Network architecture for large-scale distributed virtual environments

Distributed Virtual Environments (DVEs) provide 3D graphical computer generated environments with stereo sound, supporting real-time collaboration between potentially large numbers of users distributed around the world. Early DVEs has been used over local area networks (LANs). Recently with the Internet's development into the most common embedding for DVEs these distributed applications have been moved towards an exploiting IP networks. This has brought the scalability challenges into the DVEs evolution. The network bandwidth resource is the more limited resource of the DVE system and to improve the DVE's scalability it is necessary to manage carefully this resource. To achieve the saving in the network bandwidth the different types of the network traffic that is produced by the DVEs have to be considered. DVE applications demand· exchange of the data that forms different types of traffic such as a computer data type, video and audio, and a 3D data type to keep the consistency of the application's state. The problem is that the meeting of the QoS requirements of both control and continuous media traffic already have been covered by the existing research. But QoS for transfer of the 3D information has not really been considered. The 3D DVE geometry traffic is very bursty in nature and places a high demands on the network for short intervals of time due to the quite large size of the 3D models and the DVE application requirements to transmit a 3D data as quick as possible. The main motivation in carrying out the work presented in this thesis is to find a solution to improve the scalability of the DVE applications by a consideration the QoS requirements of the 3D DVE geometrical data type. In this work we are investigating the possibility to decrease the network bandwidth utilization by the 3D DVE traffic using the level of detail (LOD) concept and the active networking approach. The background work of the thesis surveys the DVE applications and the scalability requirements of the DVE systems. It also discusses the active networks and multiresolution representation and progressive transmission of the 3D data. The new active networking approach to the transmission of the 3D geometry data within the DVE systems is proposed in this thesis. This approach enhances the currently applied peer-to-peer DVE architecture by adding to the peer-to-peer multicast neny_ork layer filtering of the 3D flows an application level filtering on the active intermediate nodes. The active router keeps the application level information about the placements of users. This information is used by active routers to prune more detailed 3D data flows (higher LODs) in the multicast tree arches that are linked to the distance DVE participants. The exploration of possible benefits of exploiting the proposed active approach through the comparison with the non-active approach is carried out using the simulation­based performance modelling approach. Complex interactions between participants in DVE application and a large number of analyzed variables indicate that flexible simulation is more appropriate than mathematical modelling. To build a test bed will not be feasible. Results from the evaluation demonstrate that the proposed active approach shows potential benefits to the improvement of the DVE's scalability but the degree of improvement depends on the users' movement pattern. Therefore, other active networking methods to support the 3D DVE geometry transmission may also be required

Security Technology by Using Firewall for Smart Grid

Due to the increasing development of computer systems and information networks, power grids should change extensively too. Nowadays, substantial movement has begun to implement the Smart Grid industry around the world. Since with the creation of smart electricity grids, it is possible to access the internal network from the external spaces, it is also necessary to protect information and data against unauthorized access. Therefore, a firewall should be used for information security. The firewall based on existing security regulations, decides which data is incoming to the network or going out of the network. Considering the discussions of passive defense topics at the national level and also the high importance of information security in Smart Grids, in this paper, in addition to examining the Firewalls, its advantages and disadvantages are also stated. Although the firewall has a major role in establishing security, and its installation and appropriate configuration can only be one of the primary activities in this field, we should also take advantage of other security mechanisms to enhance the security of the Smart Grid

Handling Stateful Firewall Anomalies

Part 4: Access ControlInternational audienceA security policy consists of a set of rules designed to protect an information system. To ensure this protection, the rules must be deployed on security components in a consistent and non-redundant manner. Unfortunately, an empirical approach is often adopted by network administrators, to the detriment of theoretical validation. While the literature on the analysis of configurations of first generation (stateless) firewalls is now rich, this is not the case for second and third generation firewalls, also known as stateful firewalls. In this paper, we address this limitation, and provide solutions to analyze and handle stateful firewall anomalies and misconfiguration

Security Technology by using Firewall for Smart Grid

Due to the increasing development of computer systems and information networks, power grids should change extensively too. Nowadays, substantial movement has begun to implement the Smart Grid industry around the world. Since with the creation of smart electricity grids, it is possible to access the internal network from the external spaces, it is also necessary to protect information and data against unauthorized access. Therefore, a firewall should be used for information security. The firewall based on existing security regulations, decides which data is incoming to the network or going out of the network. Considering the discussions of passive defense topics at the national level and also the high importance of information security in Smart Grids, in this paper, in addition to examining the Firewalls, its advantages and disadvantages are also stated. Although the firewall has a major role in establishing security, and its installation and appropriate configuration can only be one of the primary activities in this field, we should also take advantage of other security mechanisms to enhance the security of the Smart Grid

P4言語を用いたパケット分類アルゴリズムに関する研究

パケット・クラシファイアとは、コンピュータネットワークにおいてネットワーク機器に到着したパケットをグループに分類するメカリズムである。特定の処理のためにパケットを区別して分離する必要があるサービス、例えば、ファイアウォールやサービス品質などのカスタマイズネットワークサービスなどを提供するためにルータでのパケットを分類するのは極めて重要である。パケット分類に関するアルゴリズムがいくつかの研究で提案されている。分類の性能を向上するため、決定木、ヒューリスティックなどを利用した提案がある。しかし、その性能評価は主にハードウェア実装に基づいていたので、アルゴリズムの設計方法、データ構造などソフトウェルーターに適用できない恐れがある。近年、ネットワークプロトコル、ターゲット非依存という特徴をあるP4言語が開発された。P4言語は幅広いのデータプレーンをプログラミングできるように、ネットワークの基本機能に関する表現力豊かな文法設計されています。仮想ネットワーク機能（VNF）に対する研究が流行っている背景のなか、P4言語用いてソフトウェアにおけるパケット分類の実装を研究する必要がある。本研究では、今までネットワークのパケット分類に関するアルゴリズムがP4言語文法による実装を検討する。P4抽象転送モデル中で利用可能なプログラミングフローを議論し、パケット分類の改善に適しているデータ構造を示した。また、異なるアルゴリズムとデータ構造を用いて、P4ソースコードからコンパイルされたソフトウェアルーターの性能評価を行った。電気通信大学201