14 research outputs found
Topology-Awareness and Re-optimization Mechanism for Virtual Network Embedding
Embedding of virtual network (VN) requests on top of a shared physical network poses an intriguing combination of theoretical and practical challenges. Two major problems with the state-of-the-art VN embedding algorithms are their indifference to the underlying substrate topology and their lack of re-optimization mechanisms for already embedded VN requests. We argue that topology-aware embedding together with re-optimization mechanisms can improve the performance of the previous VN embedding algorithms in terms of acceptance ratio and load balancing. The major contributions of this thesis are twofold: (1) we present a mechanism to differentiate among resources based on their importance in the substrate
topology, and (2) we propose a set of algorithms for re-optimizing and
re-embedding initially-rejected VN requests after fixing their bottleneck
requirements. Through extensive simulations, we show that not only our techniques improve the acceptance ratio, but they also provide the added benefit of balancing load better than previous proposals. The metrics we use to validate our techniques are improvement in acceptance ratio, revenue-cost ratio, incurred cost, and distribution of utilization
Demonstração de criação de redes virtuais no âmbito do operador
Mestrado em Engenharia Electrónica e TelecomunicaçõesA Internet nunca foi pensada para suportar a multiplicidade de serviços
e a quantidade de utilizadores que tem actualmente. Conjugando este
facto com uma crescente exigência quer a nível de desempenho, quer
a nível de flexibilidade e robustez, facilmente se percebe que a arquitectura
actual não corresponde nem às necessidades e exigências dos
utilizadores actuais nem dos futuros.
A virtualização de rede é, assim, apresentada como uma possível
solução para este problema. Ao permitir que um conjunto
de redes com requisitos e arquitecturas distintos, optimizados para
diferentes aplicações, partilhem uma mesma infra-estrutura e sejam
independentes desta, permitirá o desenvolvimento de alternativas que
minimizem ou suprimam as limitações conhecidas da Internet actual.
O facto de uma mesma rede física poder ser utilizada para suportar
múltiplas redes virtuais é de grande interesse para os operadores. Ao
melhorar a utilização da infra-estrutura e a consolidação de recursos,
é possível aumentar a rentabilidade da mesma. Além desta mais
eficiente utilização, que se traduz numa vantagem competitiva, a
virtualização de rede permite o aparecimento de novos modelos de
negócio através da dissociação entre serviços e a rede física.
Neste sentido, e no âmbito do projecto 4WARD, esta dissertação
propõe-se a desenvolver uma plataforma de virtualização que permita
a avaliação, resolução de problemas e testes referentes à criação,
monitorização e gestão de redes virtuais existentes numa rede física
experimental.
Foram desenvolvidas funcionalidades dinâmicas de monitorização
de rede, através das quais é possível detectar situações de
falhas, sobre utilização ou problemas de configuração. Também foram
desenvolvidos, simulados e implementados algoritmos distribuídos
de descoberta de redes físicas e virtuais. Na vertente de gestão da
rede, foram implementados mecanismos que permitem actuar sobre
os recursos virtuais. Por fim, para que a criação inteligente de redes
virtuais fosse possível e efectuada o mais rapidamente possível, foram
desenvolvidos algoritmos de mapeamento dinâmico de redes virtuais
e optimizados os processos de criação dos respectivos nós.
Por forma a disponibilizar e testar as funcionalidades, foi desenvolvida
uma plataforma de virtualização que fornece um ambiente
gráfico e que permite, de forma intuitiva, desenhar e configurar redes
virtuais, monitorizar as redes existentes em tempo real e actuar sobre
elas. Esta plataforma foi desenvolvida de forma modular e poderá
servir como base para futuros melhoramentos e funcionalidades.
Os resultados obtidos, além de implementarem as funcionalidades
desejadas e de comprovarem a escalabilidade da arquitectura e dos
algoritmos propostos, provam que é possível a existência de uma
ferramenta única de gestão, monitorização e criação de redes virtuais.The Internet was never designed to support the huge amount of services
and users that it has nowadays. Combined with ever-increasing
requirements for performance, flexibility, and robustness, one can
easily realize that the current architecture does not match neither the
needs nor the demands of the current and future users.
Network virtualization arises as a potential solution for these issues.
By letting multiple networks, optimized for different applications
with different requirements and architectures, to coexist and share the
same infrastructure in an independent way, new alternatives may be
developed that bypass the known limitations of the current Internet.
This ability to use the same physical infrastructure to hold multiple
virtual networks is of great interest for network operators. By
improving its infrastructure utilization and increasing the resource
consolidation, higher profitability can be achieved. Besides this competitive
advantage, network virtualization enables new business models
and the dissociation of the provided services from the physical network.
With that goal in mind, this Thesis, in the scope of the 4WARD
project, presents a virtualization platform that will enable the evaluation
and solving of the inherent problems associated with the creation,
monitoring and management of virtual networks, embedded in an
experimental physical network.
The developed dynamic monitoring features make the detection
of failures, misconfigurations or overloads possible. In addition,
physical and virtual network discovery mechanisms were designed,
simulated and implemented. Regarding network management, acting
upon virtual resources was also made possible. Finally, in order to
optimize and speed-up virtual network creation, dynamic mapping
algorithms and optimized node creation processes were developed.
In order to provide and test the specified features, a network virtualization
platform was developed containing a graphical user
interface that aims to provide the users with a simple, interactive,
intuitive way of designing and configuring virtual networks, as well as
monitoring and managing them. The developed platform poses itself as
a possible platform for future enhancements and added functionalities,
due to its modular nature.
The attained results, besides implementing the desired features
and having proven the scalability and feasibility of the proposed
algorithms, are also the evidence that the existence of a single tool to
manage, monitor and create virtual networks is feasible
Software-Defined Networking: A Comprehensive Survey
peer reviewedThe Internet has led to the creation of a digital society, where (almost) everything is connected and is accessible from anywhere. However, despite their widespread adoption, traditional IP networks are complex and very hard to manage. It is both difficult to configure the network according to predefined policies, and to reconfigure it to respond to faults, load, and changes. To make matters even more difficult, current networks are also vertically integrated: the control and data planes are bundled together. Software-defined networking (SDN) is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns, introduced between the definition of network policies, their implementation in switching hardware, and the forwarding of traffic, is key to the desired flexibility: by breaking the network control problem into tractable pieces, SDN makes it easier to create and introduce new abstractions in networking, simplifying network management and facilitating network evolution. In this paper, we present a comprehensive survey on SDN. We start by introducing the motivation for SDN, explain its main concepts and how it differs from traditional networking, its roots, and the standardization activities regarding this novel paradigm. Next, we present the key building blocks of an SDN infrastructure using a bottom-up, layered approach. We provide an in-depth analysis of the hardware infrastructure, southbound and northbound application programming interfaces (APIs), network virtualization layers, network operating systems (SDN controllers), network programming languages, and network applications. We also look at cross-layer problems such as debugging and troubleshooting. In an effort to anticipate the future evolution of this - ew paradigm, we discuss the main ongoing research efforts and challenges of SDN. In particular, we address the design of switches and control platforms—with a focus on aspects such as resiliency, scalability, performance, security, and dependability—as well as new opportunities for carrier transport networks and cloud providers. Last but not least, we analyze the position of SDN as a key enabler of a software-defined environment
Network virtualisation from an operator perspective
Doutoramento em Engenharia EletrotécnicaNetwork virtualisation is seen as a promising approach to overcome the so-called
“Internet impasse” and bring innovation back into the Internet, by allowing easier
migration towards novel networking approaches as well as the coexistence of complementary
network architectures on a shared infrastructure in a commercial context.
Recently, the interest from the operators and mainstream industry in network
virtualisation has grown quite significantly, as the potential benefits of virtualisation
became clearer, both from an economical and an operational point of view. In the
beginning, the concept has been mainly a research topic and has been materialized
in small-scale testbeds and research network environments. This PhD Thesis aims
to provide the network operator with a set of mechanisms and algorithms capable
of managing and controlling virtual networks. To this end, we propose a framework
that aims to allocate, monitor and control virtual resources in a centralized and
efficient manner. In order to analyse the performance of the framework, we performed
the implementation and evaluation on a small-scale testbed. To enable the
operator to make an efficient allocation, in real-time, and on-demand, of virtual
networks onto the substrate network, it is proposed a heuristic algorithm to perform
the virtual network mapping. For the network operator to obtain the highest
profit of the physical network, it is also proposed a mathematical formulation that
aims to maximize the number of allocated virtual networks onto the physical network.
Since the power consumption of the physical network is very significant in
the operating costs, it is important to make the allocation of virtual networks in
fewer physical resources and onto physical resources already active. To address
this challenge, we propose a mathematical formulation that aims to minimize the
energy consumption of the physical network without affecting the efficiency of the
allocation of virtual networks. To minimize fragmentation of the physical network
while increasing the revenue of the operator, it is extended the initial formulation
to contemplate the re-optimization of previously mapped virtual networks, so that
the operator has a better use of its physical infrastructure. It is also necessary to
address the migration of virtual networks, either for reasons of load balancing or
for reasons of imminent failure of physical resources, without affecting the proper
functioning of the virtual network. To this end, we propose a method based on
cloning techniques to perform the migration of virtual networks across the physical
infrastructure, transparently, and without affecting the virtual network. In order to
assess the resilience of virtual networks to physical network failures, while obtaining
the optimal solution for the migration of virtual networks in case of imminent
failure of physical resources, the mathematical formulation is extended to minimize
the number of nodes migrated and the relocation of virtual links. In comparison
with our optimization proposals, we found out that existing heuristics for mapping
virtual networks have a poor performance. We also found that it is possible to
minimize the energy consumption without penalizing the efficient allocation. By
applying the re-optimization on the virtual networks, it has been shown that it
is possible to obtain more free resources as well as having the physical resources
better balanced. Finally, it was shown that virtual networks are quite resilient to
failures on the physical network.A virtualização de rede é vista como uma abordagem promissora para ultrapassar
o “Impasse da Internet” e permitir inovação na Internet, possibilitando assim
uma migração fácil para novas abordagens de redes, bem como a coexistência
de arquiteturas de redes complementares numa infraestrutura compartilhada e em
ambiente comercial. Recentemente tem crescido de forma bastante significativa o
interesse pela virtualização de rede por parte dos operadores e dos grandes fabricantes,
desde que os potenciais benefícios da virtualização se tornaram claros, tanto
de ponto de vista económico como operacional. No início, o conceito foi versado
pelo meio académico, onde foram realizadas provas de conceito de pequena escala,
e em que a virtualização de rede foi considerada como forma de investigação de
novos protocolos. Esta Tese de Doutoramento tem como objetivo geral dotar uma
rede de operador de um conjunto de mecanismos e algoritmos capazes de gerir e
controlar redes virtuais. Para este fim, é proposta uma framework que visa alocar,
monitorizar e controlar recursos virtuais de uma forma centralizada e eficiente. De
forma a analisar o desempenho da framework, procedeu-se à sua implementação
e avaliação numa rede de pequena dimensão. De forma a permitir que se possa
efetuar uma alocação eficiente, em tempo real, e a pedido, de redes virtuais numa
rede física, é proposta uma heurística para efetuar o mapeamento na rede física.
Para que o operador de rede possa rentabilizar ao máximo a sua infraestrutura de
rede, é ainda proposta uma formulação matemática que, através de programação
linear, visa maximizar o número de redes alocadas na infraestrutura de rede. Dado
que o consumo energético de uma infraestrutura de rede começa a ter significância
nos custos de operação, é importante que se faça a alocação das redes virtuais
no menor número de recursos físicos e também em recursos físicos ativos. Para
endereçar este desafio é proposta uma formulação matemática que visa minimizar o
consumo energético da rede física sem afetar a eficiência da alocação de redes virtuais.
Para minimizar a fragmentação da infraestrutura de rede e ao mesmo tempo
aumentar as receitas do operador, é também estendida a formulação inicial para
contemplar a re-otimização de redes virtuais previamente mapeadas, fazendo com
que o operador tenha um melhor aproveitamento da sua infraestrutura física. Será
ainda necessário endereçar a migração de redes virtuais, quer por motivos de balanceamento
de carga, quer por motivos de falha iminente de recursos físicos, sem
afetar o bom funcionamento da rede virtual. Para este fim, é proposto um método
baseado em técnicas de clonagem, para efetuar a migração de redes virtuais entre
recursos da infraestrutura física de forma transparente e sem impacto para a rede
virtual. De forma a avaliar a resiliência das redes virtuais a falhas na rede física,
e ao mesmo tempo obter a solução ótima de migração de redes virtuais em caso
de falha iminente dos recursos físicos, a formulação matemática é estendida para
minimizar o número de nós migrados em simultâneo com a realocação de ligações
virtuais. Em comparação com as nossas propostas de otimização verificou-se que
as heurísticas existentes para mapeamento de redes virtuais têm um desempenho
muito baixo. Verificou-se ainda que é possível efetuar a redução do consumo energético
sem a penalização da alocação eficiente. Com a re-otimização das redes
virtuais mostrou-se que é possível obter mais recursos livres, assim como obter
uma melhor distribuição dos recursos. Por último, demonstrou-se que as redes
virtuais são bastante resilientes a falhas na rede física
Self-managed resources in network virtualisation environments
Network virtualisation is a promising technique for dealing with the resistance of the Internet to architectural changes, enabling a novel business model in which infrastructure management is decoupled from service provision. It allows infrastructure providers (InPs) who own substrate networks (SNs) to lease chunks of them out to service providers who then create virtual networks (VNs), which can then be re-leased out or used to provide services to end-users.
However, the different VNs should be initialised, in which case virtual links and nodes must be mapped to substrate nodes and paths respectively. One of the challenges in the initialisation of VNs is the requirement of an efficient sharing of SN resources. Since the profitability of InPs depends on how many VNs are able to be allocated simultaneously onto the SN, the success of network virtualisation will depend, in part, on how efficiently VNs utilise physical network resources. This thesis contributes to efficient resource sharing in network virtualisation by dividing the problem into three sub-problems: (1) mapping virtual nodes and links to substrate nodes and paths i.e. virtual network embedding (VNE), (2) dynamic managing of the resources allocated to VNs throughout their lifetime (DRA), and (3) provisioning of backup resources to ensure survivability of the VNs.
The constrained VNE problem is NP-Hard. As a result, to simplify the solution, many existing approaches propose heuristics that make assumptions (e.g. a SN with infinite resources), some of which would not apply in practical environments. This thesis proposes an improvement in VNE by proposing a one-shot VNE algorithm which is based on column generation (CG). The CG approach starts by solving a restricted version of the problem, and thereafter refines it to obtain a final solution. The objective of a one-shot mapping is to achieve better resource utilisation, while using CG significantly enhances the solution time complexity.
In addition current approaches are static in the sense that after the VNE stage, the resources allocated are not altered for the entire lifetime of the VN. The few proposals that do allow for adjustments in original mappings allocate a fixed amount of node and link resources to VNs throughout their life time. Since network load varies with time due to changing user demands, allocating a fixed amount of resources based on peak load could lead to an inefficient utilisation of overall SN resources, whereby, during periods when some virtual nodes and/or links are lightly loaded, SN resources are still reserved for them, while possibly rejecting new VN requests. The second contribution of this thesis are a set of proposals that ensure that SN resources are efficiently utilised, while at the same making sure that the QoS requirements of VNs are met. For this purpose, we propose self-management algorithms in which the SN uses time-difference machine learning techniques to make autonomous decisions with respect to resource allocation.
Finally, while some scientific research has already studied multi-domain VNE, the available approaches to survivable VNs have focused on the single InP environment. Since in the more practical situation a network virtualisation environment will involve multiple InPs, and because an extension of network survivability approaches from the single to multi domain environments is not trivial, this thesis proposes a distributed and dynamic approach to survivability in VNs. This is achieved by using a multi-agent-system that uses a multi-attribute negotiation protocol and a dynamic pricing model forming InPs coalitions supporting SNs resource backups. The ultimate objective is to ensure that virtual network operators maximise profitability by minimising penalties resulting from QoS violations.La virtualització de xarxes es una tècnica prometedora per afrontar la resistència d'Internet als canvis arquitectònics, que permet un nou model de negoci en el que la gestió de la infraestructura de xarxa es desacobla de la provisió del servei. Això permet als proveïdors de infraestructura (InPs), propietaris de la xarxa física substrat (SN), llogar segments d'aquesta als proveïdors dels serveis, que crearan xarxes virtuals (VNs) que a l'hora poden re-llogar-se o utilitzar-se per donar servei a usuaris finals.
No obstant això, les diferents VNs s'han d'inicialitzar assignant els seus nodes i enllaços als del substrat. Un dels reptes d'aquest procés es el requisit de fer un ús eficient dels recursos de la SN. Donat que el benefici d'un InP depèn del nombre de xarxes virtuals que puguin allotjar-se simultàniament en la SN, l'èxit de la virtualització de xarxes depèn en part de quan eficient es l’ús dels recursos de la xarxa física per part de les VNs. Aquesta Tesi contribueix a la millora de l’eficiència en la compartició de recursos en la virtualització de xarxes dividint el problema en tres sots problemes: (1) assignació de nodes i enllaços virtuals a nodes i enllaços del substrat (VNE), (2) gestió dinàmica dels recursos assignats a les VNs al llarg de la seva vida útil (DRA) i (3) aprovisionament de recursos de backup per assegurar la supervivència de les VNs.
La naturalesa del problema VNE el fa “NP-Hard". En conseqüència, per simplificar la solució, moltes de les propostes son heurístiques que es basen en hipòtesis (per exemple, SN amb recursos il•limitats) de difícil compliment en escenaris reals.
Aquesta Tesi proposa una millora al problema VNE mitjan_cant un algorisme “one-shot VNE" basat en generació de columnes (CG). La solució CG comena resolent una versió restringida del problema, per tot seguit refinar-la i obtenir la solució final.
L'objectiu del “one-shot VNE" es aconseguir millorar l’ús dels recursos, mentre que CG redueix significativament la complexitat temporal del procés.
D'altre banda, les solucions actuals son estàtiques, ja que els recursos assignats en la fase VNE no es modifiquen durant tot el temps de vida útil de la VN. Les poques propostes que permeten reajustar l’assignació inicial, es basen en una assignació fixe de recursos a les VNs. No obstant això, degut a que la càrrega de la xarxa varia a conseqüència de la demanda canviant dels usuaris, assignar una quantitat fixe de recursos basada en situacions de càrrega màxima esdevé en ineficiència per infrautilització en períodes de baixa demanda, mentre que en tals períodes de demanda baixa, el tenir recursos reservats, pot originar rebutjos de noves VNs. La segona contribució
d'aquesta Tesi es un conjunt de propostes que asseguren l’ús eficient dels recursos de la SN, garantint a la vegada els requeriments de qualitat de servei de totes les VNs. Amb aquesta finalitat es proposen algorismes d’autogestió en els que la SN utilitza tècniques d'aprenentatge de màquines per a materialitzar decisions autònomes en l’assignació dels recursos.
Finalment, malgrat que diversos estudis han tractat ja el problema VNE en entorn multi-domini, les propostes actuals de supervivència de xarxes virtuals s'han limitat a contexts d'aprovisionament per part d'un sol InP. En canvi, a la pràctica, la virtualització de xarxes comportarà un entorn d'aprovisionament multi-domini, i com que l’extensió de solucions de supervivència d'un sol domini al multi-domini no es trivial, aquesta Tesi proposa una solució distribuïda i dinàmica per a la supervivència de VNs. Això s'aconsegueix amb un sistema multi-agent que utilitza un protocol de negociació multi-atribut i un model dinàmic de preus per formar coalicions d'InPs que proporcionaran backups als recursos de les SNs. L'objectiu últim es assegurar que els operadors de xarxes virtuals maximitzin beneficis minimitzant les penalitzacions per violació de la QoS.La virtualización de redes es una técnica prometedora para afrontar la resistencia de Internet a cambios arquitectónicos, que permite un nuevo modelo de negocio en el que la gestión de la infraestructura está desacoplada del aprovisionamiento del servicio. Esto permite a los proveedores de infraestructuras (InPs), propietarios de la red física subyacente (SN), alquilar segmentos de la misma a los proveedores de servicio, los cuales crearán redes virtuales (VNs), que a su vez pueden ser realquiladas o usadaspara proveer el servicio a usuarios finales.
Sin embargo, las diferentes VNs deben inicializarse, mapeando sus nodos y enlaces en los del substrato. Uno de los retos de este proceso de inicialización es el requisito de hacer un uso eficiente de los recursos de la SN. Dado que el benecio de los InPs depende de cuantas VNs puedan alojarse simultáneamente en la SN, el éxito de la virtualización de redes depende, en parte, de cuan eficiente es el uso de los recursos de red físicos por parte de las VNs. Esta Tesis contribuye a la compartición eficiente de recursos para la virtualización de redes dividiendo el problema en tres sub-problemas:
(1) mapeo de nodos y enlaces virtuales sobre nodos y enlaces del substrato (VNE), (2) gestión dinámica de los recursos asignados a las VNs a lo largo de su vida útil (DRA), y (3) aprovisionamiento de recursos de backup para asegurar la supervivencia de las VNs.
La naturaleza del problema VNE lo hace “NP-Hard". En consecuencia, para simplificar la solución, muchas de las actuales propuestas son heurísticas que parten de unas suposiciones (por ejemplo, SN con recursos ilimitados) de difícil asumir en la práctica. Esta Tesis propone una mejora al problema VNE mediante un algoritmo “one-shot VNE" basado en generación de columnas (CG). La solución CG comienza resolviendo una versión restringida del problema, para después refinarla y obtener la solución final. El objetivo del “one-shot VNE" es mejorar el uso de los recursos, a la vez que con CG se reduce significativamente la complejidad temporal del proceso.
Por otro lado,las propuestas actuales son estáticas, ya que los recursos asignados en la fase VNE no se alteran a lo largo de la vida útil de la VN. Las pocas propuestas que permiten reajustes del mapeado original ubican una cantidad fija de recursos a las VNs.
Sin embargo, dado que la carga de red varía con el tiempo, debido a la demanda cambiante de los usuarios, ubicar una cantidad fija de recursos basada en situaciones de pico conduce a un uso ineficiente de los recursos por infrautilización de los mismos en periodos de baja demanda, mientras que en esta situación, al tener los recursos reservados, pueden rechazarse nuevas solicitudes de VNs. La segunda contribución de esta Tesis es un conjunto de propuestas para el uso eficiente de los recursos de la SN, asegurando al mismo tiempo la calidad de servicio de las VNs.
Para ello se proponen algoritmos de auto-gestión en los que la SN usa técnicas de aprendizaje de máquinas para materializar decisiones autónomas en la asignación de recursos.
Finalmente, aunque determinadas investigaciones ya han estudiado el problema multi-dominio VNE, las propuestas actuales de supervivencia de redes virtuales se han limitado a un entorno de provisión de infraestructura de un solo InP. Sin embargo, en la práctica, la virtualización de redes comportará un entorno de aprovisionamiento con múltiples InPs, y dado a que la extensión de las soluciones de supervivencia de un entorno único a uno multi-dominio no es trivial, esta Tesis propone una solución distribuida y dinámica a la supervivencia de VNs. Esto se consigue mediante un sistema multi-agente que usa un protocolo de negociación multi-atributo y un modelo dinámico de precios para conformar coaliciones de InPs para proporcionar backups a los recursos de las SNs. El objetivo último es asegurar que los operadores de VNs maximicen su beneficio minimizando la penalización por violación de la QoS
Ontology-driven knowledge based autonomic management for telecommunication networks : theory, implementation, and applications
Current telecommunication networks are heterogeneous, with devices manufactured by different vendors, operating on di↵erent protocols, and recorded by databases with different schemas. This heterogeneity has resulted in current network managements system becoming enormously complicated and often relying on human intervention. Knowledge based network management, which relies on a universally accepted knowledge base of the network, has been discussed extensively as a promising solution for autonomic network management. To build an autonomic network management system, a universally-shared and machine interpretable knowledge base is required which describes the resources inside the telecommunication system. Semantic web technologies, especially ontologies, have been used for many years in building autonomic knowledge based systems in Artificial Intelligence. There is a pressing need for a standard ontology to enable technology agnostic, autonomic control in telecommunication networks. Network clients need to describe the resource they require, while resource providers need to describe the resource they can provide. With semantic technologies, the data inside complex hybrid networks can be treated as a distributed knowledge graph, where an SQL-like language – SPARQL is ready to search, locate, and configure a node or link of the network.
The goal of this thesis is two-fold. The first goal is to build a formal, machine interpretable information model for the current heterogeneous networks. Thus, we propose an ontology, describing resources inside the hybrid telecommunication networks with different technology domains. This ontology follows the Device-Interface-Link pattern, which we identified during the modelling process for networks within different technology domains. The second goal is to develop a system that can use this ontology to build a knowledge base automatically and enable autonomic reasoning over it. We develop a Semantic Enabled Autonomic management system of software defined NETworks (SEANET), a lightweight, plug-and-play, technology-independent solution for knowledge-based autonomic network management that uses the proposed ontology. SEANET abstracts details of network management into a formally defined knowledge graph augmented by inference rules. SEANET’s architecture consists of three components: a knowledge base generator, a SPARQL engine, and an open API. With the open API developed, SEANET enables users without knowledge of Semantic Web or telecommunication networks to develop semantic-intelligent applications on their production networks. Use cases of the proposed ontology and system are demonstrated in the thesis, ranging from network management task and social applications
Models, methods, and tools for developing MMOG backends on commodity clouds
Online multiplayer games have grown to unprecedented scales, attracting millions of players
worldwide. The revenue from this industry has already eclipsed well-established entertainment
industries like music and films and is expected to continue its rapid growth in the future.
Massively Multiplayer Online Games (MMOGs) have also been extensively used in research
studies and education, further motivating the need to improve their development process.
The development of resource-intensive, distributed, real-time applications like MMOG backends
involves a variety of challenges. Past research has primarily focused on the development and
deployment of MMOG backends on dedicated infrastructures such as on-premise data centers
and private clouds, which provide more flexibility but are expensive and hard to set up and
maintain. A limited set of works has also focused on utilizing the Infrastructure-as-a-Service
(IaaS) layer of public clouds to deploy MMOG backends. These clouds can offer various advantages
like a lower barrier to entry, a larger set of resources, etc. but lack resource elasticity,
standardization, and focus on development effort, from which MMOG backends can greatly
benefit.
Meanwhile, other research has also focused on solving various problems related to consistency,
performance, and scalability. Despite major advancements in these areas, there is no standardized
development methodology to facilitate these features and assimilate the development of
MMOG backends on commodity clouds. This thesis is motivated by the results of a systematic
mapping study that identifies a gap in research, evident from the fact that only a handful
of studies have explored the possibility of utilizing serverless environments within commodity
clouds to host these types of backends. These studies are mostly vision papers and do
not provide any novel contributions in terms of methods of development or detailed analyses
of how such systems could be developed. Using the knowledge gathered from this mapping
study, several hypotheses are proposed and a set of technical challenges is identified, guiding
the development of a new methodology.
The peculiarities of MMOG backends have so far constrained their development and deployment
on commodity clouds despite rapid advancements in technology. To explore whether such
environments are viable options, a feasibility study is conducted with a minimalistic MMOG
prototype to evaluate a limited set of public clouds in terms of hosting MMOG backends. Foli
lowing encouraging results from this study, this thesis first motivates toward and then presents
a set of models, methods, and tools with which scalable MMOG backends can be developed
for and deployed on commodity clouds. These are encapsulated into a software development
framework called Athlos which allows software engineers to leverage the proposed development
methodology to rapidly create MMOG backend prototypes that utilize the resources of
these clouds to attain scalable states and runtimes. The proposed approach is based on a dynamic
model which aims to abstract the data requirements and relationships of many types of
MMOGs. Based on this model, several methods are outlined that aim to solve various problems
and challenges related to the development of MMOG backends, mainly in terms of performance
and scalability. Using a modular software architecture, and standardization in common development
areas, the proposed framework aims to improve and expedite the development process
leading to higher-quality MMOG backends and a lower time to market. The models and methods
proposed in this approach can be utilized through various tools during the development
lifecycle.
The proposed development framework is evaluated qualitatively and quantitatively. The thesis
presents three case study MMOG backend prototypes that validate the suitability of the proposed
approach. These case studies also provide a proof of concept and are subsequently used
to further evaluate the framework. The propositions in this thesis are assessed with respect to
the performance, scalability, development effort, and code maintainability of MMOG backends
developed using the Athlos framework, using a variety of methods such as small and large-scale
simulations and more targeted experimental setups. The results of these experiments uncover
useful information about the behavior of MMOG backends. In addition, they provide evidence
that MMOG backends developed using the proposed methodology and hosted on serverless
environments can: (a) support a very high number of simultaneous players under a given latency
threshold, (b) elastically scale both in terms of processing power and memory capacity
and (c) significantly reduce the amount of development effort. The results also show that this
methodology can accelerate the development of high-performance, distributed, real-time applications
like MMOG backends, while also exposing the limitations of Athlos in terms of code
maintainability.
Finally, the thesis provides a reflection on the research objectives, considerations on the hypotheses
and technical challenges, and outlines plans for future work in this domain
Secure identity management in structured peer-to-peer (P2P) networks
Structured Peer-to-Peer (P2P) networks were proposed to solve routing problems of big distributed infrastructures. But the research community has been questioning their security for years. Most prior work in security services was focused on secure routing, reputation systems, anonymity, etc. However, the proper management of identities is an important prerequisite to provide most of these security services.
The existence of anonymous nodes and the lack of a centralized authority capable of monitoring (and/or punishing) nodes make these systems more vulnerable against selfish or malicious behaviors. Moreover, these improper usages cannot be faced only with data confidentiality, nodes authentication, non-repudiation, etc. In particular, structured P2P networks should follow the following secure routing primitives: (1) secure maintenance of routing tables, (2) secure routing of messages, and (3) secure identity assignment to nodes. But the first two problems depend in some way on the third one. If nodes’ identifiers can be chosen by users without any control, these networks can have security and operational problems. Therefore, like any other network or service, structured P2P networks require a robust access control to prevent potential attackers joining the network and a robust identity assignment system to guarantee their proper operation.
In this thesis, firstly, we analyze the operation of the current structured P2P networks when managing identities in order to identify what security problems are related to the nodes’ identifiers within the overlay, and propose a series of requirements to be accomplished by any generated node ID to provide more security to a DHT-based structured P2P network.
Secondly, we propose the use of implicit certificates to provide more security and to exploit the improvement in bandwidth, storage and performance that these certificates present compared to explicit certificates, design three protocols to assign nodes’ identifiers avoiding the identified problems, while maintaining user anonymity and allowing users’ traceability.
Finally, we analyze the operation of the most used mechanisms to distribute revocation data in the Internet, with special focus on the proposed systems to work in P2P networks, and design a new mechanism to distribute revocation data more efficiently in a structured P2P network.Las redes P2P estructuradas fueron propuestas para solventar problemas de enrutamiento en infraestructuras de grandes dimensiones pero su nivel de seguridad lleva años siendo cuestionado por la comunidad investigadora. La mayor parte de los trabajos que intentan mejorar la seguridad de estas redes se han centrado en proporcionar encaminamiento seguro, sistemas de reputación, anonimato de los usuarios, etc. Sin embargo, la adecuada gestión de las identidades es un requisito sumamente importante para proporcionar los servicios mencionados anteriormente. La existencia de nodos anónimos y la falta de una autoridad centralizada capaz de monitorizar (y/o penalizar) a los nodos hace que estos sistemas sean más vulnerables que otros a comportamientos maliciosos por parte de los usuarios. Además, esos comportamientos inadecuados no pueden ser detectados proporcionando únicamente confidencialidad de los datos, autenticación de los nodos, no repudio, etc. Las redes P2P estructuradas deberían seguir las siguientes primitivas de enrutamiento seguro: (1) mantenimiento seguro de las tablas de enrutamiento, (2) enrutamiento seguro de los mensajes, and (3) asignación segura de las identidades. Pero la primera de los dos primitivas depende de alguna forma de la tercera. Si las identidades de los nodos pueden ser elegidas por sus usuarios sin ningún tipo de control, muy probablemente aparecerán muchos problemas de funcionamiento y seguridad. Por lo tanto, de la misma forma que otras redes y servicios, las redes P2P estructuradas requieren de un control de acceso robusto para prevenir la presencia de atacantes potenciales, y un sistema robusto de asignación de identidades para garantizar su adecuado funcionamiento. En esta tesis, primero de todo analizamos el funcionamiento de las redes P2P estructuradas basadas en el uso de DHTs (Tablas de Hash Distribuidas), cómo gestionan las identidades de sus nodos, identificamos qué problemas de seguridad están relacionados con la identificación de los nodos y proponemos una serie de requisitos para generar identificadores de forma segura. Más adelante proponemos el uso de certificados implícitos para proporcionar más seguridad y explotar las mejoras en consumo de ancho de banda, almacenamiento y rendimiento que proporcionan estos certificados en comparación con los certificados explícitos. También hemos diseñado tres protocolos de asignación segura de identidades, los cuales evitan la mayor parte de los problemas identificados mientras mantienen el anonimato de los usuarios y la trazabilidad. Finalmente hemos analizado el funcionamiento de la mayoría de los mecanismos utilizados para distribuir datos de revocación en Internet, con especial interés en los sistemas propuestos para operar en redes P2P, y hemos diseñado un nuevo mecanismo para distribuir datos de revocación de forma más eficiente en redes P2P estructuradas.Postprint (published version
Safety and Reliability - Safe Societies in a Changing World
The contributions cover a wide range of methodologies and application areas for safety and reliability that contribute to safe societies in a changing world. These methodologies and applications include: - foundations of risk and reliability assessment and management
- mathematical methods in reliability and safety
- risk assessment
- risk management
- system reliability
- uncertainty analysis
- digitalization and big data
- prognostics and system health management
- occupational safety
- accident and incident modeling
- maintenance modeling and applications
- simulation for safety and reliability analysis
- dynamic risk and barrier management
- organizational factors and safety culture
- human factors and human reliability
- resilience engineering
- structural reliability
- natural hazards
- security
- economic analysis in risk managemen