replication can provide nearly 100% availability

Analysis and implementation of a security standard

This master's thesis describes the design and implementation of a security standard in a university research department. It has been developed in the framework of the ETSETB Master's Degree in Cybersecurity, in cooperation with the University of Barcelona. The work has consisted on several stages. First, an analysis of the vulnerabilities of the system has been performed. This diagnosis has been specially important, since the lack of cybersecurity protections in the department has lead to several hijacks and data losses throughout the years. Then, the report describes the application of all the security features that are considered essential in a company, covering as much elements as possible. Those include from devices' physical security, through software protection to employees training. The project will be mainly focused in the deployment of the main services found in an IT department with a brief cybersecurity training session for the employees at the end. The work developed in this master thesis will reinforce the security of all crucial services and will reduce the possibility of data loss

Threat Modelling for Active Directory

This paper analyses the security threats that can arise against an Active Directory server when it is included in a Web application. The approach is based on the STRIDE classification methodology. The paper also provides outline descriptions of countermeasures that can be deployed to protect against the different threats and vulnerabilities identified here

A sustainable model for ICT capacity building in developing countries

System administrators are often asked to apply their professional expertise in unusual situations, or under tight resource constraints. What happens, though, when the “situation” is a foreign country with only basic technical infrastructure, and the task is to bauild systems which are able to survive and grow in these over-constrained environments? In this paper we report on our experiences in two very different countries – Cuba and Ethiopia – where we ran a number of ICT projects. In those projects we assisted local universities to upgrade their ICT infrastructure and services. This included skills and process building for local system administrators. Based on our experiences we formulate a model for sustainable ICT capacity building. We hope this model will be useful for other organizations doing similar projects

Assessment of IT Infrastructures: A Model Driven Approach

Several approaches to evaluate IT infrastructure architectures have been proposed, mainly by supplier and consulting firms. However, they do not have a unified approach of these architectures where all stakeholders can cement the decision-making process, thus facilitating comparability as well as the verification of best practices adoption. The main goal of this dissertation is the proposal of a model-based approach to mitigate this problem. A metamodel named SDM (System Definition Model) and expressed with the UML (Unified Modeling Language) is used to represent structural and operational knowledge on the infrastructures. This metamodel is automatically instantiated through the capture of infrastructures configurations of existing distributed architectures, using a proprietary tool and a transformation tool that was built in the scope of this dissertation. The quantitative evaluation is performed using the M2DM (Meta-Model Driven Measurement) approach that uses OCL (Object Constraint Language) to formulate the required metrics. This proposal is expected to increase the understandability of IT infrastructures by all stakeholders (IT architects, application developers, testers, operators and maintenance teams) as well as to allow expressing their strategies of management and evolution. To illustrate the use of the proposed approach, we assess the complexity of some real cases in the diachronic and synchronic perspective

An Implementation of 5G-AKA and a Usability Analysis of OpenLDAP Access Control Lists (ACLs)

We address two pieces of work: (i) an implementation of the Authentication and Key Agreement protocol suite from the 5th generation cellular communications standards (5G-AKA) that we intend to make available as open-source, and, (ii) a categorization using Hierarchical Task Analysis (HTA) of errors made by human participants in a study carried out on the usability of Access Control Lists (ACLs) in the OpenLDAP directory. Our work (i) on 5G-AKA is motivated by the lack of availability of such an implementation that can then be used by researchers and practitioners for further work. We discuss design choices we have made; for example, our choice of the Java programming language and cryptographic packages, and our choice to model the three entities that communicate using 5G-AKA, the User Equipment (UE), the Serving Network (SN), and the Home Network (HN) as three distinct processes that communicate over TCP sockets. We also discuss challenges we encountered in carrying out our work, and the manner in which we plan to make our work available as open-source. Our work (ii) on error-identification in the use of ACLs in OpenLDAP is part of a broader human-subject study that, in turn, is motivated by public pronouncements of their poor usability. We discuss what HTAs are, and why they are appropriate for our work. We present our design of the HTAs, the errors we identified using them, and observe that this work helps with a prospective redesign of ACLs for OpenLDAP

Evolving an efficient and effective off-the-shelf computing infrastructure for schools in rural areas of South Africa

Upliftment of rural areas and poverty alleviation are priorities for development in South Africa. Information and knowledge are key strategic resources for social and economic development and ICTs act as tools to support them, enabling innovative and more cost effective approaches. In order for ICT interventions to be possible, infrastructure has to be deployed. For the deployment to be effective and sustainable, the local community needs to be involved in shaping and supporting it. This study describes the technical work done in the Siyakhula Living Lab (SLL), a long-term ICT4D experiment in the Mbashe Municipality, with a focus on the deployment of ICT infrastructure in schools, for teaching and learning but also for use by the communities surrounding the schools. As a result of this work, computing infrastructure was deployed, in various phases, in 17 schools in the area and a “broadband island” connecting them was created. The dissertation reports on the initial deployment phases, discussing theoretical underpinnings and policies for using technology in education as well various computing and networking technologies and associated policies available and appropriate for use in rural South African schools. This information forms the backdrop of a survey conducted with teachers from six schools in the SLL, together with experimental work towards the provision of an evolved, efficient and effective off-the-shelf computing infrastructure in selected schools, in order to attempt to address the shortcomings of the computing infrastructure deployed initially in the SLL. The result of the study is the proposal of an evolved computing infrastructure model for use in rural South African schools