Virtual Mobility Domains - A Mobility Architecture for the Future Internet

The advances in hardware and wireless technologies have made mobile communication devices affordable by a vast user community. With the advent of rich multimedia and social networking content, an influx of myriads of applications, and Internet supported services, there is an increasing user demand for the Internet connectivity anywhere and anytime. Mobility management is thus a crucial requirement for the Internet today. This work targets novel mobility management techniques, designed to work with the Floating Cloud Tiered (FCT) internetworking model, proposed for a future Internet. We derive the FCT internetworking model from the tiered structure existing among Internet Service Provider (ISP) networks, to define their business and peering relationships. In our novel mobility management scheme, we define Virtual Mobility Domains (VMDs) of various scopes, that can support both intra and inter-domain roaming using a single address for a mobile node. The scheme is network based and hence imposes no operational load on the mobile node. This scheme is the first of its kind, by leveraging the tiered structure and its hierarchical properties, the collaborative network-based mobility management mechanism, and the inheritance information in the tiered addresses to route packets. The contributions of this PhD thesis can be summarized as follows: · We contribute to the literature with a comprehensive analysis of the future Internet architectures and mobility protocols over the period of 2002-2012, in light of their identity and handoff management schemes. We present a qualitative evaluation of current and future schemes on a unified platform. · We design and implement a novel user-centric future Internet mobility architecture called Virtual Mobility Domain. VMD proposes a seamless, network-based, unique collaborative mobility management within/across ASes and ISPs in the FCT Internetworking model. The analytical and simulation-based handoff performance analysis of the VMD architecture in comparison with the IPv6-based mobility protocols presents the considerable performance improvements achieved by the VMD architecture. · We present a novel and user-centric handoff cost framework to analyze handoff performance of different mobility schemes. The framework helps to examine the impacts of registration costs, signaling overhead, and data loss for Internet connected mobile users employing a unified cost metric. We analyze the effect of each parameter in the handoff cost framework on the handoff cost components. We also compare the handoff performance of IPv6-based mobility protocols to the VMD. · We present a handoff cost optimization problem and analysis of its characteristics. We consider a mobility user as the primary focus of our study. We then identify the suitable mathematical methods that can be leveraged to solve the problem. We model the handoff cost problem in an optimization tool. We also conduct a mobility study - best of our knowledge, first of its kind - on providing a guide for finding the number of handoffs in a typical VMD for any given user\u27s mobility model. Plugging the output of mobility study, we then conduct a numerical analysis to find out optimum VMD for a given user mobility model and check if the theoretical inferences are in agreement with the output of the optimization tool

Security for Service-Oriented On-Demand Grid Computing

Grid Computing ist mittlerweile zu einem etablierten Standard für das verteilte Höchstleistungsrechnen geworden. Während die erste Generation von Grid Middleware-Systemen noch mit proprietären Schnittstellen gearbeitet hat, wurde durch die Einführung von service-orientierten Standards wie WSDL und SOAP durch die Open Grid Services Architecture (OGSA) die Interoperabilität von Grids signifikant erhöht. Dies hat den Weg für mehrere nationale und internationale Grid-Projekten bereitet, in denen eine groß e Anzahl von akademischen und eine wachsende Anzahl von industriellen Anwendungen im Grid ausgeführt werden, die die bedarfsgesteuerte (on-demand) Provisionierung und Nutzung von Ressourcen erfordern. Bedarfsgesteuerte Grids zeichnen sich dadurch aus, dass sowohl die Software, als auch die Benutzer einer starken Fluktuation unterliegen. Weiterhin sind sowohl die Software, als auch die Daten, auf denen operiert wird, meist proprietär und haben einen hohen finanziellen Wert. Dies steht in starkem Kontrast zu den heutigen Grid-Anwendungen im akademischen Umfeld, die meist offen im Quellcode vorliegen bzw. frei verfügbar sind. Um den Ansprüchen einer bedarfsgesteuerten Grid-Nutzung gerecht zu werden, muss das Grid administrative Komponenten anbieten, mit denen Anwender autonom Software installieren können, selbst wenn diese Root-Rechte benötigen. Zur gleichen Zeit muss die Sicherheit des Grids erhöht werden, um Software, Daten und Meta-Daten der kommerziellen Anwender zu schützen. Dies würde es dem Grid auch erlauben als Basistechnologie für das gerade entstehende Gebiet des Cloud Computings zu dienen, wo ähnliche Anforderungen existieren. Wie es bei den meisten komplexen IT-Systemen der Fall ist, sind auch in traditionellen Grid Middlewares Schwachstellen zu finden, die durch die geforderten Erweiterungen der administrativen Möglichkeiten potentiell zu einem noch größ erem Problem werden. Die Schwachstellen in der Grid Middleware öffnen einen homogenen Angriffsvektor auf die ansonsten heterogenen und meist privaten Cluster-Umgebungen. Hinzu kommt, dass anders als bei den privaten Cluster-Umgebungen und kleinen akademischen Grid-Projekten die angestrebten groß en und offenen Grid-Landschaften die Administratoren mit gänzlich unbekannten Benutzern und Verhaltenstrukturen konfrontieren. Dies macht das Erkennen von böswilligem Verhalten um ein Vielfaches schwerer. Als Konsequenz werden Grid-Systeme ein immer attraktivere Ziele für Angreifer, da standardisierte Zugriffsmöglichkeiten Angriffe auf eine groß e Anzahl von Maschinen und Daten von potentiell hohem finanziellen Wert ermöglichen. Während die Rechenkapazität, die Bandbreite und der Speicherplatz an sich schon attraktive Ziele darstellen können, sind die im Grid enthaltene Software und die gespeicherten Daten viel kritischere Ressourcen. Modelldaten für die neuesten Crash-Test Simulationen, eine industrielle Fluid-Simulation, oder Rechnungsdaten von Kunden haben einen beträchtlichen Wert und müssen geschützt werden. Wenn ein Grid-Anbieter nicht für die Sicherheit von Software, Daten und Meta-Daten sorgen kann, wird die industrielle Verbreitung der offenen Grid-Technologie nicht stattfinden. Die Notwendigkeit von strikten Sicherheitsmechanismen muss mit der diametral entgegengesetzten Forderung nach einfacher und schneller Integration von neuer Software und neuen Kunden in Einklang gebracht werden. In dieser Arbeit werden neue Ansätze zur Verbesserung der Sicherheit und Nutzbarkeit von service-orientiertem bedarfsgesteuertem Grid Computing vorgestellt. Sie ermöglichen eine autonome und sichere Installation und Nutzung von komplexer, service-orientierter und traditioneller Software auf gemeinsam genutzen Ressourcen. Neue Sicherheitsmechanismen schützen Software, Daten und Meta-Daten der Anwender vor anderen Anwendern und vor externen Angreifern. Das System basiert auf Betriebssystemvirtualisierungstechnologien und bietet dynamische Erstellungs- und Installationsfunktionalitäten für virtuelle Images in einer sicheren Umgebung, in der automatisierte Mechanismen anwenderspezifische Firewall-Regeln setzen, um anwenderbezogene Netzwerkpartitionen zu erschaffen. Die Grid-Umgebung wird selbst in mehrere Bereiche unterteilt, damit die Kompromittierung von einzelnen Komponenten nicht so leicht zu einer Gefährdung des gesamten Systems führen kann. Die Grid-Headnode und der Image-Erzeugungsserver werden jeweils in einzelne Bereiche dieser demilitarisierten Zone positioniert. Um die sichere Anbindung von existierenden Geschäftsanwendungen zu ermöglichen, werden der BPEL-Standard (Business Process Execution Language) und eine Workflow-Ausführungseinheit um Grid-Sicherheitskonzepte erweitert. Die Erweiterung erlaubt eine nahtlose Integration von geschützten Grid Services mit existierenden Web Services. Die Workflow-Ausführungseinheit bietet die Erzeugung und die Erneuerung (im Falle von lange laufenden Anwendungen) von Proxy-Zertifikaten. Der Ansatz ermöglicht die sichere gemeinsame Ausführung von neuen, fein-granularen, service-orientierten Grid Anwendungen zusammen mit traditionellen Batch- und Job-Farming Anwendungen. Dies wird durch die Integration des vorgestellten Grid Sandboxing-Systems in existierende Cluster Scheduling Systeme erreicht. Eine innovative Server-Rotationsstrategie sorgt für weitere Sicherheit für den Grid Headnode Server, in dem transparent das virtuelle Server Image erneuert wird und damit auch unbekannte und unentdeckte Angriffe neutralisiert werden. Um die Angriffe, die nicht verhindert werden konnten, zu erkennen, wird ein neuartiges Intrusion Detection System vorgestellt, das auf Basis von Datenstrom-Datenbanksystemen funktioniert. Als letzte Neuerung dieser Arbeit wird eine Erweiterung des modellgetriebenen Softwareentwicklungsprozesses eingeführt, die eine automatisierte Generierung von sicheren Grid Services ermöglicht, um die komplexe und damit unsichere manuelle Erstellung von Grid Services zu ersetzen. Eine prototypische Implementierung der Konzepte wird auf Basis des Globus Toolkits 4, der Sun Grid Engine und der ActiveBPEL Engine vorgestellt. Die modellgetriebene Entwicklungsumgebung wurde in Eclipse für das Globus Toolkit 4 realisiert. Experimentelle Resultate und eine Evaluation der kritischen Komponenten des vorgestellten neuen Grids werden präsentiert. Die vorgestellten Sicherheitsmechanismem sollen die nächste Phase der Evolution des Grid Computing in einer sicheren Umgebung ermöglichen

Proceedings of the 15th Australian Digital Forensics Conference, 5-6 December 2017, Edith Cowan University, Perth, Australia

Conference Foreword This is the sixth year that the Australian Digital Forensics Conference has been held under the banner of the Security Research Institute, which is in part due to the success of the security conference program at ECU. As with previous years, the conference continues to see a quality papers with a number from local and international authors. 8 papers were submitted and following a double blind peer review process, 5 were accepted for final presentation and publication. Conferences such as these are simply not possible without willing volunteers who follow through with the commitment they have initially made, and I would like to take this opportunity to thank the conference committee for their tireless efforts in this regard. These efforts have included but not been limited to the reviewing and editing of the conference papers, and helping with the planning, organisation and execution of the conference. Particular thanks go to those international reviewers who took the time to review papers for the conference, irrespective of the fact that they are unable to attend this year. To our sponsors and supporters a vote of thanks for both the financial and moral support provided to the conference. Finally, to the student volunteers and staff of the ECU Security Research Institute, your efforts as always are appreciated and invaluable. Yours sincerely, Conference ChairProfessor Craig ValliDirector, Security Research Institute Congress Organising Committee Congress Chair: Professor Craig Valli Committee Members: Professor Gary Kessler – Embry Riddle University, Florida, USA Professor Glenn Dardick – Embry Riddle University, Florida, USA Professor Ali Babar – University of Adelaide, Australia Dr Jason Smith – CERT Australia, Australia Associate Professor Mike Johnstone – Edith Cowan University, Australia Professor Joseph A. Cannataci – University of Malta, Malta Professor Nathan Clarke – University of Plymouth, Plymouth UK Professor Steven Furnell – University of Plymouth, Plymouth UK Professor Bill Hutchinson – Edith Cowan University, Perth, Australia Professor Andrew Jones – Khalifa University, Abu Dhabi, UAE Professor Iain Sutherland – Glamorgan University, Wales, UK Professor Matthew Warren – Deakin University, Melbourne Australia Congress Coordinator: Ms Emma Burk

ComPOS - a Domain-Specific Language for Composing Internet-of-Things Systems

Internet-of-Things (IoT) systems consist of spatially distributed interacting devices. In contrast to desktop applications, IoT systems are always running and need to deal with unresponsive devices and weak connectivity. In this thesis, we propose techniques for simplifying the development of such systems. The work addresses IoT systems organised as reusable services connected by compositions. We propose to program such compositions using stateful reactions that mediate messages. To this end, we have designed a domain-specific language (DSL), called ComPOS. To help systems operate partly in cases of weak connectivity, we propose that ComPOS aborts older reactions when newer messages arrive. We evaluate our DSL in home-automation and e-health scenarios. Understanding IoT systems can be hard, and different analyses can help explain how they work. To support analysis, we propose a conceptual runtime model based on relational reference attribute grammars. We demonstrate the approach by formulating and implementing a Device Dependency Analysis (DDA). The DDA finds sets of devices needed for given parts of the system to work. The ComPOS editor supports live programming to allow development while the system is running. We propose a methodology for live ComPOS programming which divides the development into three, iteratively applied, phases: finding services (explore), composing services (assemble), and abstracting compositions as new services (expose). When developing a DSL, it takes substantial effort to specify the syntax and semantics, to build tools like editors, and to integrate with the environment (in this case the underlying middleware). To reduce the effort needed to experiment with ComPOS, we have created a tool called Jatte. Jatte is a generic projectional editor that developers can tune using attribute grammars. We used Jatte to implement the ComPOS editor

Integrated Architecture for Configuration and Service Management in MANET Environments

Esta tesis nos ha permitido trasladar algunos conceptos teóricos de la computación ubicua a escenarios reales, identificando las necesidades específicas de diferentes tipos de aplicaciones. Con el fin de alcanzar este objetivo, proponemos dos prototipos que proporcionan servicios sensibles al contexto en diferentes entornos, tales como conferencias o salas de recuperación en hospitales. Estos prototipos experimentales explotan la tecnología Bluetooth para ofrecer información basada en las preferencias del usuario. En ambos casos, hemos llevado a cabo algunos experimentos con el fin de evaluar el comportamiento de los sistemas y su rendimento. También abordamos en esta tesis el problema de la autoconfiguración de redes MANET basadas en el estándar 802.11 a través de dos soluciones novedosas. La primera es una solución centralizada que se basa en la tecnología Bluetooth, mientras la segunda es una solución distribuida que no necesita recurrir a ninguna tecnología adicional, ya que se basa en el uso del parámetro SSID. Ambos métodos se han diseñado para permitir que usuarios no expertos puedan unirse a una red MANET de forma transparente, proporcionando una configuración automática, rápida, y fiable de los terminales. Los resultados experimentales en implementaciones reales nos han permitido evaluar el rendimiento de las soluciones propuestas y demostrar que las estaciones cercanas se pueden configurar en pocos segundos. Además, hemos comparado ambas soluciones entre sí para poner de manifiesto las diferentes ventajas y desventajas en cuanto a rendimento. La principal contribución de esta tesis es EasyMANET, una plataforma ampliable y configurable cuyo objetivo es automatizar lo máximo posible las tareas que afectan a la configuración y puesta en marcha de redes MANET, de modo que su uso sea más simple y accesible.Cano Reyes, J. (2012). Integrated Architecture for Configuration and Service Management in MANET Environments [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/14675Palanci

Department of Computer Science Activity 1998-2004

This report summarizes much of the research and teaching activity of the Department of Computer Science at Dartmouth College between late 1998 and late 2004. The material for this report was collected as part of the final report for NSF Institutional Infrastructure award EIA-9802068, which funded equipment and technical staff during that six-year period. This equipment and staff supported essentially all of the department\u27s research activity during that period

A practical idea creation, capture and management framework for innovation

University of Technology, Sydney. Faculty of Engineering and Information Technology.Innovation is an activity essential to the success of individuals, organizations and wider society. Idea creation, capture and management account for a significant part of the innovation process, and yet have been widely disregarded by individuals, organizations and society. A small (and growing) number of individuals and organizations have begun to realize this and have moved to implement innovation frameworks in their own contexts. These tools and previous work address innovation from an organizational standpoint. However, it is individuals that initiate, create, cultivate and implement ideas. This thesis proposes a research-based framework that supports innovation which is instigated and driven by individuals. The key objective is to provide methods for structuring and sharing ideas, thus supporting innovators and driving the innovation process. The thesis develops the framework through analysis of existing tools, as well as a qualitative and quantitative analysis of innovator’s practices and mindset. In summary, this thesis presents a new paradigm of mobile open innovation that allows individuals to share and pursue their ideas with greater efficiency and ease. This new perspective in conjunction with the framework improves innovation practice and benefits the productivity of organizations and the world

A design space for social object labels in museums

Taking a problematic user experience with ubiquitous annotation as its point of departure, this thesis defines and explores the design space for Social Object Labels (SOLs), small interactive displays aiming to support users' in-situ engagement with digital annotations of physical objects and places by providing up-to-date information before, during and after interaction. While the concept of ubiquitous annotation has potential applications in a wide range of domains, the research focuses in particular on SOLs in a museum context, where they can support the institution's educational goals by engaging visitors in the interpretation of exhibits and providing a platform for public discourse to complement official interpretations provided on traditional object labels. The thesis defines and structures the design space for SOLs, investigates how they can support social interpretation in museums and develops empirically validated design recommendations. Reflecting the developmental character of the research, it employs Design Research as a methodological framework, which involves the iterative development and evaluation of design artefacts together with users and other stakeholders. The research identifies the particular characteristics of SOLs and structures their design space into ten high-level aspects, synthesised from taxonomies and heuristics for similar display concepts and complemented with aspects emerging from the iterative design and evaluation of prototypes. It presents findings from a survey exploring visitors' mental models, preferences and expectations of commenting in museums and translates them into requirements for SOLs. It reports on scenario-based design activities, expert interviews with museum professionals, formative user studies and co-design sessions, and two empirical evaluations of SOL prototypes in a gallery environment. Pulling together findings from these research activities it then formulates design recommendations for SOLs and supports them with related evidence and implementation examples. The main contributions are (i) to delineate and structure the design space for SOLs, which helps to ground SOLs in the literature and understand them as a distinct display concept with its own characteristics; (ii) to explore, for the first time, a visitor perspective on commenting in museums, which can inform research, development and policies on user-generated content in museums and the wider cultural heritage sector; (iii) to develop empirically validated design recommendations, which can inform future research and development into SOLs and related display concept. The thesis concludes by summarising findings in relation to its stated research questions, restating its contributions from ubiquitous computing, domain and methodology perspectives, and discussing open issues and future work

Aerospace medicine and biology: A continuing bibliography with indexes (supplement 333)

This bibliography lists 122 reports, articles and other documents introduced into the NASA Scientific and Technical Information System during January, 1990. Subject coverage includes: aerospace medicine and psychology, life support systems and controlled environments, safety equipment, exobiology and extraterrestrial life, and flight crew behavior and performance

Adapting mobile systems using logical mobility primitives

Mobile computing devices, such as personal digital assistants and mobile phones, are becoming increasingly popular, smaller, more capable and even fashionable personal items. Combined with the recent advent of wireless networking techniques, users are equipped with mobile devices of significant computational abilities, which are able to wirelessly access information by dynamically connecting to many different networks. Despite the ubiquity of mobile devices, mobile systems are built using monolithic architectures, use a small set of predefined interaction paradigms and do not exploit or adapt to the dynamicity of their local or remote context. Applications deployed on mobile devices face considerable challenges posed by their changing surroundings. One of the main peculiarities of mobile devices is heterogeneity, which may occur in software, hardware and network protocols. Mobile systems may carry a large number of different applications, use different operating systems and middleware and, often, have more than one network interface. A further challenge is their considerable variation in the computational resources available, such as battery power, CPU speed, network bandwidth and volatile and persistent memory. Moreover, mobile computing systems are highly dynamic systems, in terms of their surroundings, implying that the requirements for applications deployed on a mobile device are a moving target. Changes in the requirements (such as integration with a new service) may require changes to the application. Consequently, these changes may mean that the application behaviour needs to adapt. This thesis argues that the potential of the ubiquity of mobile devices cannot be realised using static and monolithic architectures, as mobile systems need to be able to adapt to accommodate changes to their environment. It investigates the use of three technologies to offer adaptation to mobile devices: Logical mobility techniques, component systems and middleware technologies. More specifically, this thesis presents the SATIN (System Adaptation Targeting Integrated Networks) component metamodel, a lightweight local component metamodel that offers the flexible use of logical mobility primitives. The metamodel is instantiated to build the SATIN middleware system, a component-based mobile computing middleware that uses the mobility primitives exported by the metamodel to reconfigure itself and applications running on top of it. The suitability of SATIN for the creation of adaptable mobile systems is demonstrated, by using it to implement and evaluate a number of applications showing different aspects of adaptation. Moreover, existing projects are reengineered to run as SATIN components, showing the flexibility of the approach and the advantages gained over the originals