13 research outputs found
Combating cyber attacks in cloud computing using machine learning techniques.
An extensive investigative survey on Cloud Computing with the main focus on gaps that is slowing down Cloud adoption as well as reviewing the threat remediation challenges. Some experimentally supported thoughts on novel approaches to address some of the widely discussed cyber-attack types using machine learning techniques. The thoughts have been constructed in such a way so that Cloud customers can detect the cyber-attacks in their VM without much help from Cloud service provide
Establishing trusted Machine-to-Machine communications in the Internet of Things through the use of behavioural tests
Today, the Internet of Things (IoT) is one of the most important emerging technologies. Applicable to several fields, it has the potential to strongly influence people’s lives. “Things” are mostly embedded machines, and Machine-to-Machine (M2M) communications are used to exchange information. The main aspect of this type of communication is that a “thing” needs a mechanism to uniquely identify other “things” without human intervention. For this purpose, trust plays a key role. Trust can be incorporated in the smartness of “things” by using mobile “agents”. From the study of the IoT ecosystem, a new threat against M2M communications has been identified. This relates to the opportunity for an attacker to employ several forged IoT-embedded machines that can be used to launch attacks. Two “things-aware” detection mechanisms have been proposed and evaluated in this work for incorporation into IoT mobile trust agents. These new mechanisms are based on observing specific thing-related behaviour obtained by using a characterisation algorithm. The first mechanism uses a range of behaviours obtained from real embedded machines, such as threshold values, to detect whether a target machine is forged. This detection mechanism is called machine emulation detection algorithm (MEDA). MEDA takes around 3 minutes to achieve a detection accuracy of 79.21%, with 44.55% of real embedded machines labelled as belonging to forged embedded machines. These results indicated a need to develop a more accurate and faster detection method. Therefore, a second mechanism was created and evaluated. A dataset composed of behaviours from real, virtual and emulated embedded systems that can be part of the IoT was created. This was used for both training and testing classification methods. The results identified Random Forest (RF) as the most efficient method, recognising forged embedded machines in only 5 seconds with a detection rate of around 99.5%. It follows that this solution can be applied in real IoT scenarios with critical conditions. In the final part of this thesis, an attack against these new mechanisms has been proposed. This consists of using a modified kernel of a powerful machine to mimic the behaviour of a real IoT-embedded machine, referred to as a fake timing attack (FTA). Two metrics, mode and median from ping response time, have been found to effectively detect this attack. The final detection method involves combining RF and k-Nearest Neighbour to successfully detect forged embedded machines and FTA in only 40 seconds, with an overall detection performance (ODP) of 99.9% and 93.70% respectively. This method also was evaluated using behaviours from embedded machines that were not present in the training set. The results from that evaluation demonstrate that the proposed solution can detect embedded machines unknown to the method, both real and virtual, with an ODP of 99.96% and 99.92% respectively. In summary, a new algorithm able to detect forged embedded machines easily, quickly and with very high accuracy has been developed. The proposed method addresses the challenge of securing present and future M2M-embedded machines with power-constrained resources and can be applied to real IoT scenarios
2020-2021
Contains information on courses and class descriptions as well as campus resources at Collin College.https://digitalcommons.collin.edu/catalogs/1032/thumbnail.jp
2018-2019
Contains information on courses and class descriptions as well as campus resources at Collin College.https://digitalcommons.collin.edu/catalogs/1030/thumbnail.jp
Microkernel mechanisms for improving the trustworthiness of commodity hardware
The thesis presents microkernel-based software-implemented mechanisms for improving the trustworthiness of computer systems based on commercial off-the-shelf (COTS) hardware that can malfunction when the hardware is impacted by transient hardware faults. The hardware anomalies, if undetected, can cause data corruptions, system crashes, and security vulnerabilities, significantly undermining system dependability. Specifically, we adopt the single event upset (SEU) fault model and address transient CPU or memory faults.
We take advantage of the functional correctness and isolation guarantee provided by the formally verified seL4 microkernel and hardware redundancy provided by multicore processors, design the redundant co-execution (RCoE) architecture that replicates a whole software system (including the microkernel) onto different CPU cores, and implement two variants, loosely-coupled redundant co-execution (LC-RCoE) and closely-coupled redundant co-execution (CC-RCoE), for the ARM and x86 architectures. RCoE treats each replica of the software system as a state machine and ensures that
the replicas start from the same initial state, observe consistent inputs, perform equivalent state transitions, and thus produce consistent outputs during error-free executions. Compared with other software-based error detection approaches, the distinguishing feature of RCoE is that the microkernel and device drivers are also included in redundant co-execution, significantly extending the sphere of replication (SoR).
Based on RCoE, we introduce two kernel mechanisms, fingerprint validation and kernel barrier timeout, detecting fault-induced execution divergences between the replicated systems, with the flexibility of tuning the error detection latency and coverage. The kernel error-masking mechanisms built on RCoE enable downgrading from triple modular redundancy (TMR) to dual modular redundancy (DMR) without service interruption. We run synthetic benchmarks and system benchmarks to evaluate the performance overhead of the approach, observe that the overhead varies based on the characteristics of workloads and the variants (LC-RCoE or CC-RCoE), and conclude that the approach is applicable for real-world applications. The effectiveness of the error detection mechanisms is assessed by conducting fault injection campaigns on real hardware, and the results demonstrate compelling improvement
NFV orchestration in edge and fog scenarios
Mención Internacional en el título de doctorLas infraestructuras de red actuales soportan una
variedad diversa de servicios como video bajo demanda,
video conferencias, redes sociales, sistemas
de educación, o servicios de almacenamiento de
fotografías. Gran parte de la población mundial ha
comenzado a utilizar estos servicios, y los utilizan
diariamente. Proveedores de Cloud y operadores
de infraestructuras de red albergan el tráfico de
red generado por estos servicios, y sus tareas de
gestión no solo implican realizar el enrutamiento
del tráfico, sino también el procesado del tráfico de
servicios de red. Tradicionalmente, el procesado
del tráfico ha sido realizado mediante aplicaciones/
programas desplegados en servidores que estaban
dedicados en exclusiva a tareas concretas
como la inspección de paquetes. Sin embargo, en
los últimos anos los servicios de red se han virtualizado
y esto ha dado lugar al paradigma de
virtualización de funciones de red (Network Function
Virtualization (NFV) siguiendo las siglas en
ingles), en el que las funciones de red de un servicio
se ejecutan en contenedores o máquinas virtuales
desacopladas de la infraestructura hardware. Como
resultado, el procesado de tráfico se ha ido
haciendo más flexible gracias al laxo acople del
software y hardware, y a la posibilidad de compartir
funciones de red típicas, como firewalls, entre
los distintos servicios de red.
NFV facilita la automatización de operaciones
de red, ya que tareas como el escalado, o la migración
son típicamente llevadas a cabo mediante
un conjunto de comandos previamente definidos
por la tecnología de virtualización pertinente, bien
mediante contenedores o máquinas virtuales. De
todos modos, sigue siendo necesario decidir el en rutamiento y procesado del tráfico de cada servicio
de red. En otras palabras, que servidores tienen
que encargarse del procesado del tráfico, y que
enlaces de la red tienen que utilizarse para que las
peticiones de los usuarios lleguen a los servidores
finales, es decir, el conocido como embedding problem.
Bajo el paraguas del paradigma NFV, a este
problema se le conoce en inglés como Virtual Network
Embedding (VNE), y esta tesis utiliza el termino
“NFV orchestration algorithm” para referirse
a los algoritmos que resuelven este problema. El
problema del VNE es NP-hard, lo cual significa
que que es imposible encontrar una solución optima
en un tiempo polinómico, independientemente
del tamaño de la red. Como consecuencia, la comunidad
investigadora y de telecomunicaciones
utilizan heurísticos que encuentran soluciones de
manera más rápida que productos para la resolución
de problemas de optimización.
Tradicionalmente, los “NFV orchestration algorithms”
han intentado minimizar los costes de
despliegue derivados de las soluciones asociadas.
Por ejemplo, estos algoritmos intentan no consumir
el ancho de banda de la red, y usar rutas cortas
para no utilizar tantos recursos. Además, una tendencia
reciente ha llevado a la comunidad investigadora
a utilizar algoritmos que minimizan el
consumo energético de los servicios desplegados,
bien mediante la elección de dispositivos con un
consumo energético más eficiente, o mediante el
apagado de dispositivos de red en desuso. Típicamente,
las restricciones de los problemas de VNE se
han resumido en un conjunto de restricciones asociadas
al uso de recursos y consumo energético, y las
soluciones se diferenciaban por la función objetivo
utilizada. Pero eso era antes de la 5a generación de
redes móviles (5G) se considerase en el problema
de VNE. Con la aparición del 5G, nuevos servicios
de red y casos de uso entraron en escena. Los estándares
hablaban de comunicaciones ultra rápidas
y fiables (Ultra-Reliable and Low Latency Communications
(URLLC) usando las siglas en inglés) con
latencias por debajo de unos pocos milisegundos y
fiabilidades del 99.999%, una banda ancha mejorada
(enhanced Mobile Broadband (eMBB) usando
las siglas en inglés) con notorios incrementos en
el flujo de datos, e incluso la consideración de comunicaciones
masivas entre maquinas (Massive
Machine-Type Communications (mMTC) usando
las siglas en inglés) entre dispositivos IoT. Es más,
paradigmas como edge y fog computing se incorporaron a la tecnología 5G, e introducían la idea
de tener dispositivos de computo más cercanos al
usuario final. Como resultado, el problema del VNE
tenía que incorporar los nuevos requisitos como
restricciones a tener en cuenta, y toda solución
debía satisfacer bajas latencias, alta fiabilidad, y
mayores tasas de transmisión.
Esta tesis estudia el problema des VNE, y propone
algunos heurísticos que lidian con las restricciones
asociadas a servicios 5G en escenarios
edge y fog, es decir, las soluciones propuestas se
encargan de asignar funciones virtuales de red a
servidores, y deciden el enrutamiento del trafico
en las infraestructuras 5G con dispositivos edge y
fog. Para evaluar el rendimiento de las soluciones
propuestas, esta tesis estudia en primer lugar la
generación de grafos que representan redes 5G.
Los mecanismos propuestos para la generación de
grafos sirven para representar distintos escenarios
5G. En particular, escenarios de federación en
los que varios dominios comparten recursos entre
ellos. Los grafos generados también representan
servidores en el edge, así como dispositivos fog con
una batería limitada. Además, estos grafos tienen
en cuenta los requisitos de estándares, y la demanda
que se espera en las redes 5G. La generación de
grafos propuesta sirve para representar escenarios
federación en los que varios dominios comparten
recursos entre ellos, y redes 5G con servidores edge,
así como dispositivos fog estáticos o móviles con
una batería limitada. Los grafos generados para
infraestructuras 5G tienen en cuenta los requisitos
de estándares, y la demanda de red que se espera
en las redes 5G. Además, los grafos son diferentes
en función de la densidad de población, y el área
de estudio, es decir, si es una zona industrial, una
autopista, o una zona urbana.
Tras detallar la generación de grafos que representan
redes 5G, esta tesis propone algoritmos de
orquestación NFV para resolver con el problema
del VNE. Primero, se centra en escenarios federados
en los que los servicios de red se tienen que
asignar no solo a la infraestructura de un dominio,
sino a los recursos compartidos en la federación
de dominios. Dos problemas diferentes han sido estudiados,
uno es el problema del VNE propiamente
dicho sobre una infraestructura federada, y el otro
es la delegación de servicios de red. Es decir, si
un servicio de red se debe desplegar localmente
en un dominio, o en los recursos compartidos por
la federación de dominios; a sabiendas de que el último caso supone el pago de cuotas por parte del
dominio local a cambio del despliegue del servicio
de red. En segundo lugar, esta tesis propone
OKpi, un algoritmo de orquestación NFV para conseguir
la calidad de servicio de las distintas slices
de las redes 5G. Conceptualmente, el slicing consiste
en partir la red de modo que cada servicio
de red sea tratado de modo diferente dependiendo
del trozo al que pertenezca. Por ejemplo, una
slice de eHealth reservara los recursos de red necesarios
para conseguir bajas latencias en servicios
como operaciones quirúrgicas realizadas de manera
remota. Cada trozo (slice) está destinado a
unos servicios específicos con unos requisitos muy
concretos, como alta fiabilidad, restricciones de
localización, o latencias de un milisegundo. OKpi
es un algoritmo de orquestación NFV que consigue
satisfacer los requisitos de servicios de red en los
distintos trozos, o slices de la red. Tras presentar
OKpi, la tesis resuelve el problema del VNE en redes
5G con dispositivos fog estáticos y móviles. El
algoritmo de orquestación NFV presentado tiene
en cuenta las limitaciones de recursos de computo
de los dispositivos fog, además de los problemas
de falta de cobertura derivados de la movilidad de
los dispositivos.
Para concluir, esta tesis estudia el escalado
de servicios vehiculares Vehicle-to-Network (V2N),
que requieren de bajas latencias para servicios como
la prevención de choques, avisos de posibles
riesgos, y conducción remota. Para estos servicios,
los atascos y congestiones en la carretera pueden
causar el incumplimiento de los requisitos de latencia.
Por tanto, es necesario anticiparse a esas
circunstancias usando técnicas de series temporales
que permiten saber el tráfico inminente en los
siguientes minutos u horas, para así poder escalar
el servicio V2N adecuadamente.Current network infrastructures handle a diverse
range of network services such as video
on demand services, video-conferences, social
networks, educational systems, or photo
storage services. These services have been
embraced by a significant amount of the
world population, and are used on a daily basis.
Cloud providers and Network operators’
infrastructures accommodate the traffic rates
that the aforementioned services generate, and
their management tasks do not only involve
the traffic steering, but also the processing of
the network services’ traffic. Traditionally,
the traffic processing has been assessed via
applications/programs deployed on servers
that were exclusively dedicated to a specific
task as packet inspection. However, in recent
years network services have stated to be
virtualized and this has led to the Network
Function Virtualization (Network Function
Virtualization (NFV)) paradigm, in which the
network functions of a service run on containers
or virtual machines that are decoupled
from the hardware infrastructure. As a result,
the traffic processing has become more flexible
because of the loose coupling between
software and hardware, and the possibility
of sharing common network functions, as
firewalls, across multiple network services.
NFV eases the automation of network operations,
since scaling and migrations tasks
are typically performed by a set of commands
predefined by the virtualization technology,
either containers or virtual machines. However,
it is still necessary to decide the traffic steering and processing of every network
service. In other words, which servers will
hold the traffic processing, and which are the
network links to be traversed so the users’ requests
reach the final servers, i.e., the network
embedding problem. Under the umbrella of
NFV, this problem is known as Virtual Network
Embedding (VNE), and this thesis refers
as “NFV orchestration algorithms” to those
algorithms solving such a problem. The VNE
problem is a NP-hard, meaning that it is impossible
to find optimal solutions in polynomial
time, no matter the network size. As a
consequence, the research and telecommunications
community rely on heuristics that find
solutions quicker than a commodity optimization
solver.
Traditionally, NFV orchestration algorithms
have tried to minimize the deployment
costs derived from their solutions. For example,
they try to not exhaust the network
bandwidth, and use short paths to use less
network resources. Additionally, a recent
tendency led the research community towards
algorithms that minimize the energy consumption
of the deployed services, either
by selecting more energy efficient devices
or by turning off those network devices that
remained unused. VNE problem constraints
were typically summarized in a set of resources/energy constraints, and the solutions
differed on which objectives functions were
aimed for. But that was before 5th generation
of mobile networks (5G) were considered
in the VNE problem. With the appearance
of 5G, new network services and use cases
started to emerge. The standards talked about
Ultra Reliable Low Latency Communication
(Ultra-Reliable and Low Latency Communications
(URLLC)) with latencies below few
milliseconds and 99.999% reliability, an enhanced
mobile broadband (enhanced Mobile
Broadband (eMBB)) with significant data
rate increases, and even the consideration
of massive machine-type communications
(Massive Machine-Type Communications
(mMTC)) among Internet of Things (IoT) devices.
Moreover, paradigms such as edge and
fog computing blended with the 5G technology
to introduce the idea of having computing
devices closer to the end users. As a result, the VNE problem had to incorporate the new
requirements as constraints to be taken into
account, and every solution should either
satisfy low latencies, high reliability, or larger
data rates.
This thesis studies the VNE problem, and
proposes some heuristics tackling the constraints
related to 5G services in Edge and
fog scenarios, that is, the proposed solutions
assess the assignment of Virtual Network
Functions to resources, and the traffic steering
across 5G infrastructures that have Edge and
Fog devices. To evaluate the performance
of the proposed solutions, the thesis studies
first the generation of graphs that represent
5G networks. The proposed mechanisms to
generate graphs serve to represent diverse 5G
scenarios. In particular federation scenarios
in which several domains share resources
among themselves. The generated graphs
also represent edge servers, so as fog devices
with limited battery capacity. Additionally,
these graphs take into account the standard
requirements, and the expected demand for
5G networks. Moreover, the graphs differ depending
on the density of population, and the
area of study, i.e., whether it is an industrial
area, a highway, or an urban area.
After detailing the generation of graphs
representing the 5G networks, this thesis proposes
several NFV orchestration algorithms
to tackle the VNE problem. First, it focuses
on federation scenarios in which network services
should be assigned not only to a single
domain infrastructure, but also to the shared
resources of the federation of domains. Two
different problems are studied, one being the
VNE itself over a federated infrastructure, and
the other the delegation of network services.
That is, whether a network service should be
deployed in a local domain, or in the pool
of resources of the federation domain; knowing
that the latter charges the local domain
for hosting the network service. Second, the
thesis proposes OKpi, a NFV orchestration
algorithm to meet 5G network slices quality
of service. Conceptually, network slicing consists
in splitting the network so network services
are treated differently based on the slice
they belong to. For example, an eHealth network
slice will allocate the network resources necessary to meet low latencies for network
services such as remote surgery. Each network
slice is devoted to specific services with
very concrete requirements, as high reliability,
location constraints, or 1ms latencies. OKpi is
a NFV orchestration algorithm that meets the
network service requirements among different
slices. It is based on a multi-constrained
shortest path heuristic, and its solutions satisfy
latency, reliability, and location constraints.
After presenting OKpi, the thesis tackles the
VNE problem in 5G networks with static/moving
fog devices. The presented NFV orchestration
algorithm takes into account the limited
computing resources of fog devices, as well
as the out-of-coverage problems derived from
the devices’ mobility.
To conclude, this thesis studies the scaling
of Vehicle-to-Network (V2N) services, which
require low latencies for network services as
collision avoidance, hazard warning, and remote
driving. For these services, the presence
of traffic jams, or high vehicular traffic congestion
lead to the violation of latency requirements.
Hence, it is necessary to anticipate to
such circumstances by using time-series techniques
that allow to derive the incoming vehicular
traffic flow in the next minutes or hours,
so as to scale the V2N service accordingly.The 5G Exchange (5GEx) project (2015-2018) was an EU-funded project (H2020-ICT-2014-2 grant agreement 671636).
The 5G-TRANSFORMER project (2017-2019) is an EU-funded project (H2020-ICT-2016-2 grant agreement 761536).
The 5G-CORAL project (2017-2019) is an EU-Taiwan project (H2020-ICT-2016-2 grant agreement 761586).Programa de Doctorado en Ingeniería Telemática por la Universidad Carlos III de MadridPresidente: Ioannis Stavrakakis.- Secretario: Pablo Serrano Yáñez-Mingot.- Vocal: Paul Horatiu Patra
Enhancing programmability for adaptive resource management in next generation data centre networks
Recently, Data Centre (DC) infrastructures have been growing rapidly to support a wide range of emerging services, and provide the underlying connectivity and compute resources that facilitate the "*-as-a-Service" model. This has led to the deployment of a multitude of services multiplexed over few, very large-scale centralised infrastructures. In order to cope with the ebb and flow of users, services and traffic, infrastructures have been provisioned for peak-demand resulting in the average utilisation of resources to be low. This overprovisionning has been further motivated by the complexity in predicting traffic demands over diverse timescales and the stringent economic impact of outages. At the same time, the emergence of Software Defined Networking (SDN), is offering new means to monitor and manage the network infrastructure to address this underutilisation.
This dissertation aims to show how measurement-based resource management can improve performance and resource utilisation by adaptively tuning the infrastructure to the changing operating conditions. To achieve this dynamicity, the infrastructure must be able to centrally monitor, notify and react based on the current operating state, from per-packet dynamics to longstanding traffic trends and topological changes. However, the management and orchestration abilities of current SDN realisations is too limiting and must evolve for next generation networks. The current focus has been on logically centralising the routing and forwarding decisions. However, in order to achieve the necessary fine-grained insight, the data plane of the individual device must be programmable to collect and disseminate the metrics of interest.
The results of this work demonstrates that a logically centralised controller can dynamically collect and measure network operating metrics to subsequently compute and disseminate fine-tuned environment-specific settings. They show how this approach can prevent TCP throughput incast collapse and improve TCP performance by an order of magnitude for partition-aggregate traffic patterns. Futhermore, the paradigm is generalised to show the benefits for other services widely used in DCs such as, e.g, routing, telemetry, and security
Internet of Things Applications - From Research and Innovation to Market Deployment
The book aims to provide a broad overview of various topics of Internet of Things from the research, innovation and development priorities to enabling technologies, nanoelectronics, cyber physical systems, architecture, interoperability and industrial applications. It is intended to be a standalone book in a series that covers the Internet of Things activities of the IERC – Internet of Things European Research Cluster from technology to international cooperation and the global "state of play".The book builds on the ideas put forward by the European research Cluster on the Internet of Things Strategic Research Agenda and presents global views and state of the art results on the challenges facing the research, development and deployment of IoT at the global level. Internet of Things is creating a revolutionary new paradigm, with opportunities in every industry from Health Care, Pharmaceuticals, Food and Beverage, Agriculture, Computer, Electronics Telecommunications, Automotive, Aeronautics, Transportation Energy and Retail to apply the massive potential of the IoT to achieving real-world solutions. The beneficiaries will include as well semiconductor companies, device and product companies, infrastructure software companies, application software companies, consulting companies, telecommunication and cloud service providers. IoT will create new revenues annually for these stakeholders, and potentially create substantial market share shakeups due to increased technology competition. The IoT will fuel technology innovation by creating the means for machines to communicate many different types of information with one another while contributing in the increased value of information created by the number of interconnections among things and the transformation of the processed information into knowledge shared into the Internet of Everything. The success of IoT depends strongly on enabling technology development, market acceptance and standardization, which provides interoperability, compatibility, reliability, and effective operations on a global scale. The connected devices are part of ecosystems connecting people, processes, data, and things which are communicating in the cloud using the increased storage and computing power and pushing for standardization of communication and metadata. In this context security, privacy, safety, trust have to be address by the product manufacturers through the life cycle of their products from design to the support processes. The IoT developments address the whole IoT spectrum - from devices at the edge to cloud and datacentres on the backend and everything in between, through ecosystems are created by industry, research and application stakeholders that enable real-world use cases to accelerate the Internet of Things and establish open interoperability standards and common architectures for IoT solutions. Enabling technologies such as nanoelectronics, sensors/actuators, cyber-physical systems, intelligent device management, smart gateways, telematics, smart network infrastructure, cloud computing and software technologies will create new products, new services, new interfaces by creating smart environments and smart spaces with applications ranging from Smart Cities, smart transport, buildings, energy, grid, to smart health and life. Technical topics discussed in the book include: • Introduction• Internet of Things Strategic Research and Innovation Agenda• Internet of Things in the industrial context: Time for deployment.• Integration of heterogeneous smart objects, applications and services• Evolution from device to semantic and business interoperability• Software define and virtualization of network resources• Innovation through interoperability and standardisation when everything is connected anytime at anyplace• Dynamic context-aware scalable and trust-based IoT Security, Privacy framework• Federated Cloud service management and the Internet of Things• Internet of Things Application