Scalabale Group Communication Support for ATM Networks

In dieser Arbeit wird ein Ansatz vorgestellt, der eine skalierbare Gruppenkommunikationsunterstützung für ATM-Netze (SkaGAN) ermöglicht. Die herkömmliche rechnergestützte Kommunikation findet zwischen einem Sender und einem Empfänger statt. Die Gruppenkommunikation erweitert diese Form und erlaubt einer Gruppe von Rechnern untereinander zu kommunizieren. Diese Dissertation legt dabei den Fokus auf die ATM-Technologie (Asynchronous Transfer Mode), die keine akzeptable Gruppenkommunikationsunterstützung anbietet. Heutzutage wird ATM hauptsächlich in Backbone-Netzen eingesetzt, womit sich auch diese Arbeit auseinandersetzt. Der Schwerpunkt bei SkaGAN ist die Skalierbarkeit in Bezug auf Netzwerk- und Gruppengröße. Für den Bereich der lokalen ATM-Netze wird ebenfalls ein Lösungsvorschlag präsentiert, der eine Lastverteilung aktiver Gruppenteilnehmer auf mehrere Server beinhaltet. Der Lösungsansatz von SkaGAN für ATM-Weitverkehrsnetze orientiert sich an dem PNNI-Routingprotokoll und basiert auf einem hierarchischen Schema. Für die Verwaltung der Gruppen wird eine Baumhierarchie eingesetzt, die eine erhebliche Reduktion des Signalisierungsaufwandes und eine gute Skalierbarkeit ermöglicht. Für den Datentransfer zwischen den Gruppenteilnehmern wird ebenfalls eine Baumstruktur eingesetzt, die sich dynamisch an Änderungen in den Gruppen anpassen kann. Dabei wird die Anzahl der benötigten Zwischensysteme möglichst gering gehalten und die Lokalität der Teilnehmer berücksichtigt. Damit konnte auch in diesen Bereich eine gute Skalierbarkeit bei der Gruppenkommunikation erreicht werden.In this work, an approach is introduced, that enables scaleable group communication support for ATM networks (SkaGAN). The conventional computer supported communication takes place between one sender and one receiver. Group communication expands this form and allows a group of computers to communicate among each other. This dissertation puts its focus on the ATM technology (Asynchronous Transfer Mode), which offers no acceptable group communication support. Nowadays ATM is mainly utilized in backbone networks, wherewith this work deals. The focal point in SkaGAN is the scalability with regard to network and group sizes. In the area of local ATM networks a solution proposal is presented, that includes a load distribution of active group members on several servers. The approach for the solution of SkaGAN for ATM wide area networks orients itself on the PNNI routing protocol and is based on a hierarchical scheme. For the administration of the groups, a tree hierarchy is inserted, that enables a considerable reduction of the signaling expenses and a good scalability. For the data transfer between the group members also a tree structure is used, that can adapt itself dynamically to group changes. Thereby the amount of necessary intermediate systems is as small as possible and the location of the group members will be considered. Therewith also in this area a good scalability could be reached in the group communication

Determining the effectiveness of deceptive honeynets

Over the last few years, incidents of network based intrusions have rapidly increased, due to the increase and popularity of various attack tools easily available for download from the Internet. Due to this increase in intrusions, the concept of a network defence known as Honeypots developed. These honeypots are designed to ensnare attackers and monitor their activities. Honeypots use the principles of deception such as masking, mimicry, decoying, inventing, repackaging and dazzling to deceive attackers. Deception exists in various forms. It is a tactic to survive and defeat the motives of attackers. Due to its presence in the nature, deception has been widely used during wars and now in Information Systems. This thesis considers the current state of honeypot technology as well as describes the framework of how to improve the effectiveness of honeypots through the effective use of deception. In this research, a legitimate corporate deceptive network is created using Honeyd (a type of honeypot) which is attacked and improved using empirical learning approach. The data collected during the attacking exercise were analysed, using various measures, to determine the effectiveness of the deception in the honeypot network created using honeyd. The results indicate that the attackers were deceived into believing the honeynet was a real network which instead was a deceptive network

A study of teletraffic problems in multicast networks

This dissertation studies teletraffic engineering of dynamic multicast connections. The traditional models in teletraffic engineering do not handle multicast connections properly, since in a dynamic multicast tree, users may join and leave the connection freely, and thus the multicast tree evolves in time. A model called multicast loss system is used to calculate blocking probabilities in a single link and in tree-type networks. In a single link case, the problem is a generalised Engset problem, and a method for calculating call blocking probabilities for users is presented. Application of the reduced load approximation for multicast connections is studied. Blocking probabilities in a cellular system are studied by means of simulation. The analysis is mainly concentrated on tree type networks, where convolution-truncation algorithms and simulation methods for solving the blocking probabilities exactly are derived. Both single layer and hierarchically coded streams are treated. The presented algorithms reduce significantly the computational complexity of the problem, compared to direct calculation from the system state space. An approximative method is given for background traffic. The simulation method presented is an application of the Inverse Convolution Monte-Carlo method, and it gives a considerable variance reduction, and thus allows simulation with smaller sample sizes than with traditional simulation methods. Signalling load for dynamic multicast connections in a node depends on the shape of the tree as well as the location of the node in the tree. This dissertation presents a method for calculating the portion of signalling load that is caused by call establishments and tear-downs.reviewe

Extended Functionality of Honeypots

Bakalářska práce pod názvem Rozšířené funkce honeypotů je zaměřena na vývoj bezpečnostních systémů určitých typů nazvaných honeypoty. Po představení principů technik honeypotů se zabýva s výhodami ich používaní v porovnaní s inými bezpečnostními systémy. Následne popisuje rozdelení typů honeypotu a ich charakteristiky. Další část je věnován obeznámení nástrojů CONPOT a GLASTOPF. Cílem práce je navrhnút a implementovat rozšíření těchto nástrojů zaměrem ich vylepšení. Součástí popisů jednotlivých rozšíření je představení a analýza problému, implementace a testování navrhnutých rozšíření. Použití rozšíření poskytují užívatelům těchto honeypotů zvýšenú bezpečnost a širší okruh využití. V závěre jsou popsány možnosti dalšího rozšíření.The bachelor thesis titled Extented functionality of honeypots is dedicated to the development of a specific type of security systems called honeypots. After the introduction of the principles of honeypot systems the work deals with the benefits of their use along with the comparison of such systems to other security systems. Furthermore it describes the classification of honeypots and their characteristics. Another part is concerned with the introduction to CONPOT and GLAFTOPF. The aim of the thesis is to suggest and realize extensions focused on the improvement of the mentioned honeypots. The description of each extension contains the definition and analysis of the given problem, the implementation and evaluation of the recommended resolution. Utilization of the enhancements provide better security while widening their field of use. The conclusion discusses the possibilities of further development of the honeypots.

Adaptive Multi-Functional Space Systems for Micro-Climate Control

This report summarizes the work done during the Adaptive Multifunctional Systems for Microclimate Control Study held at the Caltech Keck Institute for Space Studies (KISS) in 2014-2015. Dr. Marco Quadrelli (JPL), Dr. James Lyke (AFRL), and Prof. Sergio Pellegrino (Caltech) led the Study, which included two workshops: the first in May of 2014, and another in February of 2015. The Final Report of the Study presented here describes the potential relevance of adaptive multifunctional systems for microclimate control to the missions outlined in the 2010 NRC Decadal Survey. The objective of the Study was to adapt the most recent advances in multifunctional reconfigurable and adaptive structures to enable a microenvironment control to support space exploration in extreme environments (EE). The technical goal was to identify the most efficient materials, architectures, structures and means of deployment/reconfiguration, system autonomy and energy management solutions needed to optimally project/generate a micro-environment around space assets. For example, compact packed thin-layer reflective structures unfolding to large areas can reflect solar energy, warming and illuminating assets such as exploration rovers on Mars or human habitats on the Moon. This novel solution is called an energy-projecting multifunctional system (EPMFS), which are composed of Multifunctional Systems (MFS) and Energy-Projecting Systems (EPS)

Routing on the Channel Dependency Graph:: A New Approach to Deadlock-Free, Destination-Based, High-Performance Routing for Lossless Interconnection Networks

In the pursuit for ever-increasing compute power, and with Moore's law slowly coming to an end, high-performance computing started to scale-out to larger systems. Alongside the increasing system size, the interconnection network is growing to accommodate and connect tens of thousands of compute nodes. These networks have a large influence on total cost, application performance, energy consumption, and overall system efficiency of the supercomputer. Unfortunately, state-of-the-art routing algorithms, which define the packet paths through the network, do not utilize this important resource efficiently. Topology-aware routing algorithms become increasingly inapplicable, due to irregular topologies, which either are irregular by design, or most often a result of hardware failures. Exchanging faulty network components potentially requires whole system downtime further increasing the cost of the failure. This management approach becomes more and more impractical due to the scale of today's networks and the accompanying steady decrease of the mean time between failures. Alternative methods of operating and maintaining these high-performance interconnects, both in terms of hardware- and software-management, are necessary to mitigate negative effects experienced by scientific applications executed on the supercomputer. However, existing topology-agnostic routing algorithms either suffer from poor load balancing or are not bounded in the number of virtual channels needed to resolve deadlocks in the routing tables. Using the fail-in-place strategy, a well-established method for storage systems to repair only critical component failures, is a feasible solution for current and future HPC interconnects as well as other large-scale installations such as data center networks. Although, an appropriate combination of topology and routing algorithm is required to minimize the throughput degradation for the entire system. This thesis contributes a network simulation toolchain to facilitate the process of finding a suitable combination, either during system design or while it is in operation. On top of this foundation, a key contribution is a novel scheduling-aware routing, which reduces fault-induced throughput degradation while improving overall network utilization. The scheduling-aware routing performs frequent property preserving routing updates to optimize the path balancing for simultaneously running batch jobs. The increased deployment of lossless interconnection networks, in conjunction with fail-in-place modes of operation and topology-agnostic, scheduling-aware routing algorithms, necessitates new solutions to solve the routing-deadlock problem. Therefore, this thesis further advances the state-of-the-art by introducing a novel concept of routing on the channel dependency graph, which allows the design of an universally applicable destination-based routing capable of optimizing the path balancing without exceeding a given number of virtual channels, which are a common hardware limitation. This disruptive innovation enables implicit deadlock-avoidance during path calculation, instead of solving both problems separately as all previous solutions

QoS in Node-disjoint Routing for Ad Hoc Networks

PhDA mobile ad hoc network (MANET) is a collection of mobile nodes that can communicate with each other without using any fixed infrastructure. It is necessary for MANETs to have efficient routing protocol and quality of service (QoS) mechanism to support multimedia applications such as video and voice. Node-Disjoint Multipath Routing Protocol (NDMR) is a practical protocol in MANETs: it reduces routing overhead dramatically and achieves multiple node-disjoint routing paths. Because QoS support in MANETs is important as best-effort routing is not efficient for supporting multimedia applications, this thesis presents a novel approach to provide that support. In this thesis NDMR is enhanced to provide a QoS enabled NDMR that decreases the transmission delay between source and destination nodes. A multi-rate mechanism is also implemented in the new protocol so that the NDMR QoS can minimise the overall delays. It is shown that these approaches lead to significant performance gains. A modification to NDMR is also proposed to overcome some of the limitations of the original

Video Conference as a tool for Higher Education

The book describes the activities of the consortium member institutions in the framework of the TEMPUS IV Joint Project ViCES - Video Conferencing Educational Services (144650-TEMPUS-2008-IT-JPGR). In order to provide the basis for the development of a distance learning environment based on video conferencing systems and develop a blended learning courses methodology, the TEMPUS Project VICES (2009-2012) was launched in 2009. This publication collects the conclusion of the project and it reports the main outcomes together with the approach followed by the different partners towards the achievement of the project's goal. The book includes several contributions focussed on specific topics related to videoconferencing services, namely how to enable such services in educational contexts so that, the installation and deployment of videoconferencing systems could be conceived an integral part of virtual open campuses

Integração da Cloud com rede na perspectiva de operador

Mestrado em Engenharia Electrónica e TelecomunicaçõesCloud Computing (CC) tem sido nos últimos tempos um tema bastante mediático no mundo da tecnologia, sendo claras as suas potencialidades tanto em termos económicos como em ciência de recursos. Apesar destas valências, a adopção massiva deste paradigma está ainda condicionada por aspectos relacionados com interoperabilidade, segurança e Quality of Service (QoS). _E no sentido de colmatar estas condicionantes que surge o conceito de Cloud Networking, que consiste na integração das características de CC na rede. Actualmente a infraestrutura de rede _e baseada em tecnologias que foram desenhadas há muitos anos, numa altura em que o contexto e as necessidades do mundo das comunicações eram completamente distintas das necessidades actuais. Este fenómeno tem sido bastante abordado e referido como a ossificação da rede. Esta infra-estrutura é, actualmente, incapaz de dar resposta _as necessidades do CC, características como a dinâmica e flexibilidade não se reflectem na rede. No entanto, a rede e CC não podem ser dissociados, pois _e esta que estabelece uma ponte e permite o acesso a estes recursos por parte dos utilizadores influenciando negativamente o seu uso. No futuro, a virtualização de redes directamente na infra-estrutura dos operadores de rede irá permitir que os utilizadores interajam e utilizem recursos de rede de uma forma similar ao que fazem com os recursos de CC. O problema _e que esta tecnologia ainda está numa fase embrionária e ainda demorara algum tempo até que se torne uma realidade. Se a longo prazo a virtualização de rede deve ser vista como um objectivo a atingir, a curto prazo deverá ser feito um esforço no sentido de trazer algumas das qualidades referidas para as tecnologias de implementação de redes privadas já difundidas entre os operadores de rede. Actualmente as Virtual Private Networks (VPNs) são o mecanismo mais utilizado pelos utilizadores para integrar os recursos de CC com a sua própria infra-estrutura. No entanto, existem limitações porque esta integração _e processada de uma forma estática em escalas de tempo muito superiores aos de CC e na maioria das vezes obrigando os utilizadores a ter que interagir com uma diversidade de operadores. O objectivo principal desta Dissertação _e desenvolver um protótipo que valide o conceito de Cloud Networking utilizando interfaces e protocolos bem definidos, como _e o caso da Open Cloud Networking Interface (OCNI) e Open Cloud Computing Interface (OCCI). Este protótipo ir_a ser capaz de fornecer um serviço integrado de recursos de rede e CC em que o utilizador só irá ter que interagir com um único fornecedor. Isto obriga a que uma linha de comunicação seja estabelecida entre diferentes operadores para uma rápida e automática integração dos dois domínios. Nesta dissertação irão ser apresentados e estudados interfaces e protocolos que facilitem a interoperabilidade entre operadores com vista a sua implementação num protótipo. No domínio da rede irão ser desenvolvidas ferramentas que permitam o aprovisionamento de recursos com vista a integração de CC com a rede do operador. Irá também ser desenvolvido um orquestrador que permita a um utilizador, através de um único pedido, criar uma infra-estrutura que integre recursos de cloud e rede. Posteriormente irão ser efetuados testes de desempenho da instanciação de um serviço integrado de CC com a rede. Ainda no âmbito desta dissertação irá ser estudada uma plataforma de virtualização de rede na qual irão ser feitos testes de trafego sobre a mesma com vista _a sua integração no protótipo