A Holistic Approach for Trustworthy Distributed Systems with WebAssembly and TEEs

Publish/subscribe systems play a key role in enabling communication between numerous devices in distributed and large-scale architectures. While widely adopted, securing such systems often trades portability for additional integrity and attestation guarantees. Trusted Execution Environments (TEEs) offer a potential solution with enclaves to enhance security and trust. However, application development for TEEs is complex, and many existing solutions are tied to specific TEE architectures, limiting adaptability. Current communication protocols also inadequately manage attestation proofs or expose essential attestation information. This paper introduces a novel approach using WebAssembly to address these issues, a key enabling technology nowadays capturing academia and industry attention. We present the design of a portable and fully attested publish/subscribe middleware system as a holistic approach for trustworthy and distributed communication between various systems. Based on this proposal, we have implemented and evaluated in-depth a fully-fledged publish/subscribe broker running within Intel SGX, compiled in WebAssembly, and built on top of industry-battled frameworks and standards, i.e., MQTT and TLS protocols. Our extended TLS protocol preserves the privacy of attestation information, among other benefits. Our experimental results showcase most overheads, revealing a 1.55x decrease in message throughput when using a trusted broker. We open-source the contributions of this work to the research community to facilitate experimental reproducibility.Comment: This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 95719

Cooperative Material Handling by Human and Robotic Agents:Module Development and System Synthesis

In this paper we present the results of a collaborative effort to design and implement a system for cooperative material handling by a small team of human and robotic agents in an unstructured indoor environment. Our approach makes fundamental use of human agents\u27 expertise for aspects of task planning, task monitoring, and error recovery. Our system is neither fully autonomous nor fully teleoperated. It is designed to make effective use of human abilities within the present state of the art of autonomous systems. It is designed to allow for and promote cooperative interaction between distributed agents with various capabilities and resources. Our robotic agents refer to systems which are each equipped with at least one sensing modality and which possess some capability for self-orientation and/or mobility. Our robotic agents are not required to be homogeneous with respect to either capabilities or function. Our research stresses both paradigms and testbed experimentation. Theory issues include the requisite coordination principles and techniques which are fundamental to the basic functioning of such a cooperative multi-agent system. We have constructed a testbed facility for experimenting with distributed multi-agent architectures. The required modular components of this testbed are currently operational and have been tested individually. Our current research focuses on the integration of agents in a scenario for cooperative material handling

Security in a Distributed Processing Environment

Distribution plays a key role in telecommunication and computing systems today. It has become a necessity as a result of deregulation and anti-trust legislation, which has forced businesses to move from centralised, monolithic systems to distributed systems with the separation of applications and provisioning technologies, such as the service and transportation layers in the Internet. The need for reliability and recovery requires systems to use replication and secondary backup systems such as those used in ecommerce. There are consequences to distribution. It results in systems being implemented in heterogeneous environment; it requires systems to be scalable; it results in some loss of control and so this contributes to the increased security issues that result from distribution. Each of these issues has to be dealt with. A distributed processing environment (DPE) is middleware that allows heterogeneous environments to operate in a homogeneous manner. Scalability can be addressed by using object-oriented technology to distribute functionality. Security is more difficult to address because it requires the creation of a distributed trusted environment. The problem with security in a DPE currently is that it is treated as an adjunct service, i.e. and after-thought that is the last thing added to the system. As a result, it is not pervasive and therefore is unable to fully support the other DPE services. DPE security needs to provide the five basic security services, authentication, access control, integrity, confidentiality and non-repudiation, in a distributed environment, while ensuring simple and usable administration. The research, detailed in this thesis, starts by highlighting the inadequacies of the existing DPE and its services. It argues that a new management structure was introduced that provides greater flexibility and configurability, while promoting mechanism and service independence. A new secure interoperability framework was introduced which provides the ability to negotiate common mechanism and service level configurations. New facilities were added to the non-repudiation and audit services. The research has shown that all services should be security-aware, and therefore would able to interact with the Enhanced Security Service in order to provide a more secure environment within a DPE. As a proof of concept, the Trader service was selected. Its security limitations were examined, new security behaviour policies proposed and it was then implemented as a Security-aware Trader, which could counteract the existing security limitations.IONA TECHNOLOGIES PLC & ORANG

A Low-Cost Experimental Testbed for Multi-Agent System Coordination Control

A multi-agent system can be defined as a coordinated network of mobile, physical agents that execute complex tasks beyond their individual capabilities. Observations of biological multi-agent systems in nature reveal that these ``super-organisms” accomplish large scale tasks by leveraging the inherent advantages of a coordinated group. With this in mind, such systems have the potential to positively impact a wide variety of engineering applications (e.g. surveillance, self-driving cars, and mobile sensor networks). The current state of research in the area of multi-agent systems is quickly evolving from the theoretical development of coordination control algorithms and their computer simulations to experimental validations on proof-of-concept testbeds using small-scale mobile robotic platforms. An in-house testbed would allow for rapid prototyping and validation of control algorithms, and potentially lead to new research directions spawned by experimentally-observed issues. To this end, a custom experimental testbed, TIGER Square, has been designed, developed, built, and tested at Louisiana State University. In this work, the completed design and test results for a centralized testbed is presented. That is, the individual robots follow an overarching control entity and are reliant on a global structure, such as a central processing computer. As part of the validation process, a series of formation control experiments were executed to assess the performance of the testbed. In order to eliminate single-point failures, a multi-agent system must be fully decentralized or distributed. This means that the responsibilities of processing, localization, and communication are distributed to each agent. Therefore, this work concludes with the introduction of a prototype localization module that will be integrated into the existing centralized testbed. This initial step allows for the future decentralization of TIGER Square and opens the path to achieve a fully capable multi-agent system testbed

MARIANE: MApReduce Implementation Adapted for HPC Environments

MapReduce is increasingly becoming a popular framework, and a potent programming model. The most popular open source implementation of MapReduce, Hadoop, is based on the Hadoop Distributed File System (HDFS). However, as HDFS is not POSIX compliant, it cannot be fully leveraged by applications running on a majority of existing HPC environments such as Teragrid and NERSC. These HPC environments typicallysupport globally shared file systems such as NFS and GPFS. On such resourceful HPC infrastructures, the use of Hadoop not only creates compatibility issues, but also affects overall performance due to the added overhead of the HDFS. This paper not only presents a MapReduce implementation directly suitable for HPC environments, but also exposes the design choices for better performance gains in those settings. By leveraging inherent distributed file systems' functions, and abstracting them away from its MapReduce framework, MARIANE (MApReduce Implementation Adapted for HPC Environments) not only allows for the use of the model in an expanding number of HPCenvironments, but also allows for better performance in such settings. This paper shows the applicability and high performance of the MapReduce paradigm through MARIANE, an implementation designed for clustered and shared-disk file systems and as such not dedicated to a specific MapReduce solution. The paper identifies the components and trade-offs necessary for this model, and quantifies the performance gains exhibited by our approach in distributed environments over Apache Hadoop in a data intensive setting, on the Magellan testbed at the National Energy Research Scientific Computing Center (NERSC)

Opening Keynote: Working Together to Build and Sustain a Global Knowledge Commons

The widespread deployment of repository systems in higher education and research institutions provides the foundation for a distributed, globally networked infrastructure for scholarly communication. However, repository platforms are still using technologies and protocols designed almost twenty years ago, before the boom of the Web and the dominance of Google, social networking, semantic web and ubiquitous mobile devices. This is, in large part, why repositories have not fully realized their potential and function mainly as passive recipients of the final versions of their users’ conventionally published research outputs. In order to leverage the value of the repository network, we need to equip it with a wider array of roles and functionalities, which can be enabled through new levels of web-centric interoperability. In November 2017, COAR published the recommendations for the next generation of repositories. The vision for this work is “to position repositories as the foundation for a distributed, globally networked infrastructure for scholarly communication, on top of which layers of value added services will be deployed, thereby transforming the system, making it more research-centric, open to and supportive of innovation, while also collectively managed by the scholarly community.” In this presentation, Kathleen Shearer will present the current international context for scholarly communication, outline her vision for a more sustainable and equitable system for scholarly communication, present the recommendations of the COAR Next Generation Repositories Report, and discuss the key issues and challenges involved with moving forward

Web Based Clinical System for UTP Panels

Health institutions like clinics and hospitals can improve in their efficiency through implementation ofan information system where tedious paper work can be avoided and vital information regarding patients can be retrieved immediately between different clinics. Malaysian Clinics are yet to fully discover the advantages of implementing information systems in helping and supporting the business process and daily operations. Therefore, this project aims at conducting research on common business processes among UTP panel clinics, to develop a web-based clinical information sharing system for UTP panels and to conduct research on distributed system issues &development for the system. This helps towards early and fast diagnosis and gives possible treatment plans for patients and a networking between clinics. There are, however, a few problems or drawbacks. As business processes are done manually by clinics which increase the tendency for errors, lack ofdata sharing between clinics regarding the same patient has hindered the research as there is no reference of medical records from previous clinics or hospitals regarding patients when they seek medical treatment in a different clinic. Various techniques were involved in requirement gathering namely research, interview, observation and questionnaire. The Prototyping model approach which consists of building an experimental system rapidly was used for the systems development. The implementation of Web Based Clinical System for UTP panels can ensure reduced tendencies for errors, save time and space for recording & storing when dealing with patient's information and medical records and at the same time increases the patients' convenience

Questionnaires, in-depth interviews and focus groups

With fast changing technologies and related human interaction issues, there is an increased need for timely evaluation of systems with distributed users in varying contexts (Pace, 2004). This has led to the increased use of questionnaires, in-depth interviews and focus groups in commercial usability and academic research contexts. Questionnaires are usually paper based or delivered online and consist of a set of questions which all participants are asked to complete. Once the questionnaire has been created, it can be delivered to a large number of participants with little effort. However, a large number of participants also means a large amount of data needing to be coded and analysed. Interviews, on the other hand, are usually conducted on a one-to-one basis. They require a large amount of the investigator’s time during the interviews and also for transcribing and coding the data. Focus groups usually consist of one investigator and a number of participants in any one session. Although the views of any one participant cannot be probed to same degree as in an interview, the discussions that are facilitated within the groups often result in useful data in a shorter space of time than that required by one-to-one interviews. All too often, however, researchers eager to identify usability problems quickly throw together a questionnaire, interview or focus group that, when analysed, produces very little of interest. What is often lacking is an understanding of how the research method design fits with the research questions (Creswell, 2003) and how to appropriately utilise these different approaches for specific HCI needs. The methods described in this chapter can be useful when used alone but are most useful when used together with other methods. Creswell (2003) provides a comprehensive analysis of the different quantitative and qualitative methods and howthey can be mixed and matched for overall better quality research. Depending on what we are investigating, sometimes it is useful to start with a questionnaire and then, for example, follow up some specific points with an experiment, or a series of interviews, in order to fully explore some aspect of the phenomenon under study. This chapter describes how to choose between and design questionnaires, interviews and focus group studies and using two examples illustrates the advantages of combining a number of approaches when conducting HCI research

A Fully Decentralized Hierarchical Transactive Energy Framework for Charging EVs with Local DERs in Power Distribution Systems

The penetration rates of both electric vehicles (EVs) and distributed energy resources (DERs) have been increasing rapidly as appealing options to address the global problems of carbon emissions and fuel supply issues. However, uncoordinated EV charging activities and DER generation result in operational challenges for power distribution systems. Therefore, this article has developed a hierarchical transactive energy (TE) framework to locally induce and coordinate EV charging demand and DER generation in electric distribution networks. Based on a modified version of the alternating direction method of multipliers (ADMMs), two fully decentralized (DEC) peer-to-peer (P2P) trading models are presented, that is, an hour-ahead market and a 5-min-ahead real-time market. Compared to existing P2P electricity markets, this research represents the first attempt to comprehensively incorporate alternating current (ac) power network constraints into P2P electricity trading. The proposed TE framework not only contributes to mitigating operational challenges of distribution systems, but also benefits both EV owners and DER investors through secured local energy transactions. The privacy of market participants is well preserved since the bid data of each participant are not exposed to others. Comprehensive simulations based on the IEEE 33-node distribution system are conducted to demonstrate the feasibility and effectiveness of the proposed method