AUTOMATED NETWORK SECURITY WITH EXCEPTIONS USING SDN

Campus networks have recently experienced a proliferation of devices ranging from personal use devices (e.g. smartphones, laptops, tablets), to special-purpose network equipment (e.g. firewalls, network address translation boxes, network caches, load balancers, virtual private network servers, and authentication servers), as well as special-purpose systems (badge readers, IP phones, cameras, location trackers, etc.). To establish directives and regulations regarding the ways in which these heterogeneous systems are allowed to interact with each other and the network infrastructure, organizations typically appoint policy writing committees (PWCs) to create acceptable use policy (AUP) documents describing the rules and behavioral guidelines that all campus network interactions must abide by. While users are the audience for AUP documents produced by an organization\u27s PWC, network administrators are the responsible party enforcing the contents of such policies using low-level CLI instructions and configuration files that are typically difficult to understand and are almost impossible to show that they do, in fact, enforce the AUPs. In other words, mapping the contents of imprecise unstructured sentences into technical configurations is a challenging task that relies on the interpretation and expertise of the network operator carrying out the policy enforcement. Moreover, there are multiple places where policy enforcement can take place. For example, policies governing servers (e.g., web, mail, and file servers) are often encoded into the server\u27s configuration files. However, from a security perspective, conflating policy enforcement with server configuration is a dangerous practice because minor server misconfigurations could open up avenues for security exploits. On the other hand, policies that are enforced in the network tend to rarely change over time and are often based on one-size-fits-all policies that can severely limit the fast-paced dynamics of emerging research workflows found in campus networks. This dissertation addresses the above problems by leveraging recent advances in Software-Defined Networking (SDN) to support systems that enable novel in-network approaches developed to support an organization\u27s network security policies. Namely, we introduce PoLanCO, a human-readable yet technically-precise policy language that serves as a middle-ground between the imprecise statements found in AUPs and the technical low-level mechanisms used to implement them. Real-world examples show that PoLanCO is capable of implementing a wide range of policies found in campus networks. In addition, we also present the concept of Network Security Caps, an enforcement layer that separates server/device functionality from policy enforcement. A Network Security Cap intercepts packets coming from, and going to, servers and ensures policy compliance before allowing network devices to process packets using the traditional forwarding mechanisms. Lastly, we propose the on-demand security exceptions model to cope with the dynamics of emerging research workflows that are not suited for a one-size-fits-all security approach. In the proposed model, network users and providers establish trust relationships that can be used to temporarily bypass the policy compliance checks applied to general-purpose traffic -- typically by network appliances that perform Deep Packet Inspection, thereby creating network bottlenecks. We describe the components of a prototype exception system as well as experiments showing that through short-lived exceptions researchers can realize significant improvements for their special-purpose traffic

Conflict detection in software-defined networks

The SDN architecture facilitates the flexible deployment of network functions. While promoting innovation, this architecture induces yet a higher chance of conflicts compared to conventional networks. The detection of conflicts in SDN is the focus of this work. Restrictions of the formal analytical approach drive our choice of an experimental approach, in which we determine a parameter space and a methodology to perform experiments. We have created a dataset covering a number of situations occurring in SDN. The investigation of the dataset yields a conflict taxonomy composed of various classes organized in three broad types: local, distributed and hidden conflicts. Interestingly, hidden conflicts caused by side-effects of control applications‘ behaviour are completely new. We introduce the new concept of multi-property set, and the ·r (“dot r”) operator for the effective comparison of SDN rules. With these capable means, we present algorithms to detect conflicts and develop a conflict detection prototype. The evaluation of the prototype justifies the correctness and the realizability of our proposed concepts and methodologies for classifying as well as for detecting conflicts. Altogether, our work establishes a foundation for further conflict handling efforts in SDN, e.g., conflict resolution and avoidance. In addition, we point out challenges to be explored. Cuong Tran won the DAAD scholarship for his doctoral research at the Munich Network Management Team, Ludwig-Maximilians-Universität München, and achieved the degree in 2022. He loves to do research on policy conflicts in networked systems, IP multicast and alternatives, network security, and virtualized systems. Besides, teaching and sharing are also among his interests

A WEB-BASED ENVIRONMENTAL TOOLKIT TO SUPPORT SMES IN THE IMPLEMENTATION OF AN ENVIRONMENTAL MANAGEMENT SYSTEM

With small and medium sized-enterprises (SMEs) taking up the majority of the global businesses, it is important they act in an environmentally responsible manner. Environmental management systems (EMS) help companies evaluate and improve their environmental impact but they often require human, financial, and temporary resources that not all SMEs can afford. This research encompasses interviews with representatives of two small enterprises in Germany to provide insights into their understanding, and knowledge of an EMS and how they perceive their responsibility towards the environment. Furthermore, it presents a toolkit created especially for small and medium-sized enterprises. It serves as a simplified version of an EMS based on the ISO 14001 standard and is evaluated by target users and appropriate representatives. Some of the findings are: while open to the idea of improving their environmental impact, SMEs do not always feel it is their responsibility to do so; they seem to lack the means to fully implement an EMS. The developed toolkit is considered useful and usable and recommendations are drawn for its future enhancement

ENERGY CONSUMPTION OF MOBILE PHONES

Battery consumption in mobile applications development is a very important aspect and has to be considered by all the developers in their applications. This study will present an analysis of different relevant concepts and parameters that may have an impact on energy consumption of Windows Phone applications. This operating system was chosen because limited research related thereto has been conducted, even though there are related studies for Android and iOS operating systems. Furthermore, another reason is the increasing number of Windows Phone users. The objective of this research is to categorise the energy consumption parameters (e.g. use of one thread or several threads for the same output). The result for each group of experiments will be analysed and a rule will be derived. The set of derived rules will serve as a guide for developers who intend to develop energy efficient Windows Phone applications. For each experiment, one application is created for each concept and the results are presented in two ways; a table and a chart. The table presents the duration of the experiment, the battery consumed in the experiment, the expected battery lifetime, and the energy consumption, while the charts display the energy distribution based on the main threads: UI thread, application thread, and network thread

D2.1 Performance evaluation framework

This deliverable contains a proposal for a performance evaluation framework that aims at ensuring that multiple projects within 5G-PPP wireless strand can quantitatively assess and compare the performance of different 5G RAN design concepts. The report collects the vision of several 5G-PPP projects and is conceived as a living document to be further elaborated along with the 5G-PPP framework workshops planned during 2016.Weber, A.; Agyapong, P.; Rosowski, T.; Zimmerman, G.; Fallgren, M.; Sharma, S.; Kousaridas, A.... (2016). D2.1 Performance evaluation framework. https://doi.org/10.13140/RG.2.2.35447.2192

Innovative Technologies and Services for Smart Cities

A smart city is a modern technology-driven urban area which uses sensing devices, information, and communication technology connected to the internet of things (IoTs) for the optimum and efficient utilization of infrastructures and services with the goal of improving the living conditions of citizens. Increasing populations, lower budgets, limited resources, and compatibility of the upgraded technologies are some of the few problems affecting the implementation of smart cities. Hence, there is continuous advancement regarding technologies for the implementation of smart cities. The aim of this Special Issue is to report on the design and development of integrated/smart sensors, a universal interfacing platform, along with the IoT framework, extending it to next-generation communication networks for monitoring parameters of interest with the goal of achieving smart cities. The proposed universal interfacing platform with the IoT framework will solve many challenging issues and significantly boost the growth of IoT-related applications, not just in the environmental monitoring domain but in the other key areas, such as smart home, assistive technology for the elderly care, smart city with smart waste management, smart E-metering, smart water supply, intelligent traffic control, smart grid, remote healthcare applications, etc., signifying benefits for all countries

Quality of experience characterization and provisioning in mobile cellular networks

Παραδοσιακά, οι προηγούμενες γενεές κινητών κυψελωτών δικτύων έχουν σχεδιαστεί με κριτήρια Ποιότητας Υπηρεσίας, έτσι ώστε να πληρούν συγκεκριμένες απαιτήσεις διαφόρων υπηρεσιών. Η «Ποιότητα Εμπειρίας» έχει, ωστόσο, πρόσφατα εμφανιστεί ως έννοια, επηρεάζοντας το σχεδιασμό των μελλοντικών γενεών των δικτύων, δίνοντας σαφή έμφαση στην πραγματικά επιτευχθείσα εμπειρία του τελικού χρήστη. Η εμφάνιση της έννοιας της Ποιότητας Εμπειρίας οφείλεται στην αναπόφευκτη, ισχυρή μετάβαση που βιώνει η βιομηχανία των Τηλεπικοινωνιών από συστημο-κεντρικά δίκτυα σε πιο χρηστο-κεντρικές λύσεις και στόχους. Οι πάροχοι κινητών δικτύων, οι πάροχοι υπηρεσιών, οι προγραμματιστές εφαρμογών, αλλά και άλλα ενδιαφερόμενα μέλη που εμπλέκονται στην αλυσίδα παροχής υπηρεσιών προσελκύονται από τις ευκαιρίες που μπορεί να προσφέρει η ενσωμάτωση γνώσης Ποιότητας Εμπειρίας στο επιχειρηματικό τους μοντέλο. Πράγματι, η παρεχόμενη Ποιότητα Εμπειρίας αποτελεί έναν καθοριστικό παράγοντα διαφοροποίησης μεταξύ των διαφόρων παικτών, μία τάση που αναμένεται να γίνει ακόμη πιο έντονη τα επόμενα χρόνια. Υποκινούμενη από αυτή την χρηστο-κεντρική τάση, η έρευνα που διεξάγεται σε αυτή τη διατριβή έχει ως στόχο την διερεύνηση των προκλήσεων και των ευκαιριών που προκύπτουν στα σύγχρονα κινητά κυψελωτά δίκτυα όταν λαμβάνεται υπόψιν η έννοια της Ποιότητας Εμπειρίας. Τέτοιες ευκαιρίες αφορούν, καταρχήν, τη δυνατότητα κατανόησης της Ποιότητας Εμπειρίας που επιτυγχάνει ένας πάροχος κατά την προσφορά μίας υπηρεσίας. Αυτό μπορεί να επιτευχθεί με την υλοποίηση και ενσωμάτωση μεθόδων αξιολόγησης Ποιότητας Εμπειρίας στην πραγματικού-χρόνου λειτουργία ενός δικτύου. Εν συνεχεία, ακολουθεί η εκμετάλλευση της συλλεγμένης ευφυΐας που σχετίζεται με την Ποιότητα Εμπειρίας, προκειμένου να επανεξεταστούν υφιστάμενοι μηχανισμοί επιπέδου δικτύου (π.χ., χρονο-προγραμματισμός ραδιοπόρων) ή μηχανισμοί επιπέδου εφαρμογής (π.χ., ροή βίντεο), αλλά και να προταθούν καινοτόμες διαστρωματικές προσεγγίσεις προς όφελος της Ποιότητας Εμπειρίας. Επιπλέον, υπάρχει η δυνατότητα πρότασης νέων αλγορίθμων που προκύπτουν από τα εγγενή χαρακτηριστικά της Ποιότητας Εμπειρίας, όπως η μη γραμμική επίδραση μετρικών Ποιότητας Υπηρεσίας στην Ποιότητα Εμπειρίας, με στόχο την περαιτέρω βελτίωσή της. Σε αυτή την κατεύθυνση, στην παρούσα διατριβή, διερευνώνται και αξιοποιούνται μοντέλα και μετρικές εκτίμησης Ποιότητας Εμπειρίας με στόχο την ποσοτικοποίησή της, έχοντας ως απώτερο στόχο την εισαγωγή βελτιώσεων στους υφιστάμενους μηχανισμούς κινητών κυψελωτών δικτύων. Ο πυρήνας αυτής της διατριβής είναι η πρόταση μίας κυκλικής διεργασίας παροχής Ποιότητας Εμπειρίας που επιτρέπει τον έλεγχο, την παρακολούθηση (ήτοι, τη μοντελοποίηση) και τη διαχείριση της Ποιότητας Εμπειρίας σε ένα κυψελωτό δίκτυο. Κάθε μία από αυτές τις λειτουργίες αναλύεται περαιτέρω, ενώ έμφαση δίνεται στις λειτουργίες μοντελοποίησης και διαχείρισης. Όσον αφορά τη μοντελοποίηση, γίνεται περιγραφή και ταξινόμηση των μεθόδων εκτίμησης και των δεικτών επιδόσεων Ποιότητας Εμπειρίας. Η παραμετρική εκτίμηση της ποιότητας αναδεικνύεται ως η πιο ελκυστική κατηγορία μοντελοποίησης Ποιότητας Εμπειρίας σε κινητά κυψελωτά δίκτυα, οπότε και περιγράφεται διεξοδικά για ευρέως χρησιμοποιούμενους τύπους υπηρεσιών, όπως η συνομιλία (φωνή) μέσω Internet Protocol (IP) και η μετάδοση βίντεο. Όσον αφορά τη διαχείριση Ποιότητας Εμπειρίας, προτείνονται νέοι μηχανισμοί που επιδεικνύουν βελτιώσεις στην εμπειρία των τελικών χρηστών, και συγκεκριμένα: α) ένα σχήμα ελέγχου των επικοινωνιών συσκευής-προς-συσκευή που λαμβάνει υπόψιν την εμπειρία των χρηστών, β) ένας «συνεπής» αλγόριθμος χρονο-προγραμματισμού ραδιοπόρων που βελτιώνει την Ποιότητα Εμπειρίας του χρήστη μετριάζοντας τις διακυμάνσεις της ρυθμαπόδοσης του δικτύου, και γ) ένας μηχανισμός προσαρμοστικής ροής βίντεο με γνώσεις «πλαισίου», ο οποίος επιτυγχάνει την εξάλειψη διακοπών του βίντεο σε συνθήκες χαμηλού εύρους ζώνης. Επιπλέον, προτείνεται μία εφαρμογή Ποιότητας Εμπειρίας βασισμένη στην αρχιτεκτονική Software-Defined Networking (SDN), ονόματι “QoE-SDN APP”, η οποία επιτρέπει την ανάδραση πληροφοριών δικτύου από παρόχους κινητής τηλεφωνίας σε παρόχους υπηρεσιών βίντεο, αναδεικνύοντας πλεονεκτήματα ως προς την Ποιότητα Εμπειρίας για τους πελάτες των παρόχων βίντεο αλλά και ως προς την εξοικονόμηση εύρους ζώνης για τους φορείς εκμετάλλευσης δικτύου. Εν κατακλείδι, η παρούσα διατριβή προωθεί την ενοποίηση του ερευνητικού πεδίου της Ποιότητας Εμπειρίας με τον τομέα των κινητών επικοινωνιών, καθώς και τη συνεργασία αμοιβαίου ενδιαφέροντος μεταξύ των παρόχων δικτύου (επίπεδο δικτύου) με τους παρόχους υπηρεσιών (επίπεδο εφαρμογής), αναδεικνύοντας την δυναμική από τέτοιου είδους προσεγγίσεις για όλους τους εμπλεκόμενους φορείς.Traditionally, previous generations of mobile cellular networks have been designed with Quality of Service (QoS) criteria in mind, so that they manage to meet specific service requirements. Quality of Experience (QoE) has, however, recently emerged as a concept, disrupting the design of future network generations by giving clear emphasis on the actually achieved user experience. The emergence of the QoE concept has been a result of the inevitable strong transition that the Telecom industry is currently experiencing from system-centric networks to more user-centric solutions and objectives. Mobile network operators, service providers, application developers, as well as other stakeholders involved in the service provisioning chain have been attracted by the opportunities that the integration of the QoE concept could bring to their business; indeed, the provisioned QoE constitutes a determining factor of differentiation among different stakeholders, a tendency which is expected to become even more intense in the years to come. Motivated by this boost towards user-centricity, the objective of the research conducted in this thesis is to explore the challenges and opportunities that arise in modern mobile cellular networks when QoE is considered. Such opportunities concern, first of all, the possibility to comprehend the QoE that a provider achieves when provisioning a service. This can be enabled by the implementation and integration of QoE assessment methods into the real-time operation of a network. Then, the next step is the exploitation of collected QoE-related intelligence in order to re-examine existing network-layer mechanisms (e.g., radio scheduling), or application-layer mechanisms (e.g., video streaming), as well as propose novel cross-layer approaches towards ameliorating the achieved QoE. Moreover, the opportunity emerges to propose novel algorithms that stem from the inherent idiosyncrasies of QoE, such as the non-linear impact of QoS-related parameters on QoE, as a way to further enhance the users’ QoE. In this direction, throughout this thesis, QoE estimation models and metrics are explored and exploited in order to quantify QoE and thus, to improve existing mechanisms of mobile cellular networks. The core of this thesis is the proposal of a QoE provisioning cycle that allows the control, monitoring (i.e., modeling) and management of QoE in a cellular network. Each one of these functions is further analyzed, while emphasis is given on the modeling and management operations. In terms of modeling, QoE assessment methods and QoE-related performance indicators are described and classified. Parametric quality estimation is identified as the most appealing type of QoE estimation in mobile cellular networks, thus, it is thoroughly described for widely used types of services, such as Voice over IP (VoIP) and video streaming. In terms of QoE management, novel QoE-aware mechanisms that demonstrate QoE improvements for the users are proposed, namely: a) a QoE-driven Device-to-Device (D2D) communication management scheme that enhances end-user QoE, b) a “consistent” radio scheduling algorithm that improves the end-user QoE by mitigating throughput fluctuations, and c) a context-aware HTTP Adaptive Streaming (HAS) mechanism that successfully mitigates stallings (i.e., video freezing events) in the context of bandwidth-challenging scenarios. Moreover, a programmable QoE-SDN APP into the Software-Defined Networking (SDN) architecture is introduced, which enables network feedback exposure from mobile network operators to video service providers, revealing QoE benefits for the customers of video providers and bandwidth savings for the network operators. Overall, this thesis promotes the uniting of the domain of QoE with the domain of mobile communications, as well as the collaboration of mutual-interest between mobile network operators (network layer) and service providers (application layer), presenting the high potential from such approaches for all involved stakeholders

Space and re-entry systems - Development of advanced soil sampler technology, volume 1 Final report, 28 Jun. 1967 - 31 Jan. 1968

Development, and evaluation of sieve sampler, and rotating wire brush sampler for planetary soil probin

Latency-driven performance in data centres

Data centre based cloud computing has revolutionised the way businesses use computing infrastructure. Instead of building their own data centres, companies rent computing resources and deploy their applications on cloud hardware. Providing customers with well-defined application performance guarantees is of paramount importance to ensure transparency and to build a lasting collaboration between users and cloud operators. A user’s application performance is subject to the constraints of the resources it has been allocated and to the impact of the network conditions in the data centre. In this dissertation, I argue that application performance in data centres can be improved through cluster scheduling of applications informed by predictions of application performance for given network latency, and measurements of current network latency in data centres between hosts. Firstly, I show how to use the Precision Time Protocol (PTP), through an open-source software implementation PTPd, to measure network latency and packet loss in data centres. I propose PTPmesh, which uses PTPd, as a cloud network monitoring tool for tenants. Furthermore, I conduct a measurement study using PTPmesh in different cloud providers, finding that network latency variability in data centres is still common. Normal latency values in data centres are in the order of tens or hundreds of microseconds, while unexpected events, such as network congestion or packet loss, can lead to latency spikes in the order of milliseconds. Secondly, I show that network latency matters for certain distributed applications even in small amounts of tens or hundreds of microseconds, significantly reducing their performance. I propose a methodology to determine the impact of network latency on distributed applications performance by injecting artificial delay into the network of an experimental setup. Based on the experimental results, I build functions that predict the performance of an application for a given network latency. Given the network latency variability observed in data centers, applications’ performance is determined by their placement within the data centre. Thirdly, I propose latency-driven, application performance-aware, cluster scheduling as a way to provide performance guarantees to applications. I introduce NoMora, a cluster scheduling architecture that leverages the predictions of application performance dependent upon network latency combined with dynamic network latency measurements taken between pairs of hosts in data centres to place applications. Moreover, I show that NoMora improves application performance by choosing better placements than other scheduling policies.MEASUREMENT FOR EUROPE: TRAINING AND RESEARCH FOR INTERNET COMMUNICATIONS SCIENCE, European Commission FP7 Marie Curie Innovative Training Networks (ITN) ENDEAVOUR, European Commission Horizon 2020 (H2020) Industrial Leadership (IL