Improving Intent Correctness with Automated Testing

Intent-based networking (IBN) systems have become the de-facto control abstraction to drive self-service, self-healing, and self-optimized capabilities in service delivery processes. Nonetheless, the operation complexity of modern network infrastructures make network practitioners apprehensive towards adoption in production, requiring further evidence for correctness. In this paper, we argue that testing, verification and monitoring should become first-class citizens in reference IBN architecture, in order to improve the detection errors during operations. Towards this goal, we present an extension for an intent architecture that allows IBN system to validate the correctness of network configuration using realistic network emulation. Furthermore, we present an intent use-case that ensure correct operation in hybrid networks

DataPlane Broker:Open WAN control for multi-site service orchestration

NFV-MANO has become the de-facto standard for network service orchestration in future programmable network infrastructures. Relevant standards define an architecture and a data model that allows an orchestration entity to deploy, dynamically configure and monitor virtual and physical network functions across virtualized datacenters. Although the model offers extensive details for network function management and host-level network configuration, end-to-end connectivity management beyond the datacenter remains limited. The responsibility for cross-site connectivity is delegated to a control abstraction, the WAN Infrastructure Manager (WIM), which is partially defined in relevant standards. The reference implementation of the NFV-MANO standards, Open Source MANO (OSM), has recently released a reference WIM driver model, but no open-source WIM implementation is currently available, thus restricting the ability of researchers to experiment with multi-site service deployments. In this paper, we present the DataPlane Broker (DPB), the first open-source WIM implementation for software-defined networks. Using an extensive data model, DPB seamlessly translates NFV-MANO requirements into SDN configuration, supporting point-to-point and multipoint connectivity with strong bandwidth guarantees. DPB is integrated with OSM FIVE via a WIM plugin. Initial experiments highlight that path computation can scale to large network topologies and a large number of services, with negligible computational overheads, while DPB increases by less than 10% the overall deployment delay of an OSM service

RNAalifold: improved consensus structure prediction for RNA alignments

<p>Abstract</p> <p>Background</p> <p>The prediction of a consensus structure for a set of related RNAs is an important first step for subsequent analyses. RNAalifold, which computes the minimum energy structure that is simultaneously formed by a set of aligned sequences, is one of the oldest and most widely used tools for this task. In recent years, several alternative approaches have been advocated, pointing to several shortcomings of the original RNAalifold approach.</p> <p>Results</p> <p>We show that the accuracy of RNAalifold predictions can be improved substantially by introducing a different, more rational handling of alignment gaps, and by replacing the rather simplistic model of covariance scoring with more sophisticated RIBOSUM-like scoring matrices. These improvements are achieved without compromising the computational efficiency of the algorithm. We show here that the new version of RNAalifold not only outperforms the old one, but also several other tools recently developed, on different datasets.</p> <p>Conclusion</p> <p>The new version of RNAalifold not only can replace the old one for almost any application but it is also competitive with other approaches including those based on SCFGs, maximum expected accuracy, or hierarchical nearest neighbor classifiers.</p

Gene and genon concept: coding versus regulation: A conceptual and information-theoretic analysis of genetic storage and expression in the light of modern molecular biology

We analyse here the definition of the gene in order to distinguish, on the basis of modern insight in molecular biology, what the gene is coding for, namely a specific polypeptide, and how its expression is realized and controlled. Before the coding role of the DNA was discovered, a gene was identified with a specific phenotypic trait, from Mendel through Morgan up to Benzer. Subsequently, however, molecular biologists ventured to define a gene at the level of the DNA sequence in terms of coding. As is becoming ever more evident, the relations between information stored at DNA level and functional products are very intricate, and the regulatory aspects are as important and essential as the information coding for products. This approach led, thus, to a conceptual hybrid that confused coding, regulation and functional aspects. In this essay, we develop a definition of the gene that once again starts from the functional aspect. A cellular function can be represented by a polypeptide or an RNA. In the case of the polypeptide, its biochemical identity is determined by the mRNA prior to translation, and that is where we locate the gene. The steps from specific, but possibly separated sequence fragments at DNA level to that final mRNA then can be analysed in terms of regulation. For that purpose, we coin the new term “genon”. In that manner, we can clearly separate product and regulative information while keeping the fundamental relation between coding and function without the need to introduce a conceptual hybrid. In mRNA, the program regulating the expression of a gene is superimposed onto and added to the coding sequence in cis - we call it the genon. The complementary external control of a given mRNA by trans-acting factors is incorporated in its transgenon. A consequence of this definition is that, in eukaryotes, the gene is, in most cases, not yet present at DNA level. Rather, it is assembled by RNA processing, including differential splicing, from various pieces, as steered by the genon. It emerges finally as an uninterrupted nucleic acid sequence at mRNA level just prior to translation, in faithful correspondence with the amino acid sequence to be produced as a polypeptide. After translation, the genon has fulfilled its role and expires. The distinction between the protein coding information as materialised in the final polypeptide and the processing information represented by the genon allows us to set up a new information theoretic scheme. The standard sequence information determined by the genetic code expresses the relation between coding sequence and product. Backward analysis asks from which coding region in the DNA a given polypeptide originates. The (more interesting) forward analysis asks in how many polypeptides of how many different types a given DNA segment is expressed. This concerns the control of the expression process for which we have introduced the genon concept. Thus, the information theoretic analysis can capture the complementary aspects of coding and regulation, of gene and genon

Incorporating phylogenetic-based covarying mutations into RNAalifold for RNA consensus structure prediction

BACKGROUND: RNAalifold, a popular computational method for RNA consensus structure prediction, incorporates covarying mutations into a thermodynamic model to fold the aligned RNA sequences. When quantifying covariance, it evaluates conserved signals of two aligned columns with base-pairing rules. This scoring scheme performs better than some other approaches, such as mutual information. However it ignores the phylogenetic history of the aligned sequences, which is an important criterion to evaluate the level of sequence covariance. RESULTS: In this article, in order to improve the accuracy of consensus structure folding, we propose a novel approach named PhyloRNAalifold. It incorporates the number of covarying mutations on the phylogenetic tree of the aligned sequences into the covariance scoring of RNAalifold. The benchmarking results show that the new scoring scheme of PhyloRNAalifold can improve the consensus structure detection of RNAalifold. CONCLUSION: Incorporating additional phylogenetic information of aligned sequences into the covariance scoring of RNAalifold can improve its performance of consensus structures folding. This improvement is correlated with alignment characteristics, such as pair-wise identity and the number of sequences in the alignment

These aren’t the PLCs you’re looking for : Obfuscating PLCs to mimic Honeypots

Industry 4.0 and the trend of connecting legacy Industrial Control Systems (ICSs) to public networks have exposed these systems to various online threats. To combat these threats, honeypots have been widely used to provide proactive monitoring, detection and deception security capabilities. However, skilled attackers are now adept at fingerprinting and avoiding honeypots. Therefore, we take a fundamentally different approach in this paper. Instead of the honeypot representing a real system, we deploy it as a deterrent. Through obfuscation, the aim is to make an attacker believe the real system is a honeypot and collect threat intelligence data on the attacker. To achieve this, we introduce a new obfuscation technique that allows real ICSs to present themselves as honeypots. By taking advantage of honeypot fingerprinting techniques, we are able to deter attackers from interacting with the real Programmable Logic Controller (PLC) within the industrial network. The approach is implemented and evaluated using different penetration testing tools and an expert evaluation highlighting the benefits of obfuscation in that potential adversaries would be misled into assuming the PLC is a honeypot

A NEAT way to test-driven network management

The increasing softwarization of network infrastructures introduces an important challenge for network configuration. On the one hand, the growth of the network configuration space as a result of new device types and the expanding inter-dependence of network service components, increases the network configuration complexity. On the other hand, new service deployment architectures lack mechanisms to validate the impact of service configuration on network resilience. Network operators need to adopt new mechanisms to validate and verify network configuration changes, inspired by popular Continuous Integration/Continuous Development (CI/CD) mechanisms. This paper introduces Network Emulation-based Automated Testing (NEAT), an automated testing framework for network configuration. NEAT allows network managers to define network topologies and tests through YAML files and run realistic network topologies and tests. Furthermore, network managers can control the fidelity of their network tests and bound the execution time of testing suites, as well as exploit parallelization of modern servers to speedup test execution

Improving network resilience with Middlebox Minions

Resilience in networks has often relied on high availability to ensure minimal disruption to end users when faults occur, but this has grown difficult for retaining state with the growing popularity of hardware middleboxes -- blackbox hardware network functions that have served as an important part of network design in recent years. There is potential room for the introduction of Network Function Virtualisation (NFV) in the field of resilience in connection with middlebox usage. Rather than relying on overprovisioning, we propose Middlebox Minion (MiMi) VNF, a system design that can be inserted around inaccessible hardware. This recreates state in accordance with the middlebox function, using NFV to establish stateful failover mechanisms without the need to replace existing hardware. The experiment we present is a failover analogy examining the importance of state retention and the complexities involved with inaccessible hardware. Results suggest a promising improvement of connection quality and up to 60% lower loss when state can be preserved across failover instances, as well as potential for further exploration of the topic area