Topology-Awareness and Re-optimization Mechanism for Virtual Network Embedding

Embedding of virtual network (VN) requests on top of a shared physical network poses an intriguing combination of theoretical and practical challenges. Two major problems with the state-of-the-art VN embedding algorithms are their indifference to the underlying substrate topology and their lack of re-optimization mechanisms for already embedded VN requests. We argue that topology-aware embedding together with re-optimization mechanisms can improve the performance of the previous VN embedding algorithms in terms of acceptance ratio and load balancing. The major contributions of this thesis are twofold: (1) we present a mechanism to differentiate among resources based on their importance in the substrate topology, and (2) we propose a set of algorithms for re-optimizing and re-embedding initially-rejected VN requests after fixing their bottleneck requirements. Through extensive simulations, we show that not only our techniques improve the acceptance ratio, but they also provide the added benefit of balancing load better than previous proposals. The metrics we use to validate our techniques are improvement in acceptance ratio, revenue-cost ratio, incurred cost, and distribution of utilization

Demonstração de criação de redes virtuais no âmbito do operador

Mestrado em Engenharia Electrónica e TelecomunicaçõesA Internet nunca foi pensada para suportar a multiplicidade de serviços e a quantidade de utilizadores que tem actualmente. Conjugando este facto com uma crescente exigência quer a nível de desempenho, quer a nível de flexibilidade e robustez, facilmente se percebe que a arquitectura actual não corresponde nem às necessidades e exigências dos utilizadores actuais nem dos futuros. A virtualização de rede é, assim, apresentada como uma possível solução para este problema. Ao permitir que um conjunto de redes com requisitos e arquitecturas distintos, optimizados para diferentes aplicações, partilhem uma mesma infra-estrutura e sejam independentes desta, permitirá o desenvolvimento de alternativas que minimizem ou suprimam as limitações conhecidas da Internet actual. O facto de uma mesma rede física poder ser utilizada para suportar múltiplas redes virtuais é de grande interesse para os operadores. Ao melhorar a utilização da infra-estrutura e a consolidação de recursos, é possível aumentar a rentabilidade da mesma. Além desta mais eficiente utilização, que se traduz numa vantagem competitiva, a virtualização de rede permite o aparecimento de novos modelos de negócio através da dissociação entre serviços e a rede física. Neste sentido, e no âmbito do projecto 4WARD, esta dissertação propõe-se a desenvolver uma plataforma de virtualização que permita a avaliação, resolução de problemas e testes referentes à criação, monitorização e gestão de redes virtuais existentes numa rede física experimental. Foram desenvolvidas funcionalidades dinâmicas de monitorização de rede, através das quais é possível detectar situações de falhas, sobre utilização ou problemas de configuração. Também foram desenvolvidos, simulados e implementados algoritmos distribuídos de descoberta de redes físicas e virtuais. Na vertente de gestão da rede, foram implementados mecanismos que permitem actuar sobre os recursos virtuais. Por fim, para que a criação inteligente de redes virtuais fosse possível e efectuada o mais rapidamente possível, foram desenvolvidos algoritmos de mapeamento dinâmico de redes virtuais e optimizados os processos de criação dos respectivos nós. Por forma a disponibilizar e testar as funcionalidades, foi desenvolvida uma plataforma de virtualização que fornece um ambiente gráfico e que permite, de forma intuitiva, desenhar e configurar redes virtuais, monitorizar as redes existentes em tempo real e actuar sobre elas. Esta plataforma foi desenvolvida de forma modular e poderá servir como base para futuros melhoramentos e funcionalidades. Os resultados obtidos, além de implementarem as funcionalidades desejadas e de comprovarem a escalabilidade da arquitectura e dos algoritmos propostos, provam que é possível a existência de uma ferramenta única de gestão, monitorização e criação de redes virtuais.The Internet was never designed to support the huge amount of services and users that it has nowadays. Combined with ever-increasing requirements for performance, flexibility, and robustness, one can easily realize that the current architecture does not match neither the needs nor the demands of the current and future users. Network virtualization arises as a potential solution for these issues. By letting multiple networks, optimized for different applications with different requirements and architectures, to coexist and share the same infrastructure in an independent way, new alternatives may be developed that bypass the known limitations of the current Internet. This ability to use the same physical infrastructure to hold multiple virtual networks is of great interest for network operators. By improving its infrastructure utilization and increasing the resource consolidation, higher profitability can be achieved. Besides this competitive advantage, network virtualization enables new business models and the dissociation of the provided services from the physical network. With that goal in mind, this Thesis, in the scope of the 4WARD project, presents a virtualization platform that will enable the evaluation and solving of the inherent problems associated with the creation, monitoring and management of virtual networks, embedded in an experimental physical network. The developed dynamic monitoring features make the detection of failures, misconfigurations or overloads possible. In addition, physical and virtual network discovery mechanisms were designed, simulated and implemented. Regarding network management, acting upon virtual resources was also made possible. Finally, in order to optimize and speed-up virtual network creation, dynamic mapping algorithms and optimized node creation processes were developed. In order to provide and test the specified features, a network virtualization platform was developed containing a graphical user interface that aims to provide the users with a simple, interactive, intuitive way of designing and configuring virtual networks, as well as monitoring and managing them. The developed platform poses itself as a possible platform for future enhancements and added functionalities, due to its modular nature. The attained results, besides implementing the desired features and having proven the scalability and feasibility of the proposed algorithms, are also the evidence that the existence of a single tool to manage, monitor and create virtual networks is feasible

Software-Defined Networking: A Comprehensive Survey

peer reviewedThe Internet has led to the creation of a digital society, where (almost) everything is connected and is accessible from anywhere. However, despite their widespread adoption, traditional IP networks are complex and very hard to manage. It is both difficult to configure the network according to predefined policies, and to reconfigure it to respond to faults, load, and changes. To make matters even more difficult, current networks are also vertically integrated: the control and data planes are bundled together. Software-defined networking (SDN) is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns, introduced between the definition of network policies, their implementation in switching hardware, and the forwarding of traffic, is key to the desired flexibility: by breaking the network control problem into tractable pieces, SDN makes it easier to create and introduce new abstractions in networking, simplifying network management and facilitating network evolution. In this paper, we present a comprehensive survey on SDN. We start by introducing the motivation for SDN, explain its main concepts and how it differs from traditional networking, its roots, and the standardization activities regarding this novel paradigm. Next, we present the key building blocks of an SDN infrastructure using a bottom-up, layered approach. We provide an in-depth analysis of the hardware infrastructure, southbound and northbound application programming interfaces (APIs), network virtualization layers, network operating systems (SDN controllers), network programming languages, and network applications. We also look at cross-layer problems such as debugging and troubleshooting. In an effort to anticipate the future evolution of this - ew paradigm, we discuss the main ongoing research efforts and challenges of SDN. In particular, we address the design of switches and control platforms—with a focus on aspects such as resiliency, scalability, performance, security, and dependability—as well as new opportunities for carrier transport networks and cloud providers. Last but not least, we analyze the position of SDN as a key enabler of a software-defined environment

Network virtualisation from an operator perspective

Doutoramento em Engenharia EletrotécnicaNetwork virtualisation is seen as a promising approach to overcome the so-called “Internet impasse” and bring innovation back into the Internet, by allowing easier migration towards novel networking approaches as well as the coexistence of complementary network architectures on a shared infrastructure in a commercial context. Recently, the interest from the operators and mainstream industry in network virtualisation has grown quite significantly, as the potential benefits of virtualisation became clearer, both from an economical and an operational point of view. In the beginning, the concept has been mainly a research topic and has been materialized in small-scale testbeds and research network environments. This PhD Thesis aims to provide the network operator with a set of mechanisms and algorithms capable of managing and controlling virtual networks. To this end, we propose a framework that aims to allocate, monitor and control virtual resources in a centralized and efficient manner. In order to analyse the performance of the framework, we performed the implementation and evaluation on a small-scale testbed. To enable the operator to make an efficient allocation, in real-time, and on-demand, of virtual networks onto the substrate network, it is proposed a heuristic algorithm to perform the virtual network mapping. For the network operator to obtain the highest profit of the physical network, it is also proposed a mathematical formulation that aims to maximize the number of allocated virtual networks onto the physical network. Since the power consumption of the physical network is very significant in the operating costs, it is important to make the allocation of virtual networks in fewer physical resources and onto physical resources already active. To address this challenge, we propose a mathematical formulation that aims to minimize the energy consumption of the physical network without affecting the efficiency of the allocation of virtual networks. To minimize fragmentation of the physical network while increasing the revenue of the operator, it is extended the initial formulation to contemplate the re-optimization of previously mapped virtual networks, so that the operator has a better use of its physical infrastructure. It is also necessary to address the migration of virtual networks, either for reasons of load balancing or for reasons of imminent failure of physical resources, without affecting the proper functioning of the virtual network. To this end, we propose a method based on cloning techniques to perform the migration of virtual networks across the physical infrastructure, transparently, and without affecting the virtual network. In order to assess the resilience of virtual networks to physical network failures, while obtaining the optimal solution for the migration of virtual networks in case of imminent failure of physical resources, the mathematical formulation is extended to minimize the number of nodes migrated and the relocation of virtual links. In comparison with our optimization proposals, we found out that existing heuristics for mapping virtual networks have a poor performance. We also found that it is possible to minimize the energy consumption without penalizing the efficient allocation. By applying the re-optimization on the virtual networks, it has been shown that it is possible to obtain more free resources as well as having the physical resources better balanced. Finally, it was shown that virtual networks are quite resilient to failures on the physical network.A virtualização de rede é vista como uma abordagem promissora para ultrapassar o “Impasse da Internet” e permitir inovação na Internet, possibilitando assim uma migração fácil para novas abordagens de redes, bem como a coexistência de arquiteturas de redes complementares numa infraestrutura compartilhada e em ambiente comercial. Recentemente tem crescido de forma bastante significativa o interesse pela virtualização de rede por parte dos operadores e dos grandes fabricantes, desde que os potenciais benefícios da virtualização se tornaram claros, tanto de ponto de vista económico como operacional. No início, o conceito foi versado pelo meio académico, onde foram realizadas provas de conceito de pequena escala, e em que a virtualização de rede foi considerada como forma de investigação de novos protocolos. Esta Tese de Doutoramento tem como objetivo geral dotar uma rede de operador de um conjunto de mecanismos e algoritmos capazes de gerir e controlar redes virtuais. Para este fim, é proposta uma framework que visa alocar, monitorizar e controlar recursos virtuais de uma forma centralizada e eficiente. De forma a analisar o desempenho da framework, procedeu-se à sua implementação e avaliação numa rede de pequena dimensão. De forma a permitir que se possa efetuar uma alocação eficiente, em tempo real, e a pedido, de redes virtuais numa rede física, é proposta uma heurística para efetuar o mapeamento na rede física. Para que o operador de rede possa rentabilizar ao máximo a sua infraestrutura de rede, é ainda proposta uma formulação matemática que, através de programação linear, visa maximizar o número de redes alocadas na infraestrutura de rede. Dado que o consumo energético de uma infraestrutura de rede começa a ter significância nos custos de operação, é importante que se faça a alocação das redes virtuais no menor número de recursos físicos e também em recursos físicos ativos. Para endereçar este desafio é proposta uma formulação matemática que visa minimizar o consumo energético da rede física sem afetar a eficiência da alocação de redes virtuais. Para minimizar a fragmentação da infraestrutura de rede e ao mesmo tempo aumentar as receitas do operador, é também estendida a formulação inicial para contemplar a re-otimização de redes virtuais previamente mapeadas, fazendo com que o operador tenha um melhor aproveitamento da sua infraestrutura física. Será ainda necessário endereçar a migração de redes virtuais, quer por motivos de balanceamento de carga, quer por motivos de falha iminente de recursos físicos, sem afetar o bom funcionamento da rede virtual. Para este fim, é proposto um método baseado em técnicas de clonagem, para efetuar a migração de redes virtuais entre recursos da infraestrutura física de forma transparente e sem impacto para a rede virtual. De forma a avaliar a resiliência das redes virtuais a falhas na rede física, e ao mesmo tempo obter a solução ótima de migração de redes virtuais em caso de falha iminente dos recursos físicos, a formulação matemática é estendida para minimizar o número de nós migrados em simultâneo com a realocação de ligações virtuais. Em comparação com as nossas propostas de otimização verificou-se que as heurísticas existentes para mapeamento de redes virtuais têm um desempenho muito baixo. Verificou-se ainda que é possível efetuar a redução do consumo energético sem a penalização da alocação eficiente. Com a re-otimização das redes virtuais mostrou-se que é possível obter mais recursos livres, assim como obter uma melhor distribuição dos recursos. Por último, demonstrou-se que as redes virtuais são bastante resilientes a falhas na rede física

Self-managed resources in network virtualisation environments

Network virtualisation is a promising technique for dealing with the resistance of the Internet to architectural changes, enabling a novel business model in which infrastructure management is decoupled from service provision. It allows infrastructure providers (InPs) who own substrate networks (SNs) to lease chunks of them out to service providers who then create virtual networks (VNs), which can then be re-leased out or used to provide services to end-users. However, the different VNs should be initialised, in which case virtual links and nodes must be mapped to substrate nodes and paths respectively. One of the challenges in the initialisation of VNs is the requirement of an efficient sharing of SN resources. Since the profitability of InPs depends on how many VNs are able to be allocated simultaneously onto the SN, the success of network virtualisation will depend, in part, on how efficiently VNs utilise physical network resources. This thesis contributes to efficient resource sharing in network virtualisation by dividing the problem into three sub-problems: (1) mapping virtual nodes and links to substrate nodes and paths i.e. virtual network embedding (VNE), (2) dynamic managing of the resources allocated to VNs throughout their lifetime (DRA), and (3) provisioning of backup resources to ensure survivability of the VNs. The constrained VNE problem is NP-Hard. As a result, to simplify the solution, many existing approaches propose heuristics that make assumptions (e.g. a SN with infinite resources), some of which would not apply in practical environments. This thesis proposes an improvement in VNE by proposing a one-shot VNE algorithm which is based on column generation (CG). The CG approach starts by solving a restricted version of the problem, and thereafter refines it to obtain a final solution. The objective of a one-shot mapping is to achieve better resource utilisation, while using CG significantly enhances the solution time complexity. In addition current approaches are static in the sense that after the VNE stage, the resources allocated are not altered for the entire lifetime of the VN. The few proposals that do allow for adjustments in original mappings allocate a fixed amount of node and link resources to VNs throughout their life time. Since network load varies with time due to changing user demands, allocating a fixed amount of resources based on peak load could lead to an inefficient utilisation of overall SN resources, whereby, during periods when some virtual nodes and/or links are lightly loaded, SN resources are still reserved for them, while possibly rejecting new VN requests. The second contribution of this thesis are a set of proposals that ensure that SN resources are efficiently utilised, while at the same making sure that the QoS requirements of VNs are met. For this purpose, we propose self-management algorithms in which the SN uses time-difference machine learning techniques to make autonomous decisions with respect to resource allocation. Finally, while some scientific research has already studied multi-domain VNE, the available approaches to survivable VNs have focused on the single InP environment. Since in the more practical situation a network virtualisation environment will involve multiple InPs, and because an extension of network survivability approaches from the single to multi domain environments is not trivial, this thesis proposes a distributed and dynamic approach to survivability in VNs. This is achieved by using a multi-agent-system that uses a multi-attribute negotiation protocol and a dynamic pricing model forming InPs coalitions supporting SNs resource backups. The ultimate objective is to ensure that virtual network operators maximise profitability by minimising penalties resulting from QoS violations.La virtualització de xarxes es una tècnica prometedora per afrontar la resistència d'Internet als canvis arquitectònics, que permet un nou model de negoci en el que la gestió de la infraestructura de xarxa es desacobla de la provisió del servei. Això permet als proveïdors de infraestructura (InPs), propietaris de la xarxa física substrat (SN), llogar segments d'aquesta als proveïdors dels serveis, que crearan xarxes virtuals (VNs) que a l'hora poden re-llogar-se o utilitzar-se per donar servei a usuaris finals. No obstant això, les diferents VNs s'han d'inicialitzar assignant els seus nodes i enllaços als del substrat. Un dels reptes d'aquest procés es el requisit de fer un ús eficient dels recursos de la SN. Donat que el benefici d'un InP depèn del nombre de xarxes virtuals que puguin allotjar-se simultàniament en la SN, l'èxit de la virtualització de xarxes depèn en part de quan eficient es l’ús dels recursos de la xarxa física per part de les VNs. Aquesta Tesi contribueix a la millora de l’eficiència en la compartició de recursos en la virtualització de xarxes dividint el problema en tres sots problemes: (1) assignació de nodes i enllaços virtuals a nodes i enllaços del substrat (VNE), (2) gestió dinàmica dels recursos assignats a les VNs al llarg de la seva vida útil (DRA) i (3) aprovisionament de recursos de backup per assegurar la supervivència de les VNs. La naturalesa del problema VNE el fa “NP-Hard". En conseqüència, per simplificar la solució, moltes de les propostes son heurístiques que es basen en hipòtesis (per exemple, SN amb recursos il•limitats) de difícil compliment en escenaris reals. Aquesta Tesi proposa una millora al problema VNE mitjan_cant un algorisme “one-shot VNE" basat en generació de columnes (CG). La solució CG comena resolent una versió restringida del problema, per tot seguit refinar-la i obtenir la solució final. L'objectiu del “one-shot VNE" es aconseguir millorar l’ús dels recursos, mentre que CG redueix significativament la complexitat temporal del procés. D'altre banda, les solucions actuals son estàtiques, ja que els recursos assignats en la fase VNE no es modifiquen durant tot el temps de vida útil de la VN. Les poques propostes que permeten reajustar l’assignació inicial, es basen en una assignació fixe de recursos a les VNs. No obstant això, degut a que la càrrega de la xarxa varia a conseqüència de la demanda canviant dels usuaris, assignar una quantitat fixe de recursos basada en situacions de càrrega màxima esdevé en ineficiència per infrautilització en períodes de baixa demanda, mentre que en tals períodes de demanda baixa, el tenir recursos reservats, pot originar rebutjos de noves VNs. La segona contribució d'aquesta Tesi es un conjunt de propostes que asseguren l’ús eficient dels recursos de la SN, garantint a la vegada els requeriments de qualitat de servei de totes les VNs. Amb aquesta finalitat es proposen algorismes d’autogestió en els que la SN utilitza tècniques d'aprenentatge de màquines per a materialitzar decisions autònomes en l’assignació dels recursos. Finalment, malgrat que diversos estudis han tractat ja el problema VNE en entorn multi-domini, les propostes actuals de supervivència de xarxes virtuals s'han limitat a contexts d'aprovisionament per part d'un sol InP. En canvi, a la pràctica, la virtualització de xarxes comportarà un entorn d'aprovisionament multi-domini, i com que l’extensió de solucions de supervivència d'un sol domini al multi-domini no es trivial, aquesta Tesi proposa una solució distribuïda i dinàmica per a la supervivència de VNs. Això s'aconsegueix amb un sistema multi-agent que utilitza un protocol de negociació multi-atribut i un model dinàmic de preus per formar coalicions d'InPs que proporcionaran backups als recursos de les SNs. L'objectiu últim es assegurar que els operadors de xarxes virtuals maximitzin beneficis minimitzant les penalitzacions per violació de la QoS.La virtualización de redes es una técnica prometedora para afrontar la resistencia de Internet a cambios arquitectónicos, que permite un nuevo modelo de negocio en el que la gestión de la infraestructura está desacoplada del aprovisionamiento del servicio. Esto permite a los proveedores de infraestructuras (InPs), propietarios de la red física subyacente (SN), alquilar segmentos de la misma a los proveedores de servicio, los cuales crearán redes virtuales (VNs), que a su vez pueden ser realquiladas o usadaspara proveer el servicio a usuarios finales. Sin embargo, las diferentes VNs deben inicializarse, mapeando sus nodos y enlaces en los del substrato. Uno de los retos de este proceso de inicialización es el requisito de hacer un uso eficiente de los recursos de la SN. Dado que el benecio de los InPs depende de cuantas VNs puedan alojarse simultáneamente en la SN, el éxito de la virtualización de redes depende, en parte, de cuan eficiente es el uso de los recursos de red físicos por parte de las VNs. Esta Tesis contribuye a la compartición eficiente de recursos para la virtualización de redes dividiendo el problema en tres sub-problemas: (1) mapeo de nodos y enlaces virtuales sobre nodos y enlaces del substrato (VNE), (2) gestión dinámica de los recursos asignados a las VNs a lo largo de su vida útil (DRA), y (3) aprovisionamiento de recursos de backup para asegurar la supervivencia de las VNs. La naturaleza del problema VNE lo hace “NP-Hard". En consecuencia, para simplificar la solución, muchas de las actuales propuestas son heurísticas que parten de unas suposiciones (por ejemplo, SN con recursos ilimitados) de difícil asumir en la práctica. Esta Tesis propone una mejora al problema VNE mediante un algoritmo “one-shot VNE" basado en generación de columnas (CG). La solución CG comienza resolviendo una versión restringida del problema, para después refinarla y obtener la solución final. El objetivo del “one-shot VNE" es mejorar el uso de los recursos, a la vez que con CG se reduce significativamente la complejidad temporal del proceso. Por otro lado,las propuestas actuales son estáticas, ya que los recursos asignados en la fase VNE no se alteran a lo largo de la vida útil de la VN. Las pocas propuestas que permiten reajustes del mapeado original ubican una cantidad fija de recursos a las VNs. Sin embargo, dado que la carga de red varía con el tiempo, debido a la demanda cambiante de los usuarios, ubicar una cantidad fija de recursos basada en situaciones de pico conduce a un uso ineficiente de los recursos por infrautilización de los mismos en periodos de baja demanda, mientras que en esta situación, al tener los recursos reservados, pueden rechazarse nuevas solicitudes de VNs. La segunda contribución de esta Tesis es un conjunto de propuestas para el uso eficiente de los recursos de la SN, asegurando al mismo tiempo la calidad de servicio de las VNs. Para ello se proponen algoritmos de auto-gestión en los que la SN usa técnicas de aprendizaje de máquinas para materializar decisiones autónomas en la asignación de recursos. Finalmente, aunque determinadas investigaciones ya han estudiado el problema multi-dominio VNE, las propuestas actuales de supervivencia de redes virtuales se han limitado a un entorno de provisión de infraestructura de un solo InP. Sin embargo, en la práctica, la virtualización de redes comportará un entorno de aprovisionamiento con múltiples InPs, y dado a que la extensión de las soluciones de supervivencia de un entorno único a uno multi-dominio no es trivial, esta Tesis propone una solución distribuida y dinámica a la supervivencia de VNs. Esto se consigue mediante un sistema multi-agente que usa un protocolo de negociación multi-atributo y un modelo dinámico de precios para conformar coaliciones de InPs para proporcionar backups a los recursos de las SNs. El objetivo último es asegurar que los operadores de VNs maximicen su beneficio minimizando la penalización por violación de la QoS

Ontology-driven knowledge based autonomic management for telecommunication networks : theory, implementation, and applications

Current telecommunication networks are heterogeneous, with devices manufactured by different vendors, operating on di↵erent protocols, and recorded by databases with different schemas. This heterogeneity has resulted in current network managements system becoming enormously complicated and often relying on human intervention. Knowledge based network management, which relies on a universally accepted knowledge base of the network, has been discussed extensively as a promising solution for autonomic network management. To build an autonomic network management system, a universally-shared and machine interpretable knowledge base is required which describes the resources inside the telecommunication system. Semantic web technologies, especially ontologies, have been used for many years in building autonomic knowledge based systems in Artificial Intelligence. There is a pressing need for a standard ontology to enable technology agnostic, autonomic control in telecommunication networks. Network clients need to describe the resource they require, while resource providers need to describe the resource they can provide. With semantic technologies, the data inside complex hybrid networks can be treated as a distributed knowledge graph, where an SQL-like language – SPARQL is ready to search, locate, and configure a node or link of the network. The goal of this thesis is two-fold. The first goal is to build a formal, machine interpretable information model for the current heterogeneous networks. Thus, we propose an ontology, describing resources inside the hybrid telecommunication networks with different technology domains. This ontology follows the Device-Interface-Link pattern, which we identified during the modelling process for networks within different technology domains. The second goal is to develop a system that can use this ontology to build a knowledge base automatically and enable autonomic reasoning over it. We develop a Semantic Enabled Autonomic management system of software defined NETworks (SEANET), a lightweight, plug-and-play, technology-independent solution for knowledge-based autonomic network management that uses the proposed ontology. SEANET abstracts details of network management into a formally defined knowledge graph augmented by inference rules. SEANET’s architecture consists of three components: a knowledge base generator, a SPARQL engine, and an open API. With the open API developed, SEANET enables users without knowledge of Semantic Web or telecommunication networks to develop semantic-intelligent applications on their production networks. Use cases of the proposed ontology and system are demonstrated in the thesis, ranging from network management task and social applications

Models, methods, and tools for developing MMOG backends on commodity clouds

Online multiplayer games have grown to unprecedented scales, attracting millions of players worldwide. The revenue from this industry has already eclipsed well-established entertainment industries like music and films and is expected to continue its rapid growth in the future. Massively Multiplayer Online Games (MMOGs) have also been extensively used in research studies and education, further motivating the need to improve their development process. The development of resource-intensive, distributed, real-time applications like MMOG backends involves a variety of challenges. Past research has primarily focused on the development and deployment of MMOG backends on dedicated infrastructures such as on-premise data centers and private clouds, which provide more flexibility but are expensive and hard to set up and maintain. A limited set of works has also focused on utilizing the Infrastructure-as-a-Service (IaaS) layer of public clouds to deploy MMOG backends. These clouds can offer various advantages like a lower barrier to entry, a larger set of resources, etc. but lack resource elasticity, standardization, and focus on development effort, from which MMOG backends can greatly benefit. Meanwhile, other research has also focused on solving various problems related to consistency, performance, and scalability. Despite major advancements in these areas, there is no standardized development methodology to facilitate these features and assimilate the development of MMOG backends on commodity clouds. This thesis is motivated by the results of a systematic mapping study that identifies a gap in research, evident from the fact that only a handful of studies have explored the possibility of utilizing serverless environments within commodity clouds to host these types of backends. These studies are mostly vision papers and do not provide any novel contributions in terms of methods of development or detailed analyses of how such systems could be developed. Using the knowledge gathered from this mapping study, several hypotheses are proposed and a set of technical challenges is identified, guiding the development of a new methodology. The peculiarities of MMOG backends have so far constrained their development and deployment on commodity clouds despite rapid advancements in technology. To explore whether such environments are viable options, a feasibility study is conducted with a minimalistic MMOG prototype to evaluate a limited set of public clouds in terms of hosting MMOG backends. Foli lowing encouraging results from this study, this thesis first motivates toward and then presents a set of models, methods, and tools with which scalable MMOG backends can be developed for and deployed on commodity clouds. These are encapsulated into a software development framework called Athlos which allows software engineers to leverage the proposed development methodology to rapidly create MMOG backend prototypes that utilize the resources of these clouds to attain scalable states and runtimes. The proposed approach is based on a dynamic model which aims to abstract the data requirements and relationships of many types of MMOGs. Based on this model, several methods are outlined that aim to solve various problems and challenges related to the development of MMOG backends, mainly in terms of performance and scalability. Using a modular software architecture, and standardization in common development areas, the proposed framework aims to improve and expedite the development process leading to higher-quality MMOG backends and a lower time to market. The models and methods proposed in this approach can be utilized through various tools during the development lifecycle. The proposed development framework is evaluated qualitatively and quantitatively. The thesis presents three case study MMOG backend prototypes that validate the suitability of the proposed approach. These case studies also provide a proof of concept and are subsequently used to further evaluate the framework. The propositions in this thesis are assessed with respect to the performance, scalability, development effort, and code maintainability of MMOG backends developed using the Athlos framework, using a variety of methods such as small and large-scale simulations and more targeted experimental setups. The results of these experiments uncover useful information about the behavior of MMOG backends. In addition, they provide evidence that MMOG backends developed using the proposed methodology and hosted on serverless environments can: (a) support a very high number of simultaneous players under a given latency threshold, (b) elastically scale both in terms of processing power and memory capacity and (c) significantly reduce the amount of development effort. The results also show that this methodology can accelerate the development of high-performance, distributed, real-time applications like MMOG backends, while also exposing the limitations of Athlos in terms of code maintainability. Finally, the thesis provides a reflection on the research objectives, considerations on the hypotheses and technical challenges, and outlines plans for future work in this domain

Secure identity management in structured peer-to-peer (P2P) networks

Structured Peer-to-Peer (P2P) networks were proposed to solve routing problems of big distributed infrastructures. But the research community has been questioning their security for years. Most prior work in security services was focused on secure routing, reputation systems, anonymity, etc. However, the proper management of identities is an important prerequisite to provide most of these security services. The existence of anonymous nodes and the lack of a centralized authority capable of monitoring (and/or punishing) nodes make these systems more vulnerable against selfish or malicious behaviors. Moreover, these improper usages cannot be faced only with data confidentiality, nodes authentication, non-repudiation, etc. In particular, structured P2P networks should follow the following secure routing primitives: (1) secure maintenance of routing tables, (2) secure routing of messages, and (3) secure identity assignment to nodes. But the first two problems depend in some way on the third one. If nodes’ identifiers can be chosen by users without any control, these networks can have security and operational problems. Therefore, like any other network or service, structured P2P networks require a robust access control to prevent potential attackers joining the network and a robust identity assignment system to guarantee their proper operation. In this thesis, firstly, we analyze the operation of the current structured P2P networks when managing identities in order to identify what security problems are related to the nodes’ identifiers within the overlay, and propose a series of requirements to be accomplished by any generated node ID to provide more security to a DHT-based structured P2P network. Secondly, we propose the use of implicit certificates to provide more security and to exploit the improvement in bandwidth, storage and performance that these certificates present compared to explicit certificates, design three protocols to assign nodes’ identifiers avoiding the identified problems, while maintaining user anonymity and allowing users’ traceability. Finally, we analyze the operation of the most used mechanisms to distribute revocation data in the Internet, with special focus on the proposed systems to work in P2P networks, and design a new mechanism to distribute revocation data more efficiently in a structured P2P network.Las redes P2P estructuradas fueron propuestas para solventar problemas de enrutamiento en infraestructuras de grandes dimensiones pero su nivel de seguridad lleva años siendo cuestionado por la comunidad investigadora. La mayor parte de los trabajos que intentan mejorar la seguridad de estas redes se han centrado en proporcionar encaminamiento seguro, sistemas de reputación, anonimato de los usuarios, etc. Sin embargo, la adecuada gestión de las identidades es un requisito sumamente importante para proporcionar los servicios mencionados anteriormente. La existencia de nodos anónimos y la falta de una autoridad centralizada capaz de monitorizar (y/o penalizar) a los nodos hace que estos sistemas sean más vulnerables que otros a comportamientos maliciosos por parte de los usuarios. Además, esos comportamientos inadecuados no pueden ser detectados proporcionando únicamente confidencialidad de los datos, autenticación de los nodos, no repudio, etc. Las redes P2P estructuradas deberían seguir las siguientes primitivas de enrutamiento seguro: (1) mantenimiento seguro de las tablas de enrutamiento, (2) enrutamiento seguro de los mensajes, and (3) asignación segura de las identidades. Pero la primera de los dos primitivas depende de alguna forma de la tercera. Si las identidades de los nodos pueden ser elegidas por sus usuarios sin ningún tipo de control, muy probablemente aparecerán muchos problemas de funcionamiento y seguridad. Por lo tanto, de la misma forma que otras redes y servicios, las redes P2P estructuradas requieren de un control de acceso robusto para prevenir la presencia de atacantes potenciales, y un sistema robusto de asignación de identidades para garantizar su adecuado funcionamiento. En esta tesis, primero de todo analizamos el funcionamiento de las redes P2P estructuradas basadas en el uso de DHTs (Tablas de Hash Distribuidas), cómo gestionan las identidades de sus nodos, identificamos qué problemas de seguridad están relacionados con la identificación de los nodos y proponemos una serie de requisitos para generar identificadores de forma segura. Más adelante proponemos el uso de certificados implícitos para proporcionar más seguridad y explotar las mejoras en consumo de ancho de banda, almacenamiento y rendimiento que proporcionan estos certificados en comparación con los certificados explícitos. También hemos diseñado tres protocolos de asignación segura de identidades, los cuales evitan la mayor parte de los problemas identificados mientras mantienen el anonimato de los usuarios y la trazabilidad. Finalmente hemos analizado el funcionamiento de la mayoría de los mecanismos utilizados para distribuir datos de revocación en Internet, con especial interés en los sistemas propuestos para operar en redes P2P, y hemos diseñado un nuevo mecanismo para distribuir datos de revocación de forma más eficiente en redes P2P estructuradas.Postprint (published version

Safety and Reliability - Safe Societies in a Changing World

The contributions cover a wide range of methodologies and application areas for safety and reliability that contribute to safe societies in a changing world. These methodologies and applications include: - foundations of risk and reliability assessment and management - mathematical methods in reliability and safety - risk assessment - risk management - system reliability - uncertainty analysis - digitalization and big data - prognostics and system health management - occupational safety - accident and incident modeling - maintenance modeling and applications - simulation for safety and reliability analysis - dynamic risk and barrier management - organizational factors and safety culture - human factors and human reliability - resilience engineering - structural reliability - natural hazards - security - economic analysis in risk managemen