A Survey on the Contributions of Software-Defined Networking to Traffic Engineering

Since the appearance of OpenFlow back in 2008, software-defined networking (SDN) has gained momentum. Although there are some discrepancies between the standards developing organizations working with SDN about what SDN is and how it is defined, they all outline traffic engineering (TE) as a key application. One of the most common objectives of TE is the congestion minimization, where techniques such as traffic splitting among multiple paths or advanced reservation systems are used. In such a scenario, this manuscript surveys the role of a comprehensive list of SDN protocols in TE solutions, in order to assess how these protocols can benefit TE. The SDN protocols have been categorized using the SDN architecture proposed by the open networking foundation, which differentiates among data-controller plane interfaces, application-controller plane interfaces, and management interfaces, in order to state how the interface type in which they operate influences TE. In addition, the impact of the SDN protocols on TE has been evaluated by comparing them with the path computation element (PCE)-based architecture. The PCE-based architecture has been selected to measure the impact of SDN on TE because it is the most novel TE architecture until the date, and because it already defines a set of metrics to measure the performance of TE solutions. We conclude that using the three types of interfaces simultaneously will result in more powerful and enhanced TE solutions, since they benefit TE in complementary ways.European Commission through the Horizon 2020 Research and Innovation Programme (GN4) under Grant 691567 Spanish Ministry of Economy and Competitiveness under the Secure Deployment of Services Over SDN and NFV-based Networks Project S&NSEC under Grant TEC2013-47960-C4-3-

Context-Aware Policy Analysis for Distributed Usage Control

To boost data spaces and benefit from the great opportunities that they present, data sovereignty must be provided by Distributed Usage Control (DUC). Assuming that DUC will be managed by implementing and enforcing policies, notable efforts have already been undertaken in the context of Access Control (AC) regarding policy analysis due to the impact of low-quality policies on security. In this regard, this paper proposes that policy analysis in the DUC context should be understood as an extension of the AC, which is further affected by other challenging features, chief among which are context-aware control and extended control through action requirements. This paper presents a novel Context-Aware Policy Analysis (CAPA) algorithm for detecting inconsistencies and redundancies for DUC policies by supporting a large set of heterogeneous conditions. In this regard, the dependent relationship of conditions is formulated which will lead to more efficient conflict detection. By implementing this concept, a novel tree structure that combines a resource and a policy structure is presented to search for and compare relevant rules from policies. Built on the tree structure and through the formalization of rule conflicts, CAPA is developed and the security and performance it provides is tested in a wind energy use case.This research was partly supported by the project HODEI-X (KK-2021/00049), funded by SPRI-Basque Government through the ELKARTEK program

Continuous Quantitative Risk Management in Smart Grids Using Attack Defense Trees

Although the risk assessment discipline has been studied from long ago as a means to support security investment decision-making, no holistic approach exists to continuously and quantitatively analyze cyber risks in scenarios where attacks and defenses may target different parts of Internet of Things (IoT)-based smart grid systems. In this paper, we propose a comprehensive methodology that enables informed decisions on security protection for smart grid systems by the continuous assessment of cyber risks. The solution is based on the use of attack defense trees modelled on the system and computation of the proposed risk attributes that enables an assessment of the system risks by propagating the risk attributes in the tree nodes. The method allows system risk sensitivity analyses to be performed with respect to different attack and defense scenarios, and optimizes security strategies with respect to risk minimization. The methodology proposes the use of standard security and privacy defense taxonomies from internationally recognized security control families, such as the NIST SP 800-53, which facilitates security certifications. Finally, the paper describes the validation of the methodology carried out in a real smart building energy efficiency application that combines multiple components deployed in cloud and IoT resources. The scenario demonstrates the feasibility of the method to not only perform initial quantitative estimations of system risks but also to continuously keep the risk assessment up to date according to the system conditions during operation.This research leading to these results was funded by the EUROPEAN COMMISSION, grant number 787011 (SPEAR Horizon 2020 project) and 780351 (ENACT Horizon 2020 project)

Continuous Quantitative Risk Management in Smart Grids Using Attack Defense Trees

Although the risk assessment discipline has been studied from long ago as a means to support security investment decision-making, no holistic approach exists to continuously and quantitatively analyze cyber risks in scenarios where attacks and defenses may target different parts of Internet of Things (IoT)-based smart grid systems. In this paper, we propose a comprehensive methodology that enables informed decisions on security protection for smart grid systems by the continuous assessment of cyber risks. The solution is based on the use of attack defense trees modelled on the system and computation of the proposed risk attributes that enables an assessment of the system risks by propagating the risk attributes in the tree nodes. The method allows system risk sensitivity analyses to be performed with respect to different attack and defense scenarios, and optimizes security strategies with respect to risk minimization. The methodology proposes the use of standard security and privacy defense taxonomies from internationally recognized security control families, such as the NIST SP 800-53, which facilitates security certifications. Finally, the paper describes the validation of the methodology carried out in a real smart building energy efficiency application that combines multiple components deployed in cloud and IoT resources. The scenario demonstrates the feasibility of the method to not only perform initial quantitative estimations of system risks but also to continuously keep the risk assessment up to date according to the system conditions during operation.This research leading to these results was funded by the EUROPEAN COMMISSION, grant number 787011 (SPEAR Horizon 2020 project) and 780351 (ENACT Horizon 2020 project)

A Multi Bearer Adaptable Communication Demonstrator for Train-to-Ground IP Communication to Increase Resilience

Preprint versionThis paper presents the setup of a demonstrator based on Multipath TCP protocol to provide a multi bearer—WiFi and WiMAX— and resilient agnostic layer to support train-to-ground IP communica- tion. The adaptable communication and resilient architecture consists of three main blocks: an Acquisition System, a Detection System and a Multipath Communication System. Several tests carried out with jam- ming devices disturbing the data transfer established between the end devices demonstrate the resilient capability and performance of the pro- posed architecture to overcome electromagnetic attacks.The work described in this paper is partially supported by the EU FP7-SEC-2011-1 Collaborative Research Project entitled SECRET and by the Spanish Ministry of Economy and Competitiveness through the SAREMSIG TEC2013- 47012-C2 project (Contribution to a Safe Railway Operation: Evaluating the effect of Electromagnetic Disturbances on Railway Control Signalling Systems). This work is produced within the Training and Research Unit UFI11/16 funded by the UPV/EHU

Nuevos modelos para la provisión de servicios comerciales basados en Grid

En este artículo se va a presentar un trabajo en curso, en el que se plantean varios esquemas para la comercialización de servicios basados en el paradigma Grid (en la acepción más amplia, el uso de recursos distribuidos de una manera colaborativa) diseñados para ser ofrecidos con la participación de un ISP. Se estudiarán las características que tiene que tener un servicio de este tipo y se describirá más a fondo el tercero de los esquemas propuestos y el servicio escogido denominado de "almacenamiento perdurable". Se discutirá brevemente su arquitectura y los criterios de diseño a utilizar

Eurobalise-Train communication modelling to assess interferences in railway control signalling systems

The evolution of the railway sector depends, to a great extent, on the deployment of advanced railway signalling systems. These signalling systems are based on communication architectures that must cope with complex electromagnetical environments. This paper is outlined in the context of developing the necessary tools to allow the quick deployment of these signalling systems by contributing to an easier analysis of their behaviour under the effect of electromagnetical interferences. Specifically, this paper presents the modelling of the Eurobalise-train communication flow in a general purpose simulation tool. It is critical to guarantee this communication link since any lack of communication may lead to a stop of the train and availability problems. In order to model precisely this communication link we used real measurements done in a laboratory equipped with elements defined in the suitable subsets. Through the simulation study carried out, we obtained performance indicators of the physical layer such as the received power, SNR and BER. The modelling presented in this paper is a required step to be able to provide quality of service indicators related to perturbed scenarios.The work described in this paper is partially supported by the EU FP7-SEC-2011-1 Col-laborative Research Project entitled SECRET—SECurity of Railways against Electromagnetic aTtacks—and by the EU FP7 Research Project entitled EATS—ETCS Advanced Design Test- ing and Smart Train Positioning System. This work is also supported by the Spanish Min- istry of Economy and Competitiveness through the SAREMSIG TEC2013-47012-C2 project— Contribution to a Safe Railway Operation: Evaluating the effect of Electromagnetic Disturb- ances on Railway Control Signalling Systems. This work is partially produced within the Training and Research Unit UFI11/16 funded by the UPV/EHU