Merlin: A Language for Provisioning Network Resources

This paper presents Merlin, a new framework for managing resources in software-defined networks. With Merlin, administrators express high-level policies using programs in a declarative language. The language includes logical predicates to identify sets of packets, regular expressions to encode forwarding paths, and arithmetic formulas to specify bandwidth constraints. The Merlin compiler uses a combination of advanced techniques to translate these policies into code that can be executed on network elements including a constraint solver that allocates bandwidth using parameterizable heuristics. To facilitate dynamic adaptation, Merlin provides mechanisms for delegating control of sub-policies and for verifying that modifications made to sub-policies do not violate global constraints. Experiments demonstrate the expressiveness and scalability of Merlin on real-world topologies and applications. Overall, Merlin simplifies network administration by providing high-level abstractions for specifying network policies and scalable infrastructure for enforcing them

Virtualizing Monitoring and Control Systems: First Operational Experience and Future Applications

Virtualization is a technology that allows emulating a complete computer platform. The potential use ranges from consolidating hardware to running several different operating systems in parallel on one computer to preserving the operability of heritage software. GSOC has been investigating the possibilities of virtualization for some time. Aside from the usual approach of virtualizing the central servers out of administrational, consolidational reasons, the possibilities and advantages of control room client virtualization was explored. While moving mainstream in other businesses, the space community is cautious to apply this technique to the mission critical monitoring and control systems. This paper illustrates three virtualization steps that are underway at GSOC and presents the experiences gained

Block the Root Takeover: Validating Devices Using Blockchain Protocol

This study addresses a vulnerability in the trust-based STP protocol that allows malicious users to target an Ethernet LAN with an STP Root-Takeover Attack. This subject is relevant because an STP Root-Takeover attack is a gateway to unauthorized control over the entire network stack of a personal or enterprise network. This study aims to address this problem with a potentially trustless research solution called the STP DApp. The STP DApp is the combination of a kernel /net modification called stpverify and a Hyperledger Fabric blockchain framework in a NodeJS runtime environment in userland. The STP DApp works as an Intrusion Detection System (IPS) by intercepting Ethernet traffic and blocking forged Ethernet frames sent by STP Root-Takeover attackers. This study’s research methodology is a quantitative pre-experimental design that provides conclusive results through empirical data and analysis using experimental control groups. In this study, data collection was based on active RAM utilization and CPU Usage during a performance evaluation of the STP DApp. It blocks an STP Root-Takeover Attack launched by the Yersinia attack tool installed on a virtual machine with the Kali operating system. The research solution is a test blockchain framework using Hyperledger Fabric. It is made up of an experimental test network made up of nodes on a host virtual machine and is used to validate Ethernet frames extracted from stpverify

Some experiences in using virtual machines for teaching computer networks

Laboratory practice is a fundamental aspect of computer network learning. Experiments tend to be very specific, frequently demanding changes in the local network topology and privileged access to the operating system configuration. These features impose a specific and exclusive laboratory for network teaching experiments. However, it is not always possible to provide such laboratory; the reality in most institutions is to have shared laboratories, used by different students and disciplines. This problem can be alleviated by the use of virtual machines, allowing each student to build his/her own network experiment, using the appropriate topology, and thus not disturbing the other activities running in the lab. This paper presents some experiences in using virtual machines to teach advanced aspects of computer networks, such as IPSec, firewalls and network services. Also, some key points are highlighted in order to show the benefits of virtual machines for pedagogical practice.Education for the 21 st century - impact of ICT and Digital Resources ConferenceRed de Universidades con Carreras en Informática (RedUNCI

Network Denial of Service Defense System (nDos)

Denial of Service attack is widely spread within virtual world as a malicious act that could give a huge impact in terms of the system performance and financial aspect. Network Denial of Service Defense System is an extension of intrusion detection system which incorporated with detection and prevention ~.<apabilitie&; The ar~<hite~.<ture of nDos is based on NIPS where it is place inline on the network statefully analyzing packet content and block certain packets that match a signature and alert on others. A NIPS protection is based on the content of packets. The system loads a large array of signatures. These signatures take the form of a string of data characteristic of some particular type of attack. When a data packet enters the network, the IDS!IPS examines that data against its database of signatures. If the data match, then the IDS/IPS takes appropriate action. In the case of an IDS, the intrusion attempt will be logged, whereas, in the case of an IPS, the system can drop the data packet, or even sever the offending machine's connection. Ndos provide web interface for data retrieval and manipulation. The front;end of the system is based on PHP/MySQL hence it could provide statistical analysis for managerial point of view. The back-end of nDos is using snort_inline as detection engine and iptables firewall for traffic prevention mechanism. Once an attack being launch nDos will logged the incident based on rules and configuration and iptables or generic firewall need to determine the traffic state whether to accept or drop the connection. Predefined thresholds value is important for DoS attack where a lot of connections of traffic generated hence when exceed the value the detection engine could identify Stich an attack. nDos is targeted for educational purpose and small-medium size enterprise because of there is only commercial IPS solution available in the market. Portability and compatibility is an issue where for future recommendation Live CD features could be implemented to provide high compatibility without concern of the OS

Electronic instructional materials and course requirements "Computer science" for specialty: 1-53 01 01 «Automation of technological processes and production»

The purpose of the electronic instructional materials and course requirements by the discipline «Computer science» (EIMCR) is to develop theoretical systemic and practical knowledge in different fields of Computer science. Features of structuring and submission of educational material: EIMCR includes the following sections: theoretical, practical, knowledge control, auxiliary. The theoretical section presents lecture material in accordance with the main sections and topics of the syllabus. The practical section of the EIMCR contains materials for conducting practical classes aimed to develop modern computational thinking, basic skills in computing and making decisions in the field of the fundamentals of computer theory and many computer science fields. The knowledge control section of the EIMCR contains: guidelines for the implementation of the control work aimed at developing the skills of independent work on the course under study, developing the skills of selecting, analyzing and writing out the necessary material, as well as the correct execution of the tasks; list of questions for the credit by the discipline. The auxiliary section of the EIMCR contains the following elements of the syllabus: explanatory note; thematic lectures plan; tables of distribution of classroom hours by topics and informational and methodological part. EIMCR contains active links to quickly find the necessary material

BRAHMS: Novel middleware for integrated systems computation

Biological computational modellers are becoming increasingly interested in building large, eclectic models, including components on many different computational substrates, both biological and non-biological. At the same time, the rise of the philosophy of embodied modelling is generating a need to deploy biological models as controllers for robots in real-world environments. Finally, robotics engineers are beginning to find value in seconding biomimetic control strategies for use on practical robots. Together with the ubiquitous desire to make good on past software development effort, these trends are throwing up new challenges of intellectual and technological integration (for example across scales, across disciplines, and even across time) - challenges that are unmet by existing software frameworks. Here, we outline these challenges in detail, and go on to describe a newly developed software framework, BRAHMS. that meets them. BRAHMS is a tool for integrating computational process modules into a viable, computable system: its generality and flexibility facilitate integration across barriers, such as those described above, in a coherent and effective way. We go on to describe several cases where BRAHMS has been successfully deployed in practical situations. We also show excellent performance in comparison with a monolithic development approach. Additional benefits of developing in the framework include source code self-documentation, automatic coarse-grained parallelisation, cross-language integration, data logging, performance monitoring, and will include dynamic load-balancing and 'pause and continue' execution. BRAHMS is built on the nascent, and similarly general purpose, model markup language, SystemML. This will, in future, also facilitate repeatability and accountability (same answers ten years from now), transparent automatic software distribution, and interfacing with other SystemML tools. (C) 2009 Elsevier Ltd. All rights reserved

An Open Management and Administration Platform for IEEE 802.11 Networks

The deployment of Wireless Local Area Network (WLAN) has greatly increased in past years. Due to the large deployment of the WLAN, the immediate need of management platforms has been recognized, which has a significant impact on the performance of a WLAN. Although there are various vendor-specific and proprietary solutions available in the market to cope with the management of wireless LAN, they have problems in interoperability and compatibility. To address this issues, IETF has come up with the interoperability standard of management of WLANs devices, Control And Provisioning of Wireless Access Points (CAPWAP) protocol, which is still in the draft phase. Commercial implementation of this draft protocol from WLAN equipment vendors is rather expensive. Open source community, therefore, tried to provide free management solutions. An open source project called openCAPWAP was initiated. However, it lacks a graphic user interface that makes it hard to implement for novice network administrators or regular customers. Therefore, the researcher designed and developed a web interface framework that encapsulates openCAPWAP at the bottom to provide user-friendly management experience. This application platform was designed to work with any remote web server in the public domain through which it can connect to access points or access controllers through a secure shell to configure them. This open platform is purely open source-based. It is operating system independent: it can be implemented on any open source environment such as regular Linux operating system or embedded operation system small form factor single board computers. The platform was designed and tested in a laboratory environment and a remote system. This development contributes to network administration in both network planning and operational management of the WLAN networks