An intelligent framework for dynamic web services composition in the semantic web

As Web services are being increasingly adopted as the distributed computing technology of choice to securely publish application services beyond the firewall, the importance of composing them to create new, value-added service, is increasing. Thus far, the most successful practical approach to Web services composition, largely endorsed by the industry falls under the static composition category where the service selection and flow management are done a priori and manually. The second approach to web-services composition aspires to achieve more dynamic composition by semantically describing the process model of Web services and thus making it comprehensible to reasoning engines or software agents. The practical implementation of the dynamic composition approach is still in its infancy and many complex problems need to be resolved before it can be adopted outside the research communities. The investigation of automatic discovery and composition of Web services in this thesis resulted in the development of the eXtended Semantic Case Based Reasoner (XSCBR), which utilizes semantic web and AI methodology of Case Based Reasoning (CBR). Our framework uses OWL semantic descriptions extensively for implementing both the matchmaking profiles of the Web services and the components of the CBR engine. In this research, we have introduced the concept of runtime behaviour of services and consideration of that in Web services selection. The runtime behaviour of a service is a result of service execution and how the service will behave under different circumstances, which is difficult to presume prior to service execution. Moreover, we demonstrate that the accuracy of automatic matchmaking of Web services can be further improved by taking into account the adequacy of past matchmaking experiences for the requested task. Our XSCBR framework allows annotating such runtime experiences in terms of storing execution values of non-functional Web services parameters such as availability and response time into a case library. The XSCBR algorithm for matchmaking and discovery considers such stored Web services execution experiences to determine the adequacy of services for a particular task. We further extended our fundamental discovery and matchmaking algorithm to cater for web services composition. An intensive knowledge-based substitution approach was proposed to adapt the candidate service experiences to the requested solution before suggesting more complex and computationally taxing AI-based planning-based transformations. The inconsistency problem that occurs while adapting existing service composition solutions is addressed with a novel methodology based on Constraint Satisfaction Problem (CSP). From the outset, we adopted a pragmatic approach that focused on delivering an automated Web services discovery and composition solution with the minimum possible involvement of all composition participants: the service provider, the requestor and the service composer. The qualitative evaluation of the framework and the composition tools, together with the performance study of the XSCBR framework has verified that we were successful in achieving our goal

Fatias de rede fim-a-fim : da extração de perfis de funções de rede a SLAs granulares

Orientador: Christian Rodolfo Esteve RothenbergTese (doutorado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de ComputaçãoResumo: Nos últimos dez anos, processos de softwarização de redes vêm sendo continuamente diversi- ficados e gradativamente incorporados em produção, principalmente através dos paradigmas de Redes Definidas por Software (ex.: regras de fluxos de rede programáveis) e Virtualização de Funções de Rede (ex.: orquestração de funções virtualizadas de rede). Embasado neste processo o conceito de network slice surge como forma de definição de caminhos de rede fim- a-fim programáveis, possivelmente sobre infrastruturas compartilhadas, contendo requisitos estritos de desempenho e dedicado a um modelo particular de negócios. Esta tese investiga a hipótese de que a desagregação de métricas de desempenho de funções virtualizadas de rede impactam e compõe critérios de alocação de network slices (i.e., diversas opções de utiliza- ção de recursos), os quais quando realizados devem ter seu gerenciamento de ciclo de vida implementado de forma transparente em correspondência ao seu caso de negócios de comu- nicação fim-a-fim. A verificação de tal assertiva se dá em três aspectos: entender os graus de liberdade nos quais métricas de desempenho de funções virtualizadas de rede podem ser expressas; métodos de racionalização da alocação de recursos por network slices e seus re- spectivos critérios; e formas transparentes de rastrear e gerenciar recursos de rede fim-a-fim entre múltiplos domínios administrativos. Para atingir estes objetivos, diversas contribuições são realizadas por esta tese, dentre elas: a construção de uma plataforma para automatização de metodologias de testes de desempenho de funções virtualizadas de redes; a elaboração de uma metodologia para análises de alocações de recursos de network slices baseada em um algoritmo classificador de aprendizado de máquinas e outro algoritmo de análise multi- critério; e a construção de um protótipo utilizando blockchain para a realização de contratos inteligentes envolvendo acordos de serviços entre domínios administrativos de rede. Por meio de experimentos e análises sugerimos que: métricas de desempenho de funções virtualizadas de rede dependem da alocação de recursos, configurações internas e estímulo de tráfego de testes; network slices podem ter suas alocações de recursos coerentemente classificadas por diferentes critérios; e acordos entre domínios administrativos podem ser realizados de forma transparente e em variadas formas de granularidade por meio de contratos inteligentes uti- lizando blockchain. Ao final deste trabalho, com base em uma ampla discussão as perguntas de pesquisa associadas à hipótese são respondidas, de forma que a avaliação da hipótese proposta seja realizada perante uma ampla visão das contribuições e trabalhos futuros desta teseAbstract: In the last ten years, network softwarisation processes have been continuously diversified and gradually incorporated into production, mainly through the paradigms of Software Defined Networks (e.g., programmable network flow rules) and Network Functions Virtualization (e.g., orchestration of virtualized network functions). Based on this process, the concept of network slice emerges as a way of defining end-to-end network programmable paths, possibly over shared network infrastructures, requiring strict performance metrics associated to a par- ticular business case. This thesis investigate the hypothesis that the disaggregation of network function performance metrics impacts and composes a network slice footprint incurring in di- verse slicing feature options, which when realized should have their Service Level Agreement (SLA) life cycle management transparently implemented in correspondence to their fulfilling end-to-end communication business case. The validation of such assertive takes place in three aspects: the degrees of freedom by which performance of virtualized network functions can be expressed; the methods of rationalizing the footprint of network slices; and transparent ways to track and manage network assets among multiple administrative domains. In order to achieve such goals, a series of contributions were achieved by this thesis, among them: the construction of a platform for automating methodologies for performance testing of virtual- ized network functions; an elaboration of a methodology for the analysis of footprint features of network slices based on a machine learning classifier algorithm and a multi-criteria analysis algorithm; and the construction of a prototype using blockchain to carry out smart contracts involving service level agreements between administrative systems. Through experiments and analysis we suggest that: performance metrics of virtualized network functions depend on the allocation of resources, internal configurations and test traffic stimulus; network slices can have their resource allocations consistently analyzed/classified by different criteria; and agree- ments between administrative domains can be performed transparently and in various forms of granularity through blockchain smart contracts. At the end of his thesis, through a wide discussion we answer all the research questions associated to the investigated hypothesis in such way its evaluation is performed in face of wide view of the contributions and future work of this thesisDoutoradoEngenharia de ComputaçãoDoutor em Engenharia ElétricaFUNCAM

Sub-GHz LPWAN network coexistence, management and virtualization : an overview and open research challenges

The IoT domain is characterized by many applications that require low-bandwidth communications over a long range, at a low cost and at low power. Low power wide area networks (LPWANs) fulfill these requirements by using sub-GHz radio frequencies (typically 433 or 868 MHz) with typical transmission ranges in the order of 1 up to 50 km. As a result, a single base station can cover large areas and can support high numbers of connected devices (> 1000 per base station). Notorious initiatives in this domain are LoRa, Sigfox and the upcoming IEEE 802.11ah (or "HaLow") standard. Although these new technologies have the potential to significantly impact many IoT deployments, the current market is very fragmented and many challenges exists related to deployment, scalability, management and coexistence aspects, making adoption of these technologies difficult for many companies. To remedy this, this paper proposes a conceptual framework to improve the performance of LPWAN networks through in-network optimization, cross-technology coexistence and cooperation and virtualization of management functions. In addition, the paper gives an overview of state of the art solutions and identifies open challenges for each of these aspects

Policy Conflict Management in Distributed SDN Environments

abstract: The ease of programmability in Software-Defined Networking (SDN) makes it a great platform for implementation of various initiatives that involve application deployment, dynamic topology changes, and decentralized network management in a multi-tenant data center environment. However, implementing security solutions in such an environment is fraught with policy conflicts and consistency issues with the hardness of this problem being affected by the distribution scheme for the SDN controllers. In this dissertation, a formalism for flow rule conflicts in SDN environments is introduced. This formalism is realized in Brew, a security policy analysis framework implemented on an OpenDaylight SDN controller. Brew has comprehensive conflict detection and resolution modules to ensure that no two flow rules in a distributed SDN-based cloud environment have conflicts at any layer; thereby assuring consistent conflict-free security policy implementation and preventing information leakage. Techniques for global prioritization of flow rules in a decentralized environment are presented, using which all SDN flow rule conflicts are recognized and classified. Strategies for unassisted resolution of these conflicts are also detailed. Alternately, if administrator input is desired to resolve conflicts, a novel visualization scheme is implemented to help the administrators view the conflicts in an aesthetic manner. The correctness, feasibility and scalability of the Brew proof-of-concept prototype is demonstrated. Flow rule conflict avoidance using a buddy address space management technique is studied as an alternate to conflict detection and resolution in highly dynamic cloud systems attempting to implement an SDN-based Moving Target Defense (MTD) countermeasures.Dissertation/ThesisDoctoral Dissertation Computer Science 201

Analysing Trust Issues in Cloud Identity Environments

Trust acts as a facilitator for decision making in environments, where decisions are subject to risk and uncertainty. Security is one of the factors contributing to the trust model that is a requirement for service users. In this paper we ask, What can be done to improve end user trust in choosing a cloud identity provider? Security and privacy are central issues in a cloud identity environment and it is the end user who determines the amount of trust they have in any identity system. This paper is an in-depth literature survey that evaluates identity service delivery in a cloud environment from the perspective of the service user