Perfomance Analysis and Resource Optimisation of Critical Systems Modelled by Petri Nets

Un sistema crítico debe cumplir con su misión a pesar de la presencia de problemas de seguridad. Este tipo de sistemas se suele desplegar en entornos heterogéneos, donde pueden ser objeto de intentos de intrusión, robo de información confidencial u otro tipo de ataques. Los sistemas, en general, tienen que ser rediseñados después de que ocurra un incidente de seguridad, lo que puede conducir a consecuencias graves, como el enorme costo de reimplementar o reprogramar todo el sistema, así como las posibles pérdidas económicas. Así, la seguridad ha de ser concebida como una parte integral del desarrollo de sistemas y como una necesidad singular de lo que el sistema debe realizar (es decir, un requisito no funcional del sistema). Así pues, al diseñar sistemas críticos es fundamental estudiar los ataques que se pueden producir y planificar cómo reaccionar frente a ellos, con el fin de mantener el cumplimiento de requerimientos funcionales y no funcionales del sistema. A pesar de que los problemas de seguridad se consideren, también es necesario tener en cuenta los costes incurridos para garantizar un determinado nivel de seguridad en sistemas críticos. De hecho, los costes de seguridad puede ser un factor muy relevante ya que puede abarcar diferentes dimensiones, como el presupuesto, el rendimiento y la fiabilidad. Muchos de estos sistemas críticos que incorporan técnicas de tolerancia a fallos (sistemas FT) para hacer frente a las cuestiones de seguridad son sistemas complejos, que utilizan recursos que pueden estar comprometidos (es decir, pueden fallar) por la activación de los fallos y/o errores provocados por posibles ataques. Estos sistemas pueden ser modelados como sistemas de eventos discretos donde los recursos son compartidos, también llamados sistemas de asignación de recursos. Esta tesis se centra en los sistemas FT con recursos compartidos modelados mediante redes de Petri (Petri nets, PN). Estos sistemas son generalmente tan grandes que el cálculo exacto de su rendimiento se convierte en una tarea de cálculo muy compleja, debido al problema de la explosión del espacio de estados. Como resultado de ello, una tarea que requiere una exploración exhaustiva en el espacio de estados es incomputable (en un plazo prudencial) para sistemas grandes. Las principales aportaciones de esta tesis son tres. Primero, se ofrecen diferentes modelos, usando el Lenguaje Unificado de Modelado (Unified Modelling Language, UML) y las redes de Petri, que ayudan a incorporar las cuestiones de seguridad y tolerancia a fallos en primer plano durante la fase de diseño de los sistemas, permitiendo así, por ejemplo, el análisis del compromiso entre seguridad y rendimiento. En segundo lugar, se proporcionan varios algoritmos para calcular el rendimiento (también bajo condiciones de fallo) mediante el cálculo de cotas de rendimiento superiores, evitando así el problema de la explosión del espacio de estados. Por último, se proporcionan algoritmos para calcular cómo compensar la degradación de rendimiento que se produce ante una situación inesperada en un sistema con tolerancia a fallos

On mitigating distributed denial of service attacks

Denial of service (DoS) attacks and distributed denial of service (DDoS) attacks are probably the most ferocious threats in the Internet, resulting in tremendous economic and social implications/impacts on our daily lives that are increasingly depending on the wellbeing of the Internet. How to mitigate these attacks effectively and efficiently has become an active research area. The critical issues here include 1) IP spoofing, i.e., forged source lIP addresses are routinely employed to conceal the identities of the attack sources and deter the efforts of detection, defense, and tracing; 2) the distributed nature, that is, hundreds or thousands of compromised hosts are orchestrated to attack the victim synchronously. Other related issues are scalability, lack of incentives to deploy a new scheme, and the effectiveness under partial deployment. This dissertation investigates and proposes effective schemes to mitigate DDoS attacks. It is comprised of three parts. The first part introduces the classification of DDoS attacks and the evaluation of previous schemes. The second part presents the proposed IP traceback scheme, namely, autonomous system-based edge marking (ASEM). ASEM enhances probabilistic packet marking (PPM) in several aspects: (1) ASEM is capable of addressing large-scale DDoS attacks efficiently; (2) ASEM is capable of handling spoofed marking from the attacker and spurious marking incurred by subverted routers, which is a unique and critical feature; (3) ASEM can significantly reduce the number of marked packets required for path reconstruction and suppress false positives as well. The third part presents the proposed DDoS defense mechanisms, including the four-color-theorem based path marking, and a comprehensive framework for DDoS defense. The salient features of the framework include (1) it is designed to tackle a wide spectrum of DDoS attacks rather than a specified one, and (2) it can differentiate malicious traffic from normal ones. The receiver-center design avoids several related issues such as scalability, and lack of incentives to deploy a new scheme. Finally, conclusions are drawn and future works are discussed

Investigation of delay jitter of heterogeneous traffic in broadband networks

Scope and Methodology of Study: A critical challenge for both wired and wireless networking vendors and carrier companies is to be able to accurately estimate the quality of service (QoS) that will be provided based on the network architecture, router/switch topology, and protocol applied. As a result, this thesis focuses on the theoretical analysis of QoS parameters in term of inter-arrival jitter in differentiated services networks by deploying analytic/mathematical modeling technique and queueing theory, where the analytic model is expressed in terms of a set of equations that can be solved to yield the desired delay jitter parameter. In wireless networks with homogeneous traffic, the effects on the delay jitter in reference to the priority control scheme of the ARQ traffic for the two cases of: 1) the ARQ traffic has a priority over the original transmission traffic; and 2) the ARQ traffic has no priority over the original transmission traffic are evaluated. In wired broadband networks with heterogeneous traffic, the jitter analysis is conducted and the algorithm to control its effect is also developed.Findings and Conclusions: First, the results show that high priority packets always maintain the minimum inter-arrival jitter, which will not be affected even in heavy load situation. Second, the Gaussian traffic modeling is applied using the MVA approach to conduct the queue length analysis, and then the jitter analysis in heterogeneous broadband networks is investigated. While for wireless networks with homogeneous traffic, binomial distribution is used to conduct the queue length analysis, which is sufficient and relatively easy compared to heterogeneous traffic. Third, develop a service discipline called the tagged stream adaptive distortion-reducing peak output-rate enforcing to control and avoid the delay jitter increases without bound in heterogeneous broadband networks. Finally, through the analysis provided, the differential services, was proved not only viable, but also effective to control delay jitter. The analytic models that serve as guidelines to assist network system designers in controlling the QoS requested by customer in term of delay jitter

Topology dependence of PPM-based Internet Protocol traceback schemes

Multiple schemes that utilize probabilistic packet marking (PPM) have been proposed to deal with Distributed Denial of Service (DDoS) attacks by reconstructing their attack graphs and identifying the attack sources. In the first part of this dissertation, we present our contribution to the family of PPM-based schemes for Internet Protocol (IP) traceback. Our proposed approach, Prediction-Based Scheme (PBS), consists of marking and traceback algorithms that reduce scheme convergence times by dealing with the problems of data loss and incomplete attack graphs exhibited by previous PPM-based schemes. Compared to previous PPM-based schemes, the PBS marking algorithm ensures that traceback is possible with about 54% as many total network packets, while the traceback algorithm takes about 33% as many marked packets for complete attack path construction. In the second part of this dissertation, we tackle the problem of scheme evaluation and comparison across discrepant network topologies. Previous research in this area has overlooked the influence of network topology on scheme performance and often utilized disparate and simplistic network abstractions to evaluate and compare these schemes. Our approach to this problem involves the evaluation of selected PPM-based schemes across a set of 60 Internet-like topologies and the adaptation of the network motif approach to provide a common ground for comparing the schemes\u27 performances in different network topologies. This approach allows us to determine the level of structural similarity between network topologies and consequently enables the comparison of scheme performance even when the schemes are implemented on different topologies. Furthermore, we identify three network-dependent factors that affect different PPM-based schemes uniquely causing a variation in, and discrepancy between, scheme performance from one network to another. Results indicate that scheme performance is dependent on the network upon which it is implemented, i.e. the value of the PPM-based schemes\u27 convergence times and their rankings vary depending on the underlying network topology. We show how the identified network factors contribute, individually and collectively, to the scheme performance in large-scale networks. Additionally, we identify five superfamilies from the 60 considered networks and find that networks within a superfamily also exhibit similar PPM-based scheme performance. To complement our results, we present an analytical model showing a link between scheme performance in any superfamily, and the motifs exhibited by the networks in that superfamily. Our work highlights a need for multiple network evaluation of network protocols. To this end, we demonstrate a method of identifying structurally similar network topologies among which protocol performance is potentially comparable. Our work also presents an effective way of comparing general network protocol performance in which the protocol is evaluated on specific representative networks instead of an entire set of networks

Trace malicious source to guarantee cyber security for mass monitor critical infrastructure

The proposed traceback scheme does not take into account the trust of node which leads to the low effectiveness. A trust-aware probability marking (TAPM) traceback scheme is proposed to locate malicious source quickly. In TAPM scheme, the node is marked with difference marking probability according to its trust which is deduced by trust evaluation. The high marking probability for low trust node can locate malicious source quickly, and the low marking probability for high trust node can reduce the number of marking to improve the network lifetime, so the security and the network lifetime can be improved in TAPM scheme

Achieving Soft Real-time Guarantees for Interactive Applications in Wireless Mesh Networks

The use of 802.11-based multi-hop wireless mesh networks for Internet access is extensive and growing. The primary advantages of this approach are ease of deployment and lower cost. However, these networks are designed for web and e-mail applications. Highly interactive applications, such as multiplayer online games and VoIP, with their requirements for low delay, present significant challenges to these networks. In particular, the interaction between real-time traffic and TCP traffic tends to result in either a failure of the real-time traffic getting its needed QoS or the TCP traffic unnecessarily experiencing very poor throughput. To solve this problem we place real-time and TCP traffic into separate queues. We then rate-limit TCP traffic based on the average queue size of the local or remote real-time queues. Thus, TCP traffic is permitted to use excess bandwidth as long as it does not interfere with real-time traffic guarantees. We therefore call our scheme Real-time Queue-based Rate and Admission Control, RtQ-RAC. Extensive simulations using the network simulator, ns-2, demonstrate that our approach is effective in providing soft real-time support, while allowing efficient use of the remaining bandwidth for TCP traffic

Pricing in Multi-Service Communication Networks: A Game-theoretic Approach

The promise of multi-class communication networks is gradually becoming a reality. The term multi-class means that the network provides different classes of service that can support diverse application requirements and heterogeneous users demand. This dissertation focuses on establishing an equitable price for each class of service in multi-class networks, considering fairness among the classes and economic efficiency. We adopt a game-theoretic approach to the problem in order to take into account the interdependence among users' service choices.We investigate subsidy-free prices for each class of service under two distinct service architectures: in multi-class priority-based networks, traffic from each class is assigned priority level in the queue; in multi-class DiffServ networks, network resource is allocated to each class. In both cases, classes of traffic having longer average waiting time receive monetary compensations from other classes and the subsidy-free price for each class of service is developed based on inter-class compensations. This work provides a framework to set subsidy-free price or sustainable price for each class of service which is assumed crucial to network providers if they are to survive the competition in the market place.We further consider market-clearing prices for each class of service in a competitive market in which each user endowed with an initial budget will purchase bandwidth from each class of the network resource to maximize his or her utility function. A competitive equilibrium is reached when the total bandwidth is allocated, each user spends all his or her budget, and the utility functions are independently and simultaneously maximized. Our research shows that such equilibrium always exists and, under fixed bandwidth supply for each class of service, the equilibrium is also unique. Furthermore, we discuss how to adjust the initial endowment of each user to meet his or her individual bandwidth constraint, either from constraint on the access network or from the limitation of the user equipment. Under this bandwidth constraint condition, the proposed competitive equilibrium yields the price for each class of service, the budget redistribution and the bandwidth allocation among all users. We also develop an iterative algorithm for budget allocation to satisfy each user's bandwidth constraint. The presented competitive market model provides a solution for pricing a multi-class network and allocating network resource among users. And we find this solution achieves higher social utilization, better individual satisfaction and the QoS of each class.Another advanced topic in communication networks is net neutrality, which has become the subject of fierce debate among the stakeholders of public telecommunication services. Broadband access providers argue that preservation of the integrity of the network services requires them to use discriminatory traffic management practices to slow down certain applications or to purge certain packets that would compromise the integrity of the network. We propose a solution based on the idea of inter-user compensations that could control network congestion and yet maintain fairness among heavy and light users without violating net neutrality. Users consuming less network resource will receive compensations from heavy users. Our research provides a method for broadband access providers to shape the traffic characteristics of users and thus controlling network congestion and maintaining network performance without inflicting discriminatory treatment on network traffic

Intrusion Detection and Prevention Systems In the Cloud Environment

Cloud computing provides users with computing resources on demand. Despite the recent boom in adoption of cloud services, security remains an important issue. The aim of this work is to study the structure of cloud systems and propose a new security architecture in protecting cloud against attacks. This work also investigates auto-scaling and how it affects cloud computing security. Finally, this thesis studies load balancing and scheduling in cloud computing particularly when some of the workload is faulty or malicious. The first original contribution proposes a hierarchical model for intrusion detection in the cloud environment. Finite state machines (FSM) of the model were produced and verified then analyzed using probabilistic model checker. Results indicate that given certain conditions the proposed model will be in a state that efficiently utilize resources despite the presence of attack. In this part of work how cloud handles failure and its relationship to auto-scaling mechanisms within the cloud has been investigated. The second original contribution proposes a lightweight robust scheduling algorithm for load balancing in the cloud. Here some of the traffic is not reliable. Formal analysis of the algorithm were conducted and results showed that given some arrival rates of both genuine and malicious traffic average queues will stabilize, i.e. they will not grow to infinity. Experimental results studied both queues and latency, and they showed that under the same conditions naive algorithms do not stabilize. The algorithm was then extended to decentralized settings where servers maintain separate queues. In this approach when a job arrives, a dispatching algorithm is used to decide which server to send it to. Different dispatching algorithms were proposed and experimental results indicate that the new algorithms perform better than some of the existing algorithms. The results were further extended to heterogeneous (servers with different configuration) settings and it was shown that some algorithms that were stable in homogeneous setting are not stable under this setting. Simulations monitoring queue sizes confirmed that some algorithms which are stable in homogeneous setting, are not stable under this setting. It is hoped that this study with inform and enlighten cloud service providers about new ways to improve the security of the cloud in the presence of failure/attacks

Performance Analysis in IP-Based Industrial Communication Networks

S rostoucím počtem řídicích systémů a jejich distribuovanosti získávájí komunikační sítě na důležitosti a objevují se nové výzkumné trendy. Hlavní problematikou v této oblasti, narozdíl od dřívějších řídicích systémů využívajících dedikovaných komunikačních obvodů, je časově proměnné zpoždění měřicích a řídicích signálů způsobené paketově orientovanými komunikačními prostředky, jako např. Ethernet. Aspekty komunikace v reálném čase byly v těchto sítích již úspěšně vyřešeny. Nicméně, analýzy trendů trhu předpovídají budoucí využití také IP sítí v průmyslové komunikaci pro časově kritickou procesní vyměnu dat. IP komunikace má ovšem pouze omezenou podporu v instrumentaci pro průmyslovou automatizace. Tato výzva byla nedávno technicky vyřešena v rámci projektu Virtual Automation Networks (virtuální automatizační sítě - VAN) zapojením mechanismů kvality služeb (QoS), které jsou schopny zajistit měkkou úroveň komunikace v reálném čase. Předložená dizertační práce se zaměřuje na aspekty výkonnosti reálného času z analytického hlediska a nabízí prostředek pro hodnocení využitelnosti IP komunikace pro budoucí průmyslové aplikace. Hlavním cílem této dizertační práce je vytvoření vhodného modelovacího rámce založeného na network calculus, který pomůže provést worst-case výkonnostní analýzu časového chování IP komunikačních sítí a jejich prvků určených pro budoucí použití v průmyslové automatizaci. V práci byla použita empirická analýza pro určení dominantních faktorů ovlivňujících časového chování síťových zařízení a identifikaci parametrů modelů těchto zařízení. Empirická analýza využívá nástroj TestQoS vyvinutý pro tyto účely. Byla navržena drobná rozšíření rámce network calculus, která byla nutná pro modelování časového chování používaných zařízení. Bylo vytvořeno několik typových modelů zařízení jako výsledek klasifikace různých architektur síťových zařízení a empiricky zjištěných dominantních faktorů. U modelovaných zařízení byla využita nová metoda identifikace parametrů. Práce je zakončena validací časových modelů dvou síťových zařízení (přepínače a směrovače) oproti empirickým pozorováním.With the growing scale of control systems and their distributed nature, communication networks have been gaining importance and new research challenges have been appearing. The major problem, contrary to previously used control systems with dedicated communication circuits, is time-varying delay of control and measurement signals introduced by packet-switched networks, such as Ethernet. The real-time issues in these networks have been tackled by proper adaptations. Nevertheless, market trend analyses foresee also future adoptions of IP-based communication networks in industrial automation for time-critical run-time data exchange. IP-based communication has only a limited support from the existing instrumentation in industrial automation. This challenge has recently been technically tackled within the Virtual Automation Networks (VAN) project by adopting the quality of service (QoS) architecture delivering soft-real-time communication behaviour. This dissertation focuses on the real-time performance aspects from the analytical point of view and provides means for applicability assessment of IP-based communication for future industrial applications. The main objective of this dissertation is establishment of a relevant modelling framework based on network calculus which will assist worst-case performance analysis of temporal behaviour of IP-based communication networks and networking devices intended for future use in industrial automation. Empirical analysis was used to identify dominant factors influencing the temporal performance of networking devices and for model parameter identification. The empirical analysis makes use of the TestQoS tool developed for this purpose. Minor extensions to the network calculus framework were proposed enabling to model the required temporal behaviour of networking devices. Several exemplary models were inferred as a result of classification of different networking device architectures and empirically identified dominant factors. A novel method for parameter identification was used with the modelled devices. Finally, two temporal models of networking devices (a switch and a router) were validated against empirical observations.

Principles of Security and Trust: 7th International Conference, POST 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14-20, 2018, Proceedings

authentication; computer science; computer software selection and evaluation; cryptography; data privacy; formal logic; formal methods; formal specification; internet; privacy; program compilers; programming languages; security analysis; security systems; semantics; separation logic; software engineering; specifications; verification; world wide we