1,212 research outputs found
Configuration Management of Distributed Systems over Unreliable and Hostile Networks
Economic incentives of large criminal profits and the threat of legal consequences have pushed criminals to continuously improve their malware, especially command and control channels. This thesis applied concepts from successful malware command and control to explore the survivability and resilience of benign configuration management systems.
This work expands on existing stage models of malware life cycle to contribute a new model for identifying malware concepts applicable to benign configuration management. The Hidden Master architecture is a contribution to master-agent network communication. In the Hidden Master architecture, communication between master and agent is asynchronous and can operate trough intermediate nodes. This protects the master secret key, which gives full control of all computers participating in configuration management. Multiple improvements to idempotent configuration were proposed, including the definition of the minimal base resource dependency model, simplified resource revalidation and the use of imperative general purpose language for defining idempotent configuration.
Following the constructive research approach, the improvements to configuration management were designed into two prototypes. This allowed validation in laboratory testing, in two case studies and in expert interviews. In laboratory testing, the Hidden Master prototype was more resilient than leading configuration management tools in high load and low memory conditions, and against packet loss and corruption. Only the research prototype was adaptable to a network without stable topology due to the asynchronous nature of the Hidden Master architecture.
The main case study used the research prototype in a complex environment to deploy a multi-room, authenticated audiovisual system for a client of an organization deploying the configuration. The case studies indicated that imperative general purpose language can be used for idempotent configuration in real life, for defining new configurations in unexpected situations using the base resources, and abstracting those using standard language features; and that such a system seems easy to learn.
Potential business benefits were identified and evaluated using individual semistructured expert interviews. Respondents agreed that the models and the Hidden Master architecture could reduce costs and risks, improve developer productivity and allow faster time-to-market. Protection of master secret keys and the reduced need for incident response were seen as key drivers for improved security. Low-cost geographic scaling and leveraging file serving capabilities of commodity servers were seen to improve scaling and resiliency. Respondents identified jurisdictional legal limitations to encryption and requirements for cloud operator auditing as factors potentially limiting the full use of some concepts
Automation for network security configuration: state of the art and research trends
The size and complexity of modern computer networks are progressively increasing, as a consequence of novel architectural paradigms such as the Internet of Things and network virtualization. Consequently, a manual orchestration and configuration of network security functions is no more feasible, in an environment where cyber attacks can dramatically exploit breaches related to any minimum configuration error. A new frontier is then the introduction of automation in network security configuration, i.e., automatically designing the architecture of security services and the configurations of network security functions, such as firewalls, VPN gateways, etc. This opportunity has been enabled by modern computer networks technologies, such as virtualization. In view of these considerations, the motivations for the introduction of automation in network security configuration are first introduced, alongside with the key automation enablers. Then, the current state of the art in this context is surveyed, focusing on both the achieved improvements and the current limitations. Finally, possible future trends in the field are illustrated
Recommended from our members
Cancer Care in Pandemic Times: Building Inclusive Local Health Security in Africa and India
This is a book about improving cancer care in Africa and India that is a child of its pandemic times. It has been collaboratively researched and written by colleagues in Kenya, Tanzania, India and the UK, working within a cross-country, multidisciplinary research project, Innovation for Cancer Care in Africa (ICCA). Since this was a health-focused research project, ICCA researchers during the pandemic not only continued to work on the cancer research project but were also called upon by their governments to respond to immediate pandemic needs. In combining these two concerns, for improving cancer care and responding to pandemic needs, our original project aims have been challenged, deepened and reworked. ICCA’s initial collaborative research focus included—against the grain of most global health literature—the potential role of enhanced local production of essential healthcare supplies for improving cancer care in African countries. The pandemic experience has strikingly validated these earlier findings on the importance of industrial development for health care. The pandemic crystallised for researchers and policymakers an often overlooked phenomenon: global health security is built on the foundations of strong local health security. We argue in this book that new analytical thinking from social scientists and others is required on how to build local health security. We use the “lens” of original research on cancer care in East Africa and India to build up an understanding of the scope for the development of stronger synergies between local health industries and health care, in order to strengthen local health security and develop tools for policy making. The rethinking and reimagining presented here is required for different African countries, for India and the wider world, and this research on cancer care has taught us that this imperative goes much wider than infectious diseases
A Tale of Two Trees: A Comparative Study on the Effects of Scale and Biodiversity Efforts in Ghana’s Cocoa and Shea Production Networks
This thesis presents two case studies on Ghana’s cocoa and shea production networks, focusing on the effects of scale on biodiversity sustainability dissemination. Analysis is done through my unique holistic framework for action-based production network analysis, which provides a robust and multiscalar analysis to answer my main research question How does scale affect biodiversity sustainability throughout Ghana’s cocoa and shea production networks? The two case studies focus on Ghana’s cocoa and shea production network coordination and the action taken up by different levels of actors within scale, their considerations of, approaches to, and outcomes of biodiversity sustainability dissemination throughout their Ghanaian cocoa production networks. These case studies focus on the history and context of the cocoa and shea sectors as they function within Ghana’s agricultural industry, the influencers, and barriers to biodiversity sustainability dissemination throughout the studied production networks, and the effects of scale on this sustainability attainment. My research is support through primary data collected in Ghana and secondary data. The two case studies are then cross-analysed to draw out the commonalities in context, issues faced, and effects of scale on the studied sustainability aspects. The findings of this research show that in order to achieve biodiversity sustainability, social sustainability must be incorporated into production network coordination and that the level of actors’ scale and scalar approach to network coordination significantly impact achievement of biodiversity sustainability dissemination. The results of this thesis are novel in the fact that it combines several streams of analytical consideration into a holistic framework and presents clear and applicable results that can significantly impact the approach to sustainability dissemination throughout global production networks in an equitable manner that is fit to the context within which production takes place
Evaluation Methodologies in Software Protection Research
Man-at-the-end (MATE) attackers have full control over the system on which
the attacked software runs, and try to break the confidentiality or integrity
of assets embedded in the software. Both companies and malware authors want to
prevent such attacks. This has driven an arms race between attackers and
defenders, resulting in a plethora of different protection and analysis
methods. However, it remains difficult to measure the strength of protections
because MATE attackers can reach their goals in many different ways and a
universally accepted evaluation methodology does not exist. This survey
systematically reviews the evaluation methodologies of papers on obfuscation, a
major class of protections against MATE attacks. For 572 papers, we collected
113 aspects of their evaluation methodologies, ranging from sample set types
and sizes, over sample treatment, to performed measurements. We provide
detailed insights into how the academic state of the art evaluates both the
protections and analyses thereon. In summary, there is a clear need for better
evaluation methodologies. We identify nine challenges for software protection
evaluations, which represent threats to the validity, reproducibility, and
interpretation of research results in the context of MATE attacks
Cybersecurity: Past, Present and Future
The digital transformation has created a new digital space known as
cyberspace. This new cyberspace has improved the workings of businesses,
organizations, governments, society as a whole, and day to day life of an
individual. With these improvements come new challenges, and one of the main
challenges is security. The security of the new cyberspace is called
cybersecurity. Cyberspace has created new technologies and environments such as
cloud computing, smart devices, IoTs, and several others. To keep pace with
these advancements in cyber technologies there is a need to expand research and
develop new cybersecurity methods and tools to secure these domains and
environments. This book is an effort to introduce the reader to the field of
cybersecurity, highlight current issues and challenges, and provide future
directions to mitigate or resolve them. The main specializations of
cybersecurity covered in this book are software security, hardware security,
the evolution of malware, biometrics, cyber intelligence, and cyber forensics.
We must learn from the past, evolve our present and improve the future. Based
on this objective, the book covers the past, present, and future of these main
specializations of cybersecurity. The book also examines the upcoming areas of
research in cyber intelligence, such as hybrid augmented and explainable
artificial intelligence (AI). Human and AI collaboration can significantly
increase the performance of a cybersecurity system. Interpreting and explaining
machine learning models, i.e., explainable AI is an emerging field of study and
has a lot of potentials to improve the role of AI in cybersecurity.Comment: Author's copy of the book published under ISBN: 978-620-4-74421-
Multi-trophic Interactions and Long-term Volunteer Collected Data: Networks of plant-caterpillar-parasitoid interactions across time, space, and a changing climate
The preservation of ecological complexity is an important goal for ecologists as communities respond to global change. Inherent to these efforts is the quantification and evaluation of the multiple dimensions of biodiversity, including well studied metrics of taxonomic, phylogenetic, and functional diversity. Studies on multi-trophic systems have primarily focused on taxonomic diversity, yet recent efforts have highlighted the importance of examining an underutilized biodiversity metric: interaction diversity, or the richness and abundance of the unique links connecting species. My dissertation research contributes to understanding spatial and temporal variation in the diversity of plant-caterpillar-parasitoid interactions. A central theme of my dissertation research is the use of long-term citizen science data from sites across the Americas to understand how interaction diversity changes across latitudinal, climate, disturbance, and seasonal gradients. My research in tropical forests documented the impacts of climate change. I found increases in extreme precipitation events caused reductions in interaction and species diversity with associated losses in an important ecosystem function: Biological control of herbivores by their natural enemies. In a temperate fire-adapted forest, I provided evidence for the scale-dependent nature of interaction diversity and its implications for how diversity is maintained in frequently disturbed systems. To understand spatial and temporal variation in interactions, I evaluated patterns in the beta-diversity of interactions and its components. Using this methodology, I found evidence of latitudinal patterns in the turnover of interactions, providing support that interactions are more variable in tropical than temperate regions. In the Brazilian Cerrado and Yucatan Peninsula, Mexico, I found seasonal variation in interaction diversity is primarily a consequence of seasonally constant species rewiring their interactions rather than seasonal differences in species composition. Finally, an important goal for ecology is to develop effective methods that increase the public's awareness and action toward biodiversity conservation. I fielded over 300 citizen scientists on research expeditions that contribute to the collection and rearing of these long-term data and administered surveys to understand the impact of different team models. Based on these surveys, multiple team models are effective for achieving diverse objectives and corporate teams are particularly valuable for sustainability partnerships. Together, this body of research provides evidence that interaction diversity uniquely contributes to broad patterns of biodiversity and ecosystem structure. Further, novel partnerships with various citizen science team models are an effective and efficient method to engage a diverse public audience interested in the preservation of biodiversity
Resilient and Scalable Forwarding for Software-Defined Networks with P4-Programmable Switches
Traditional networking devices support only fixed features and limited configurability.
Network softwarization leverages programmable software and hardware platforms to remove those limitations.
In this context the concept of programmable data planes allows directly to program the packet processing pipeline of networking devices and create custom control plane algorithms.
This flexibility enables the design of novel networking mechanisms where the status quo struggles to meet high demands of next-generation networks like 5G, Internet of Things, cloud computing, and industry 4.0.
P4 is the most popular technology to implement programmable data planes.
However, programmable data planes, and in particular, the P4 technology, emerged only recently.
Thus, P4 support for some well-established networking concepts is still lacking and several issues remain unsolved due to the different characteristics of programmable data planes in comparison to traditional networking.
The research of this thesis focuses on two open issues of programmable data planes.
First, it develops resilient and efficient forwarding mechanisms for the P4 data plane as there are no satisfying state of the art best practices yet.
Second, it enables BIER in high-performance P4 data planes.
BIER is a novel, scalable, and efficient transport mechanism for IP multicast traffic which has only very limited support of high-performance forwarding platforms yet.
The main results of this thesis are published as 8 peer-reviewed and one post-publication peer-reviewed publication. The results cover the development of suitable resilience mechanisms for P4 data planes, the development and implementation of resilient BIER forwarding in P4, and the extensive evaluations of all developed and implemented mechanisms. Furthermore, the results contain a comprehensive P4 literature study.
Two more peer-reviewed papers contain additional content that is not directly related to the main results.
They implement congestion avoidance mechanisms in P4 and develop a scheduling concept to find cost-optimized load schedules based on day-ahead forecasts
- …