Redes definidas por software e funções de redes virtualizadas para comunicações críticas e fiáveis em ambientes 5G

The Fifth Generations of Mobile Networks (5G), driven by the aim to further connect today’s society, will have to make use of new emerging technologies such as Software Defined Networking (SDN) and Network Functions Virtulization (NFV) to cope with all the increasing traffic and services that are arising. Critical and Reliable services will make use of these technologies to create new mechanisms and/or to instantiate network functions that have very strict requirements in virtualized environments. The use of these Virtual Network Functions (VNFs) presents several advantages like fast re-instantiation in case of failure or scaling capabilities that are provided by nowadays Cloud infrastructures. In this thesis a study is made comparing the performance of Containers and lightweight Virtual Machines (Unikernels) for the instantiation of a network function in a virtualized environment with restricted resources. It is also implemented a mechanism to ensure the reliability of the VNF. Results show that Containers perform better in the use-case presented and the proposed reliability mechanisms ensure zero downtime for the VNF in case of failure.A Quinta Geração de Redes Móveis (5G), impulsionada pelo objetivo de conectar ainda mais a sociedade dos dias de hoje, terá que fazer uso de novas tecnologias emergentes como as Redes Definidas por Software (SDN) e Virtualização das Funções da Rede (NFV) para lidar com o enorme aumento de tráfego e serviços que estão a surgir. Os serviços Críticos e Fiáveis irão fazer uso destas tecnologias para criar novos mecanismos e/ou instanciar funções de rede que tenham requisitos muito rigorosos em ambientes virtualizados. O uso destas Funções de Rede Virtuais (VNFs) apresenta várias vantagens, como a rápida re-instanciação em caso de falhas ou a capacidade de serem escaladas nos serviços de Cloud fornecidos hoje em dia. Nesta dissertação é feito um estudo em que se compara o desempenho dos Containers e Máquinas Virtuais leves (Unikernels) para a instanciação de uma função de rede num ambiente virtualizado com recursos restritos. Também é implementado um mecanismo para garantir a fiabilidade da VNF. Os resultados demonstram que os Containers têm um melhor desempenho no caso de estudo apresentado e que os mecanismos de fiabilidade propostos asseguram a contínua actividade da VNF em caso de falha.Mestrado em Engenharia Eletrónica e Telecomunicaçõe

SUTMS - Unified Threat Management Framework for Home Networks

Home networks were initially designed for web browsing and non-business critical applications. As infrastructure improved, internet broadband costs decreased, and home internet usage transferred to e-commerce and business-critical applications. Today’s home computers host personnel identifiable information and financial data and act as a bridge to corporate networks via remote access technologies like VPN. The expansion of remote work and the transition to cloud computing have broadened the attack surface for potential threats. Home networks have become the extension of critical networks and services, hackers can get access to corporate data by compromising devices attacked to broad- band routers. All these challenges depict the importance of home-based Unified Threat Management (UTM) systems. There is a need of unified threat management framework that is developed specifically for home and small networks to address emerging security challenges. In this research, the proposed Smart Unified Threat Management (SUTMS) framework serves as a comprehensive solution for implementing home network security, incorporating firewall, anti-bot, intrusion detection, and anomaly detection engines into a unified system. SUTMS is able to provide 99.99% accuracy with 56.83% memory improvements. IPS stands out as the most resource-intensive UTM service, SUTMS successfully reduces the performance overhead of IDS by integrating it with the flow detection mod- ule. The artifact employs flow analysis to identify network anomalies and categorizes encrypted traffic according to its abnormalities. SUTMS can be scaled by introducing optional functions, i.e., routing and smart logging (utilizing Apriori algorithms). The research also tackles one of the limitations identified by SUTMS through the introduction of a second artifact called Secure Centralized Management System (SCMS). SCMS is a lightweight asset management platform with built-in security intelligence that can seamlessly integrate with a cloud for real-time updates

Open Source Solutions for Building IaaS Clouds

Cloud Computing is not only a pool of resources and services offered through the internet, but also a technology solution that allows optimization of resources use, costs minimization and energy consumption reduction. Enterprises moving towards cloud technologies have to choose between public cloud services, such as: Amazon Web Services, Microsoft Cloud and Google Cloud services, or private self built clouds. While the firsts are offered with affordable fees, the others provide more privacy and control. In this context, many open source softwares approach the buiding of private, public or hybrid clouds depending on the users need and on the available capabilities. To choose among the different open source solutions, an analysis is necessary in order to select the most suitable according with the enterprise’s goals and requirements. In this paper, we present a depth study and comparison of five open source frameworks that are gaining more attention recently and growing fast: CloudStack, OpenStack, Eucalyptus, OpenNebula and Nimbus. We present their architectures and discuss different properties, features, useful information and our own insights on these frameworks

ClouNS - A Cloud-native Application Reference Model for Enterprise Architects

The capability to operate cloud-native applications can generate enormous business growth and value. But enterprise architects should be aware that cloud-native applications are vulnerable to vendor lock-in. We investigated cloud-native application design principles, public cloud service providers, and industrial cloud standards. All results indicate that most cloud service categories seem to foster vendor lock-in situations which might be especially problematic for enterprise architectures. This might sound disillusioning at first. However, we present a reference model for cloud-native applications that relies only on a small subset of well standardized IaaS services. The reference model can be used for codifying cloud technologies. It can guide technology identification, classification, adoption, research and development processes for cloud-native application and for vendor lock-in aware enterprise architecture engineering methodologies

Towards Protection Against Low-Rate Distributed Denial of Service Attacks in Platform-as-a-Service Cloud Services

Nowadays, the variety of technology to perform daily tasks is abundant and different business and people benefit from this diversity. The more technology evolves, more useful it gets and in contrast, they also become target for malicious users. Cloud Computing is one of the technologies that is being adopted by different companies worldwide throughout the years. Its popularity is essentially due to its characteristics and the way it delivers its services. This Cloud expansion also means that malicious users may try to exploit it, as the research studies presented throughout this work revealed. According to these studies, Denial of Service attack is a type of threat that is always trying to take advantage of Cloud Computing Services. Several companies moved or are moving their services to hosted environments provided by Cloud Service Providers and are using several applications based on those services. The literature on the subject, bring to attention that because of this Cloud adoption expansion, the use of applications increased. Therefore, DoS threats are aiming the Application Layer more and additionally, advanced variations are being used such as Low-Rate Distributed Denial of Service attacks. Some researches are being conducted specifically for the detection and mitigation of this kind of threat and the significant problem found within this DDoS variant, is the difficulty to differentiate malicious traffic from legitimate user traffic. The main goal of this attack is to exploit the communication aspect of the HTTP protocol, sending legitimate traffic with small changes to fill the requests of a server slowly, resulting in almost stopping the access of real users to the server resources during the attack. This kind of attack usually has a small time window duration but in order to be more efficient, it is used within infected computers creating a network of attackers, transforming into a Distributed attack. For this work, the idea to battle Low-Rate Distributed Denial of Service attacks, is to integrate different technologies inside an Hybrid Application where the main goal is to identify and separate malicious traffic from legitimate traffic. First, a study is done to observe the behavior of each type of Low-Rate attack in order to gather specific information related to their characteristics when the attack is executing in real-time. Then, using the Tshark filters, the collection of those packet information is done. The next step is to develop combinations of specific information obtained from the packet filtering and compare them. Finally, each packet is analyzed based on these combinations patterns. A log file is created to store the data gathered after the Entropy calculation in a friendly format. In order to test the efficiency of the application, a Cloud virtual infrastructure was built using OpenNebula Sandbox and Apache Web Server. Two tests were done against the infrastructure, the first test had the objective to verify the effectiveness of the tool proportionally against the Cloud environment created. Based on the results of this test, a second test was proposed to demonstrate how the Hybrid Application works against the attacks performed. The conclusion of the tests presented how the types of Slow-Rate DDoS can be disruptive and also exhibited promising results of the Hybrid Application performance against Low-Rate Distributed Denial of Service attacks. The Hybrid Application was successful in identify each type of Low-Rate DDoS, separate the traffic and generate few false positives in the process. The results are displayed in the form of parameters and graphs.Actualmente, a variedade de tecnologias que realizam tarefas diárias é abundante e diferentes empresas e pessoas se beneficiam desta diversidade. Quanto mais a tecnologia evolui, mais usual se torna, em contraposição, essas empresas acabam por se tornar alvo de actividades maliciosas. Computação na Nuvem é uma das tecnologias que vem sendo adoptada por empresas de diferentes segmentos ao redor do mundo durante anos. Sua popularidade se deve principalmente devido as suas características e a maneira com o qual entrega seus serviços ao cliente. Esta expansão da Computação na Nuvem também implica que usuários maliciosos podem tentar explorá-la, como revela estudos de pesquisas apresentados ao longo deste trabalho. De acordo também com estes estudos, Ataques de Negação de Serviço são um tipo de ameaça que sempre estão a tentar tirar vantagens dos serviços de Computação na Nuvem. Várias empresas moveram ou estão a mover seus serviços para ambientes hospedados fornecidos por provedores de Computação na Nuvem e estão a utilizar várias aplicações baseadas nestes serviços. A literatura existente sobre este tema chama atenção sobre o fato de que, por conta desta expansão na adopção à serviços na Nuvem, o uso de aplicações aumentou. Portanto, ameaças de Negação de Serviço estão visando mais a camada de aplicação e também, variações de ataques mais avançados estão sendo utilizadas como Negação de Serviço Distribuída de Baixa Taxa. Algumas pesquisas estão a ser feitas relacionadas especificamente para a detecção e mitigação deste tipo de ameaça e o maior problema encontrado nesta variante é diferenciar tráfego malicioso de tráfego legítimo. O objectivo principal desta ameaça é explorar a maneira como o protocolo HTTP trabalha, enviando tráfego legítimo com pequenas modificações para preencher as solicitações feitas a um servidor lentamente, tornando quase impossível para usuários legítimos aceder os recursos do servidor durante o ataque. Este tipo de ataque geralmente tem uma janela de tempo curta mas para obter melhor eficiência, o ataque é propagado utilizando computadores infectados, criando uma rede de ataque, transformando-se em um ataque distribuído. Para este trabalho, a ideia para combater Ataques de Negação de Serviço Distribuída de Baixa Taxa é integrar diferentes tecnologias dentro de uma Aplicação Híbrida com o objectivo principal de identificar e separar tráfego malicioso de tráfego legítimo. Primeiro, um estudo é feito para observar o comportamento de cada tipo de Ataque de Baixa Taxa, a fim de recolher informações específicas relacionadas às suas características quando o ataque é executado em tempo-real. Então, usando os filtros do programa Tshark, a obtenção destas informações é feita. O próximo passo é criar combinações das informações específicas obtidas dos pacotes e compará-las. Então finalmente, cada pacote é analisado baseado nos padrões de combinações feitos. Um arquivo de registo é criado ao fim para armazenar os dados recolhidos após o cálculo da Entropia em um formato amigável. A fim de testar a eficiência da Aplicação Híbrida, uma infra-estrutura Cloud virtual foi construída usando OpenNebula Sandbox e servidores Apache. Dois testes foram feitos contra a infra-estrutura, o primeiro teste teve o objectivo de verificar a efectividade da ferramenta proporcionalmente contra o ambiente de Nuvem criado. Baseado nos resultados deste teste, um segundo teste foi proposto para verificar o funcionamento da Aplicação Híbrida contra os ataques realizados. A conclusão dos testes mostrou como os tipos de Ataques de Negação de Serviço Distribuída de Baixa Taxa podem ser disruptivos e também revelou resultados promissores relacionados ao desempenho da Aplicação Híbrida contra esta ameaça. A Aplicação Híbrida obteve sucesso ao identificar cada tipo de Ataque de Negação de Serviço Distribuída de Baixa Taxa, em separar o tráfego e gerou poucos falsos positivos durante o processo. Os resultados são exibidos em forma de parâmetros e grafos

Containerization in Cloud Computing: performance analysis of virtualization architectures

La crescente adozione del cloud è fortemente influenzata dall’emergere di tecnologie che mirano a migliorare i processi di sviluppo e deployment di applicazioni di livello enterprise. L’obiettivo di questa tesi è analizzare una di queste soluzioni, chiamata “containerization” e di valutare nel dettaglio come questa tecnologia possa essere adottata in infrastrutture cloud in alternativa a soluzioni complementari come le macchine virtuali. Fino ad oggi, il modello tradizionale “virtual machine” è stata la soluzione predominante nel mercato. L’importante differenza architetturale che i container offrono ha portato questa tecnologia ad una rapida adozione poichè migliora di molto la gestione delle risorse, la loro condivisione e garantisce significativi miglioramenti in termini di provisioning delle singole istanze. Nella tesi, verrà esaminata la “containerization” sia dal punto di vista infrastrutturale che applicativo. Per quanto riguarda il primo aspetto, verranno analizzate le performances confrontando LXD, Docker e KVM, come hypervisor dell’infrastruttura cloud OpenStack, mentre il secondo punto concerne lo sviluppo di applicazioni di livello enterprise che devono essere installate su un insieme di server distribuiti. In tal caso, abbiamo bisogno di servizi di alto livello, come l’orchestrazione. Pertanto, verranno confrontate le performances delle seguenti soluzioni: Kubernetes, Docker Swarm, Apache Mesos e Cattle

Security as a Service for Hybrid Clouds

Virtualization has increased amongst the IT service providers as a method for achieving more efficient server usage. This has led to the concept of cloud services, offered by large data centers with the help of virtualization techniques. Cloud service is an abstract service, which provides IT services as self-service for the end user. For example these services can provide virtual servers as on-demand. Virtual servers in the cloud are usually reachable from the Internet, so their protection is necessary. This master's thesis discusses firewalling virtual machines inside the cloud, together with virtual firewall distributions and their features. Cloud services are usually self-services and thus their cloud environment and firewall are managed centrally. Automated firewall provisioning and management for a cloud service is described. Main goal for the master's thesis was to find a feasible centrally managed security system. Vyatta was used as a virtual firewall software and the test environment was built on top of the Openstack cloud. Vyatta included firewall, VPN and routing features suitable for enterprise usage. The deployed virtual firewall performed well in the test environment with the necessary features and also the central management worked without problems. The central management system was feasible and reusable with other projects. Also the automatic deployment of Openstack cloud was a feasible choice. However, using Vyatta requires a lot of changes at least to the Openstack cloud platform, and hence the network setup and management is difficult. There are on-going efforts to virtualize networking devices in the data center as well. This will allow the whole service platform to be centrally managed using a single interface. Thus all changes to the network and new virtual service requests can be executed as the customer demands them. Software Defined Networking (SDN) and Network Fuctions Virtualization (NFV) both drive the systems to more virtualized and centrally managed environments, thus providing an important research topic in this field

Analysis and Implementation of Comparison Between Podman and Docker in Container Management

The increasing use of the internet makes the implementation process more accessible, but the problem is that it is difficult to manage network management, with the emergence of container technologies such as Docker and Podman as efficient application management solutions. This research compares Docker and Podman regarding container management using the Network Development Life Cycle (NDLC) methodology. This study evaluates three parameters: accessing the Fedora project registry, handling images or ISOs, and user access in containers. The results show that Podman performs better regarding registry access, is slightly faster with images, and offers faster user creation. Overall, the study concludes that Podman is superior, demonstrating compatibility with Docker and proving its efficacy in container management