Developing and operating time critical applications in clouds: the state of the art and the SWITCH approach

Cloud environments can provide virtualized, elastic, controllable and high quality on-demand services for supporting complex distributed applications. However, the engineering methods and software tools used for developing, deploying and executing classical time critical applications do not, as yet, account for the programmability and controllability provided by clouds, and so time critical applications cannot yet benefit from the full potential of cloud technology. This paper reviews the state of the art of technologies involved in developing time critical cloud applications, and presents the approach of a recently funded EU H2020 project: the Software Workbench for Interactive, Time Critical and Highly self-adaptive cloud applications (SWITCH). SWITCH aims to improve the existing development and execution model of time critical applications by introducing a novel conceptual model—the application-infrastructure co-programming and control model—in which application QoS and QoE, together with the programmability and controllability of cloud environments, is included in the complete application lifecycle

LogSnap: Creating snapshots of OpenFlow Data Centre Networks for offline querying

Software-Defined Networking (SDN) has enabled automated modification of the behavior of network devices to match changes in network policy. This facility has driven adoption of SDN in Data Centre Networks (DCNs), particularly multi-tenant DCNs, where network policies are used extensively and can change rapidly as tenants arrive, leave, and modify their resource usage. It is useful for a DCN operator to have a way to query the past state of a network, e.g. for debugging or verification. In a multi-tenant DCN whose behaviour changes frequently under the programmatic control of SDN, this is an important but complex function to provide. While SDN makes the problem more challenging, it also helps to provide the solution - changes in network policy are communicated in packets sent from an SDN controller to the network devices, and those packets are amenable to capture and analysis to reveal the state of the network. Our solution, LogSnap, records messages exchanged over time between an SDN controller and switches in a network, and can quickly recreate the network in an emulated environment for any point in the recorded history. We have evaluated the system for its accuracy, the speed with which it can recreate the network, and quantified the storage implications of speeding up network reproduction

A Big Data and machine learning approach for network monitoring and security

In the last decade the performances of 802.11 (Wi-Fi) devices skyrocketed. Today it is possible to realize gigabit wireless links spanning across kilometers at a fraction of the cost of the wired equivalent. In the same period, mesh network evolved from being experimental tools confined into university labs, to systems running in several real world scenarios. Mesh networks can now provide city-wide coverage and can compete on the market of Internet access. Yet, being wireless distributed networks, mesh networks are still hard to maintain and monitor. This paper explains how today we can perform monitoring, anomaly detection and root cause analysis in mesh networks using Big Data techniques. It first describes the architecture of a modern mesh network, it justifies the use of Big Data techniques and provides a design for the storage and analysis of Big Data produced by a large-scale mesh network. While proposing a generic infrastructure, we focus on its application in the security domain

Internet of Things Software and Hardware Architectures and Their Impacts on Forensic Investigations: Current Approaches and Challenges

The never-before-seen proliferation of interconnected low-power computing devices, patently dubbed the Internet of Things (IoT), is revolutionizing how people, organizations, and malicious actors interact with one another and the Internet. Many of these devices collect data in different forms, be it audio, location data, or user commands. In civil or criminal nature investigations, the data collected can act as evidence for the prosecution or the defense. This data can also be used as a component of cybersecurity efforts. When data is extracted from these devices, investigators are expected to do so using proven methods. Still, unfortunately, given the heterogeneity in the types of devices that need to be examined, few widely agreed-upon standards exist. In this paper, we look at some of the architectures, current frameworks, and methods available to perform forensic analysis of IoT devices to provide a roadmap for investigators and researchers to form the basis of an investigation

Virtual network function development for NG-PON Access Network Architecture

Dissertação de mestrado em Engenharia de Redes e Serviços TelemáticosThe access to Internet services on a large scale, high throughput and low latency has grown at a very high pace over time, with a growing demand for media content and applications increasingly oriented towards data consumption. This fact about the use of data at the edge of the network requires the Central Offices (CO) of telecommunication providers, to be pre pared to absorb these demands. COs generally offer data from various access methods, such as Passive Optical Network (PON) technologies, mobile networks, copper wired and oth ers. For each of these technologies there may be different manufacturers that support only their respective hardware and software solutions, although they all share different network resources and have management, configuration and monitoring tools (Fault, Configuration, Accounting, Performance, and Security management - FCAPS) similar, but being distinct and isolated from each other, which produces huge investment in Capital Expenditure (CAPEX) and Operational Expenditure (OPEX) and can cause barriers to innovation. Such panora mas forced the development of more flexible, scalable solutions that share platforms and net work architectures that can meet this need and enable the evolution of networks. It is then proposed the architecture of Software-Defined Network (SDN) which has in its proposal to abstract the control plane from the data plane, in addition to the virtualization of several Net work Function Virtualization (NFV). The SDN architecture allows APIs and protocols such as Openflow, NETCONF / YANG, RESTCONF, gRPC and others to be used so that there is communication between the various hardware and software elements that compose the net work and consume network resources, such as services AAA, DHCP, routing, orchestration, management or various applications that may exist in this context. This work then aims at the development of a virtualized network function, namely a VNF in the context of network security to be integrated as a component of an architecture guided by the SDN paradigm applied to broadband networks, and also adherent to the architecture OB-BAA promoted by the Broadband Forum. Such OB-BAA architecture fits into the initia tive to modernize the Information Technology (IT) components of broadband networks, more specifically the Central Offices. With such development, it was intended to explore the con cepts of network security, such as the IEEE 802.1X protocol applied in NG-PON networks for authentication and authorization of new network equipment. To achieve this goal, the development of the applications was based on the Golang language combined with gRPC programmable interfaces for communication between the various elements of the architec ture. Network emulators were initially used, and then the components were ”containerized” and inserted in the Docker and Kubernetes virtualization frameworks. Finally, performance metrics were analyzed in the usage tests, namely computational resource usage metrics (CPU, memory and network I/O), in addition to the execution time of several processes performed by the developed applications.O acesso aos serviços de Internet em larga escala, alto débito e baixa latência têm crescido em um ritmo bastante elevado ao longo dos tempos, com uma demanda crescente por conteúdos de media e aplicações cada vez mais orientadas ao consumo de dados. Tal fato acerca da uti lização de dados na periferia da rede, obriga a que os Central Offices (CO) dos provedores de telecomunicações estejam preparados para absorver estas demandas. Os CO geralmente re cebem dados de diversos métodos de acesso, como tecnologias Passive Optical Network (PON), redes móveis, cabladas em cobre, entre outros. Para cada uma destas tecnologias pode haver diferentes fabricantes que suportam somente suas respetivas soluções de hardware e software, apesar de todas compartilharem diversos recursos de rede e possuírem ferramentas de gestão, configuração e monitoração (Fault-management, Configuration, Accounting, Performance e Segurança - FCAPS) similares, mas serem distintas e isoladas entre si, o que se traduz em um enorme investimento em Capital Expenditure (CAPEX) e Operational Expenditure (OPEX) e pode causar barreiras à inovação. Tais panoramas forçaram o desenvolvimento de soluções mais flexíveis, escaláveis e que compartilhem plataformas e arquiteturas de redes que pos sam suprir tal necessidade e possibilitar a evolução das redes. Propõe-se então a arquitetura de redes definidas por software (Software-Defined Network - SDN) que tem em sua proposta abstrair o plano de controle do plano de dados, além da virtualização de diversas funções de rede (Network Function Virtualization - NFV). A arquitetura SDN possibilita que API’s e pro tocolos como Openflow, NETCONF/YANG, RESTCONF, gRPC e outros, sejam utilizados para que haja comunicação entre os diversos elementos de hardware e software que estejam a compor a rede e a consumir recursos de redes, como serviços de AAA, DHCP, roteamento, orquestração, gestão ou diversas outras aplicações que possam existir neste contexto. Este trabalho visa então o desenvolvimento de uma função de rede virtualizada nomeada mente uma (Virtual Network Function - VNF) no âmbito de segurança de redes a ser integrada como um componente de uma arquitetura orientada pelo paradigma de SDN aplicado a re des de banda larga, e aderente também à arquitetura OB-BAA promovida pelo Broadband Fo rum. Tal arquitetura OB-BAA se enquadra na iniciativa de modernização dos componentes de Tecnologia da Informação (TI) das redes de banda larga, mais especificamente dos Cen tral Offices. Com tal desenvolvimento pretende-se explorar conceitos de segurança de redes, como o protocolo IEEE 802.1X aplicado em redes NG-PON para autenticação e autorização de novos equipamentos de rede. Para atingir tal objetivo, utilizou-se desenvolvimento de aplicações baseadas na linguagem Golang aliado com interfaces programáveis gRPC para comunicação entre os diversos elementos da arquitetura. Para emular tais componentes, utilizou-se inicialmente emuladores de rede, e em um segundo momento os componentes foram ”containerizados” e inseridos nos frameworks de virtualização Docker e Kubernetes.Por fim, foram analisadas métricas de desempenho nos testes executados, nomeadamente métricas de utilização de recursos computacionais (CPU, memória e tráfego de rede), além do tempo de execução de diversos processos desempenhados pelas aplicações desenvolvidas

Internet of Things: Architecture and Services for Healthcare

Internet of Things (IoT) is a recent prominent collaboration of various technologies that enables spatially distributed devices (“things”) to sense, communicate and share information, thus generating a variety of applications and services in Healthcare. IoT is implemented in multiple domains like Smart city, energy and smart grid, Smart home, weather forecasting, Agriculture, Market and Transportation, Manufacturing and testing industries, Healthcare and many more. IoT serves the purpose of making tasks more efficient and productive and at the same time ensuring quality and reliability. IoT technologies provide an enabling framework for inter-connecting devices, systems, and services that go beyond Machine-to-Machine scenarios within today’s internet infrastructure. Healthcare industry is among the fastest fields to embrace IoT for numerous health services. IoT technologies will enable doctors / physicians / caretakers to be in touch with patients all the time. Various physiological parameters and markers can be monitored on a real-time basis for early detection of serious health symptoms that could endanger the life of patients. Diagnosis of diseases can be more accurate and in time for early treatment which will significantly improve recovery time. Diagnostic medical devices, sensors, and imaging devices that are integrated within the network for building an efficient and real-time system. The market for IoT in the healthcare sector is expected to grow rapidly in terms of connecting hospitals with patients for remote monitoring, emergency care services and remote surgery through augmented virtual reality. This thesis explores advances in IoT- based technologies in the healthcare environment. The thesis presents an architecture that defines a possible reference platform for seamless inter-connectivity between devices and software systems to enable new services. The architecture has multiple layers each of which performs specific functions to enable the realization of novel healthcare services. The thesis provides a comprehensive comparison between different Short range communication technologies, Mobile communication and Low Power Wide Area (LPWA) technologies. Based upon different scenarios of IoT healthcare services implementation, data computation capabilities provided by various cloud computing models and edge computing models are also discussed. The thesis provides a survey on various healthcare services that are implemented inside (and outside) hospital premises, e.g., remote health monitoring, Ambient Assisted Living among others. The impact of two prominent key technologies: Network Functions Virtualization (NFV) and Software Defined Networks (SDN) has been discussed and showed the benefits of implementing control and management function-especially at the edge network- utilizing SDN/NFV. This provides a flexible approach for deployment of healthcare services in close proximity to computing resources and improves communication control. IoT acknowledges a reliable and secure data exchange in real-time and oriented to improve Quality of Life (QoL). Internet of Things (IoT) serves the purpose of the advance concatenation of devices, systems, and services that go beyond the Machine-to-Machine scenario within today’s internet infrastructure with extended benefits

Integração de funções de rede virtualizadas e funções de rede físicas

Network Functions Virtualization (NFV) and Software Defined Networking (SDN) have been in the center of network evolution, promising a more flexible and efficient way of managing networks through the on-demand instantiation of network functions (NFs) and reconfigurability of the network as necessary. Nevertheless, as new mechanisms are developed, such technologies require testing before their adoption into real-world deployments. This is where this dissertation contributes, by proposing and evaluating a system architecture that integrates a physical wireless testbed with a cloud-based environment. This allows physical wireless nodes to become part of the cloud environment, enabling its use and configuration as virtual NFs (VNFs). Results showcased the system feasibility, with the testbed being able to instantiate on-demand virtual and physical NFs, in the physical wireless nodes and in an OpenStack data-center.A Virtualização de Funções de Rede e as Redes Definidas por Software têm estado no centro da evolução das redes, prometendo uma forma mais flexível e eficiente de as gerenciar através da instanciação on-demand de Funções de Rede e da sua reconfiguração conforme o necessário. No entanto, à medida que novos mecanismos são desenvolvidos, é também necessário a realização de testes sobre estas tecnologias antes destas serem adotadas em implementações em contexto real. É aqui que esta dissertação contribui, propondo e avaliando uma arquitetura de sistema que integra um testbed físico sem fios, com um ambiente baseado em nuvem. Isto permite que os nós sem fios físicos se tornem parte do ambiente de nuvem, permitindo o seu uso e configuração como Funções de Rede Virtuais. Os resultados demonstraram a viabilidade do sistema, dada a capacidade da testbed em instanciar Funções de Rede virtuais e físicas quando requisitadas tanto nos nós sem fios físicos quanto no servidor OpenStack.Mestrado em Engenharia Eletrónica e Telecomunicaçõe

Rethinking Deep Packet Inspection design and deployment in the era of SDN and NFV

With the advent of Software-Defined Networking (SDN) and Network Functions Virtualization (NFV), the design and deployment of DPI (Deep Packet Inspection) must be reconsidered. The programmability, global visibility and centralized control of SDN, as well as the NFV enabled lightweight service creation and migration, have potential to empower the capability of DPI tools. On the other hand, dynamic environments make the deployment of DPI challenging. Although it has been validated that some security functions like firewall, and Intrusion Detection System (IDS) can be implemented in SDN controllers or NFV, it remains unclear whether or not DPI can be done in the similar way considering its sophisticated interactions with the network traffic packets, especially for the stateful protocols and encrypted traffic. In other words, the design and deployment of DPI in an SDN and NFV architecture would not be as straightforward. Therefore, this paper aims to shed the light on the challenges facing DPI design and deployment in the context of SDN and NFV and propose a solution to overcome them

Building the Future Internet through FIRE

The Internet as we know it today is the result of a continuous activity for improving network communications, end user services, computational processes and also information technology infrastructures. The Internet has become a critical infrastructure for the human-being by offering complex networking services and end-user applications that all together have transformed all aspects, mainly economical, of our lives. Recently, with the advent of new paradigms and the progress in wireless technology, sensor networks and information systems and also the inexorable shift towards everything connected paradigm, first as known as the Internet of Things and lately envisioning into the Internet of Everything, a data-driven society has been created. In a data-driven society, productivity, knowledge, and experience are dependent on increasingly open, dynamic, interdependent and complex Internet services. The challenge for the Internet of the Future design is to build robust enabling technologies, implement and deploy adaptive systems, to create business opportunities considering increasing uncertainties and emergent systemic behaviors where humans and machines seamlessly cooperate

Secure Communication in Disaster Scenarios

Während Naturkatastrophen oder terroristischer Anschläge ist die bestehende Kommunikationsinfrastruktur häufig überlastet oder fällt komplett aus. In diesen Situationen können mobile Geräte mithilfe von drahtloser ad-hoc- und unterbrechungstoleranter Vernetzung miteinander verbunden werden, um ein Notfall-Kommunikationssystem für Zivilisten und Rettungsdienste einzurichten. Falls verfügbar, kann eine Verbindung zu Cloud-Diensten im Internet eine wertvolle Hilfe im Krisen- und Katastrophenmanagement sein. Solche Kommunikationssysteme bergen jedoch ernsthafte Sicherheitsrisiken, da Angreifer versuchen könnten, vertrauliche Daten zu stehlen, gefälschte Benachrichtigungen von Notfalldiensten einzuspeisen oder Denial-of-Service (DoS) Angriffe durchzuführen. Diese Dissertation schlägt neue Ansätze zur Kommunikation in Notfallnetzen von mobilen Geräten vor, die von der Kommunikation zwischen Mobilfunkgeräten bis zu Cloud-Diensten auf Servern im Internet reichen. Durch die Nutzung dieser Ansätze werden die Sicherheit der Geräte-zu-Geräte-Kommunikation, die Sicherheit von Notfall-Apps auf mobilen Geräten und die Sicherheit von Server-Systemen für Cloud-Dienste verbessert