D-STREAMON: from middlebox to distributed NFV framework for network monitoring

Many reasons make NFV an attractive paradigm for IT security: lowers costs, agile operations and better isolation as well as fast security updates, improved incident responses and better level of automation. On the other side, the network threats tend to be increasingly complex and distributed, implying huge traffic scale to be monitored and increasingly strict mitigation delay requirements. Considering the current trend of the net- working and the requirements to counteract to the evolution of cyber-threats, it is expected that also network monitoring will move towards NFV based solutions. In this paper, we present D- StreaMon an NFV-capable distributed framework for network monitoring realized to face the above described challenges. It relies on the StreaMon platform, a solution for network monitoring originally designed for traditional middleboxes. An evolution path which migrates StreaMon from middleboxes to Virtual Network Functions (VNFs) has been realized.Comment: Short paper at IEEE LANMAN 2017. arXiv admin note: text overlap with arXiv:1608.0137

Impact of caries and dental fluorosis on oral health-related quality of life: a cross-sectional study in schoolchildren receiving water naturally fluoridated at above-optimal levels

Purpose The purpose of this study was to evaluate the impact of caries and fluorosis on oral health-related quality of life (OHRQoL) among schoolchildren living in areas with high concentrations of fluoride in water. Methods Five hundred and twenty-four schoolchildren (8–12 year olds) residing in rural communities in central Mexico were examined for oral hygiene, caries (International Caries Detection and Assessment System, ICDAS II), and fluorosis (Thylstrup and Fejerskov Index, TFI). OHRQoL was evaluated with the Child Perceptions Questionnaire for two age groups (CPQ8–10 and CPQ11–14). Generalized structural equation models were constructed for data analysis. Results Overall prevalence of caries was 88.5% and fluorosis 46.9%. In the group of 8–10 year olds, 48% of the children had advanced carious lesions in primary or permanent teeth (ICDAS ≥4), 22.6% had moderate/severe fluorosis, and 59.9% of children had an impact on OHRQoL. Schoolchildren with ICDAS ≥4 were more likely [OR = 1.75, (95% CI 1.34–2.28)] to suffer a negative impact on OHRQoL. In the group of 11–12 year olds, 19.9% of children had advanced carious lesions and 23.2% showed moderate/severe fluorosis; 67.3% of children reported had an impact on OHRQoL. Children 11–12 year olds with fluorosis (TFI ≥4) [OR = 2.39 (95% CI 2.12–2.69)], caries (ICDAS ≥4) [OR = 2.18 (95% CI 2.13–2.24)], and low brushing frequency [OR = 2.04 (95% CI 1.21–3.44)] were more likely to have deterioration on OHRQoL. Conclusion A negative impact on OHRQoL was observed in children with caries and fluorosis

LOcAl DEcisions on Replicated States (LOADER) in programmable data planes: programming abstraction and experimental evaluation

Programmable data planes recently emerged as a prominent innovation in Software Defined Networking (SDN), by permitting support of stateful flow processing functions over hardware network switches specifically designed for network processing. Unlike early SDN solutions such as OpenFlow, modern stateful data planes permit to keep (and dynamically update) local per-flow states inside network switches, thus dramatically improving reactiveness of network applications to state changes. Still, also in stateful data planes, the control and update of non-local states is assumed to be completely delegated to a centralized controller and thus accessed only at the price of extra delay. Our LOADER proposal aims at contrasting the apparent dichotomy between local states and global states. We do so by introducing a new possibility: permit to take localized (in-switch) decisions not only on local states but also on replicated global states, thus providing support for network-wide applications without incurring the drawbacks of classical approaches. To this purpose, i) we provide high-level programming abstractions devised to define the states and the update logic of a generic network-wide application, and ii) we detail the underlying low level state management and replication mechanisms. We then show LOADER's independence of the stateful data plane technology employed, by implementing it over two distinct stateful data planes (P4 switches and OPP - Open Packet Processor - switches), and by experimentally validating both implementations in an emulated testbed using a simple distributed Deny-of-Service (DoS) detection application

Per-application Mobility Management: Performance Evaluation of the UPMT Solution

Abstract — In this paper, we provide the performance evaluation of the UPMT (Universal Per-application Mobility management using Tunnels) solution. UPMT offers per-application mobility management, i.e. the capability of separately taking handover decisions for each application. UPMT supports legacy applications, private IP addressing/NATs and it is an overlay solution that does not require the access network to offer any specific support. We have implemented UPMT under Linux OS and made it available under the GPL Open Source license

Hyperion: A Case for Unified, Self-Hosting, Zero-CPU Data-Processing Units (DPUs)

Since the inception of computing, we have been reliant on CPU-powered architectures. However, today this reliance is challenged by manufacturing limitations (CMOS scaling), performance expectations (stalled clocks, Turing tax), and security concerns (microarchitectural attacks). To re-imagine our computing architecture, in this work we take a more radical but pragmatic approach and propose to eliminate the CPU with its design baggage, and integrate three primary pillars of computing, i.e., networking, storage, and computing, into a single, self-hosting, unified CPU-free Data Processing Unit (DPU) called Hyperion. In this paper, we present the case for Hyperion, its design choices, initial work-in-progress details, and seek feedback from the systems community