A distributed cyber-security framework for heterogeneous environments

Evolving business models, computing paradigms, and management practices are rapidly re-shaping the usage models of ICT infrastructures, and demanding for more flexibility and dynamicity in enterprise security, beyond the traditional "security perimeter" approach. Since valuable ICT assets cannot be easily enclosed within a trusted physical sandbox any more, there is an increasing need for a new generation of pervasive and capillary cyber-security paradigms over distributed and geographically-scattered systems. Following the generalized trend towards virtualization, automation, software-definition, and hardware/software disaggregation, in this paper we elaborate on a multi-tier architecture made of a common, programmable, and pervasive data-plane and a powerful set of multi-vendor detection and analysis algorithms. Our approach leverages the growing level of programmability of ICT infrastructures to create a common and unified framework that could be used to monitor and protect distributed heterogeneous environments, including legacy enterprise networks, IoT installations, and virtual resources deployed in the cloud

Dynamic Model for the Energetic Optimization of Turbocompound Hybrid Powertrains

Abstract This paper presents the simulation activity carried out to analyze the power flows and the energy breakdown of an innovative hybrid-turbocompound powertrain, which will be employed in the 2014 F1 championship. The analyzed powertrain consists in a supercharged internal combustion engine integrated by two electric machines – connected respectively to the turbocharger shaft and to the engine shaft – a static converter and a battery. Simulations through Matlab-Simulink were carried out both in race and in qualifying conditions, obtaining useful information about the electric machines and battery duty cycles and about the calibration of the system operational algorithms during one lap

A New Paradigm to Address Threats for Virtualized Services

With the uptaking of virtualization technologies and the growing usage of public cloud infrastructures, an ever larger number of applications run outside of the traditional enterprise’s perimeter, and require new security paradigms that fit the typical agility and elasticity of cloud models in service creation and management. Though some recent proposals have integrated security appliances in the logical application topology, we argue that this approach is sub-optimal. Indeed, we believe that embedding security agents in virtualization containers and delegating the control logic to the software orchestrator provides a much more effective, flexible, and scalable solution to the problem. In this paper, we motivate our mindset and outline a novel framework for assessing cyber-threats of virtualized applications and services. We also review existing technologies that build the foundation of our proposal, which we are going to develop in the context of a joint research project

Electrical-Loss Analysis of Power-Split Hybrid Electric Vehicles

The growing development of hybrid electric vehicles (HEVs) has seen the spread of architectures with transmission based on planetary gear train, realized thanks to two electric machines. This architecture, by continuously regulating the transmission ratio, allows the internal combustion engine (ICE) to work in optimal conditions. On the one hand, the average ICE efficiency is increased thanks to better loading situations, while, on the other hand, electrical losses are introduced due to the power circulation between the two electrical machines mentioned above. The aim of this study is then to accurately evaluate electrical losses and the average ICE efficiency in various operating conditions and over different road missions. The models used in this study are presented for both the Continuously Variable Transmission (CVT) architecture and the Discontinuously Variable Transmission (DVT) architecture. In addition, efficiency maps of the main components are shown. Finally, the simulation results are presented to point out strengths and weaknesses of the CVT architecture

Automating Mitigation of Amplification Attacks in NFV Services

The combination of virtualization techniques with capillary computing and storage resources allows the instantiation of Virtual Network Functions throughout the network infrastructure, which brings more agility in the development and operation of network services. Beside forwarding and routing, this can be also used for additional functions, e.g., for security purposes. In this paper, we present a framework to systematically create security analytics for virtualized network services, specifically targeting the detection of cyber-attacks. Our framework largely automates the deployment of security sidecars into existing service templates and their interconnection to an external analytics platform. Notably, it leverages code augmentation techniques to dynamically inject and remove inspection probes without affecting service operation. We describe the implementation of a use case for the detection of DNS amplification attacks in virtualized 5G networks, and provide extensive evaluation of our innovative inspection and detection mechanisms. Our results demonstrate better efficiency with respect to existing network monitoring tools in terms of CPU usage, as well as good accuracy in detecting attacks even with variable traffic patterns

Chloe@University: An indoor, HMD-based mobile mixed reality guide

This paper describes an indoors, mobile mixed reality guide system: Chloe@University. With a see-through head-mounted display (HMD) connected to a hidden small computing device, Chloe@University provides users with an efficient way of guiding in a building. Augmented 3D virtual character in front of a user guides him/her to destination so that he/she can just follow the virtual guide after the user gives a voice command with desired destination to it. The most suitable virtual character is selected depending on a user’s preference for personalized service. For adapting to different indoor environments, the proposed system integrates various localization approaches. In addition, it supports different access right to a building map based on user profiles and security level