On the Optimality of Virtualized Security Function Placement in Multi-Tenant Data Centers

Security and service protection against cyber attacks remain among the primary challenges for virtualized, multi-tenant Data Centres (DCs), for reasons that vary from lack of resource isolation to the monolithic nature of legacy middleboxes. Although security is currently considered a property of the underlying infrastructure, diverse services require protection against different threats and at timescales which are on par with those of service deployment and elastic resource provisioning. We address the resource allocation problem of deploying customised security services over a virtualized, multi-tenant DC. We formulate the problem in Integral Linear Programming (ILP) as an instance of the NP-hard variable size variable cost bin packing problem with the objective of maximising the residual resources after allocation. We propose a modified version of the Best Fit Decreasing algorithm (BFD) to solve the problem in polynomial time and we show that BFD optimises the objective function up to 80% more than other algorithms

An expansionary approach for the allocation of next generation ipv6 internet addresses.

Tesis ini menunjukkan bahawa ‘penyahpusatan lanjut bagi peruntukan Pengalamat Internet IPv6 Generasi Akan Datang adalah mungkin tanpa memberi kesan terhadap kebolehskalaan (scalability) dan kestabilan sistem laluan Internet.’ Ia menjelaskan suatu ‘Pendekatan Ekspansionari’ dan ‘Model Implementasi’ yang memungkinkan penyahpusatan yang sedemikian. This thesis shows that ‘further decentralization for the allocation of Next Generation IPv6 Internet Addresses is possible without affecting the scalability and stability of the Internet routing system.’ It describes an ‘Expansionary Approach’ and an ‘Implementation model’ that allows for such decentralization

Tactical communication systems based on civil standards: Modeling in the MiXiM framework

In this paper, new work is presented belonging to an ongoing study, which evaluates civil communication standards as potential candidates for the future military Wide Band Waveforms (WBWFs). After an evaluation process of possible candidates presented in [2], the selection process in [1] showed that the IEEE 802.11n OFDM could be a possible military WBWF candidate, but it should be further investigated first in order to enhance or even replace critical modules. According to this, some critical modules of the physical layer has been further analyzed in [3] regarding the susceptibility of the OFDM signal under jammer influences. However, the critical modules of the MAC layer (e.g., probabilistic medium access CSMA/CA) have not been analysed. In fact, it was only suggested in [2] to replace this medium access by the better suited Unified Slot Allocation Protocol - Multiple Access (USAP-MA) [4]. In this regard, the present contribution describes the design paradigms of the new MAC layer and explains how the proposed WBWF candidate has been modelled within the MiXiM Framework of the OMNeT++ simulator.Comment: Published in: A. F\"orster, C. Sommer, T. Steinbach, M. W\"ahlisch (Eds.), Proc. of 1st OMNeT++ Community Summit, Hamburg, Germany, September 2, 2014, arXiv:1409.0093, 201

Coalition Formation and Combinatorial Auctions; Applications to Self-organization and Self-management in Utility Computing

In this paper we propose a two-stage protocol for resource management in a hierarchically organized cloud. The first stage exploits spatial locality for the formation of coalitions of supply agents; the second stage, a combinatorial auction, is based on a modified proxy-based clock algorithm and has two phases, a clock phase and a proxy phase. The clock phase supports price discovery; in the second phase a proxy conducts multiple rounds of a combinatorial auction for the package of services requested by each client. The protocol strikes a balance between low-cost services for cloud clients and a decent profit for the service providers. We also report the results of an empirical investigation of the combinatorial auction stage of the protocol.Comment: 14 page