A pattern-based framework for the design of secure and dependable SDN/NFV-enabled networks

As the world becomes an interconnected network where objects and humans interact, cyber and physical networks appear to play an important role in smart ecosystems due to their increasing use on critical infrastructure and smart cities. Software Defined Networking (SDN) and Network Function Virtualisation (NFV) are a promising combination for programmable connectivity, rapid service provisioning and service chaining as they offer the necessary end-to-end optimisations. However, with the actual exponential growth of connected devices, future networks, such as SDN and NFV, require open architectures, facilitated by standards and a strong ecosystem.In this thesis, a model-based approach is proposed to support the design and verification of secure and dependable SDN/NFV-enabled networks. The model is based on the development of a pattern-based approach to design executable patterns as solutions for reusable designs and interactions of objects, encoded in a rule based reasoning system, able to guarantee security and dependability (S&D) properties in SDN/NFV enabled networks. To execute S&D patterns, a pattern based framework is implemented for the insertion of patterns at design and at runtime level. The developed pattern framework highlights also the benefit of leveraging the flexibility of SDN/NFV-enabled networks to deploy enhanced reactive security mechanisms for the protection of the industrial network via the use of service function chaining (SFC). To prove the importance of this approach and the functionality of the pattern framework, different pattern instances are implemented to guarantee S&D in network infrastructures. The developed design patterns are able to design network topologies, guarantee network properties and offer security service provisioning and chaining. Finally, in order to evaluate the developed patterns in the pattern framework, three different use cases are described, where a number of usage scenarios are deployed and evaluated experimentally

The approximate Determinantal Assignment Problem

The Determinantal Assignment Problem (DAP) has been introduced as the unifying description of all frequency assignment problems in linear systems and it is studied in a projective space setting. This is a multi-linear nature problem and its solution is equivalent to finding real intersections between a linear space, associated with the polynomials to be assigned, and the Grassmann variety of the projective space. This paper introduces a new relaxed version of the problem where the computation of the approximate solution, referred to as the approximate DAP, is reduced to a distance problem between a point in the projective space from the Grassmann variety Gm(Rn). The cases G2(Rn) and its Hodge-dual Gn−2(Rn) are examined and a closed form solution to the distance problem is given based on the skew-symmetric matrix description of multivectors via the gap metric. A new algorithm for the calculation of the approximate solution is given and stability radius results are used to investigate the acceptability of the resulting perturbed solutions

Communications in emergency and crisis situations

In emergency and crisis situations (ECS) like earthquakes, tsunamis, terrorist attacks, it is very important that communication facilities are operative to provide services both to rescue teams and civilians. In ECS it is very common that communication premises are often unable to provide services, either due to physical damages or traffic overload. In such a case there is the need for rapid reestablishment of communication services. In this paper the communication services that can be exploited for ECS mitigation are discussed. The usage scenarios of such services are studied. Following that and looking from a network perspective view an ECS communication network architecture is presented. This architecture aims to provide seamless interoperability of varies communication technologies often present in ECS to provide an ECS communication solution. © 2014 Springer International Publishing Switzerland

Towards a Security, Privacy, Dependability, Interoperability Framework for the Internet of Things

A popular application of ambient intelligence systems constitutes of assisting living services on smart buildings. As intelligence is imported in embedded equipment, the system becomes able to provide smart services (e.g. control lights, airconditioning, provide energy management services etc.). IoT is the main enabler of such environments. However, the interconnection of these cyber-physical systems and the processing of personal data raise serious security and privacy issues. In this paper we present a framework that can guarantee Security, Privacy, Dependability and Interoperability (SPDI) in IoT. Taking advantage of the underlying IoT deployment, the proposed framework not only implements the requested smart functionality but also provide modelling and administration that can guarantee those SPDI properties. Moreover, we provide an application example of the framework in a smart building scenario

Fault Tolerance Using an SDN Pattern Framework

Software Defined Networking (SDN) and Network Function Virtualization (NFV) are a promising combination for programmable connectivity, rapid service provisioning and service chaining as they offer the necessary end-to-end optimizations. However, with the actual exponential growth of connected devices, future networks such as SDN/NFV require an open-solutions architecture, facilitated by standards and a strong ecosystem. Such networks need to support communication services that offers guarantees about fault tolerance, redundancy, resilience and security. The construction of complex networks preserving Security and Dependability (S&D) properties is necessary to avoid system vulnerabilities, which may occur in the various layers of SDN architectures. In this work, we propose a pattern framework build in an SDN controller able to import design patterns in a rule-based language in order to provide fault tolerance in SDN networks. To evaluate the importance and the functionality of this framework, fault tolerance patterns are proposed to guarantee network connectivity, detection and restoration of network traffic in SDN network infrastructures

Essays on Public Economics

Modern states feature an extensive government bureaucracy, whose role is present in virtually all functions of the economy. The unifying theme of the three distinct papers in this dissertation is the role of government in a modern economy. In the first chapter, I look at taxes on bequests, the transfers of wealth from parents to their children when they pass away, and how they affect the labor supply of the parents, exploiting a policy change that reduced taxes. A tax cut implies a higher net-of-tax estate value, creating a wealth effect, which reduces labor supply, and a price effect, which raises it. Results indicate a clear reduction in participation, with the wealth effect dominating. I find an approximate reduction in participation of around 10% over the baseline. The second chapter looks at the effect of unemployment insurance (UI) on crime. Crime fell sharply in the United States during the Great Recession, at a time of rising joblessness. This was a puzzle: crime is expected to rise, not fall, when unemployment rises. I show that UI extensions can account for part of the puzzle, explaining why crime did not rise. The higher propensity to commit crimes associated with higher unemployment was mitigated by the fact that UI was more generous. State-level variation in extension rules provide exogenous identifying variation in benefit length. I estimate that in places with an additional $1,000 rise in UI per-unemployed-person (annually), crime would have been 1.5% higher were it not for the extensions. The final chapter studies how government policies may have hindered recovery in Greece during the recent crisis. Despite a large reduction in labor costs, Greece failed to engineer an export-led growth. I examine how taxes and trade costs can explain this. Energy tax hikes raised the cost of wholesale energy. VAT also rose, disproportionately affecting tradables, while there was no reduction of the substantial trade costs burdening Greek exports. Using a small-scale New-Keynesian small-open-economy model, I find that a 20% reduction in trade costs would mean 8% more exports within 10 quarters. VAT and energy costs can partially explain why exports fell

The approximate determinantal assignment problem

The Determinantal Assignment Problem (DAP) is one of the central problems of Algebraic Control Theory and refers to solving a system of non-linear algebraic equations to place the critical frequencies of the system to specied locations. This problem is decomposed into a linear and a multi-linear subproblem and the solvability of the problem is reduced to an intersection of a linear variety with the Grassmann variety. The linear subproblem can be solved with standard methods of linear algebra, whereas the intersection problem is a problem within the area of algebraic geometry. One of the methods to deal with this problem is to solve the linear problem and then and which element of this linear space is closer - in terms of a metric - to the Grassmann variety. If the distance is zero then a solution for the intersection problem is found, otherwise we get an approximate solution for the problem, which is referred to as the approximate DAP. In this thesis we examine the second case by introducing a number of new tools for the calculation of the minimum distance of a given parametrized multi-vector that describes the linear variety implied by the linear subproblem, from the Grassmann variety as well as the decomposable vector that realizes this least distance, using constrained optimization techniques and other alternative methods, such as the SVD properties of the so called Grassmann matrix, polar decompositions and mother tools. Furthermore, we give a number of new conditions for the appropriate nature of the approximate polynomials which are implied by the approximate solutions based on stability radius results. The approximate DAP problem is completely solved in the 2-dimensional case by examining uniqueness and non-uniqueness (degeneracy) issues of the decompositions, expansions to constrained minimization over more general varieties than the original ones (Generalized Grassmann varieties), derivation of new inequalities that provide closed-form non-algorithmic results and new stability radii criteria that test if the polynomial implied by the approximate solution lies within the stability domain of the initial polynomial. All results are compared with the ones that already exist in the respective literature, as well as with the results obtained by Algebraic Geometry Toolboxes, e.g., Macaulay 2. For numerical implementations, we examine under which conditions certain manifold constrained algorithms, such as Newton's method for optimization on manifolds, could be adopted to DAP and we present a new algorithm which is ideal for DAP approximations. For higher dimensions, the approximate solution is obtained via a new algorithm that decomposes the parametric tensor which is derived by the system of linear equations we mentioned before

A pattern-based approach for designing reliable cyber-physical systems

Cyber-Physical Systems (CPS) appear to be of paramount importance due to their increasing use on critical infrastructure. New challenges have occurred because of the nature and the complexity of such systems in supporting heterogeneous physical and cyber components simultaneously. Failures or attacks on system components decrease system reliability creating severe consequences to CPS and the attached applications. The construction of complex CPS with respect to security and dependability (SandD) properties is necessary to avoid system vulnerabilities at design level. Design patterns are solutions for reusable designs and interactions of objects. In this work we present a pattern-based language for designing CPS able to guarantee SandD properties. The first set of SandD patterns includes the Reliability Component Composition (RCC) Patterns for designing reliable CPS. RCC patterns are encoded in Drools, which is a rule-based reasoning system. To evaluate our approach, we use RCC patterns as a methodology for designing a reliable wireless sensor network attached to a physical architecture to send monitored data to a central controller through relay nodes and paths

A lightweight framework for secure life-logging in smart environments

As the world becomes an interconnected network where objects and humans interact with each other, new challenges and threats appear in the ecosystem. In this interconnected world, smart objects have an important role in giving users the chance for life-logging in smart environments. However, smart devices have several limitations with regards to memory, resources and computation power, hindering the opportunity to apply well-established security algorithms and techniques for secure life-logging on the Internet of Things (IoT) domain. The need for secure and trustworthy life-logging in smart environments is vital, thus, a lightweight approach has to be considered to overcome the constraints of smart objects. The purpose of this paper is to present in details the current topics of life-logging in smart environments, while describing interconnection issues, security threats and suggesting a lightweight framework for ensuring security, privacy and trustworthy life-logging. In order to investigate the efficiency of the lightweight framework and the impact of the security attacks on energy consumption, an experimental test-bed was developed including two interconnected users and one smart attacker, who attempts to intercept transmitted messages or interfere with the communication link. Several mitigation factors, such as power control, channel assignment and AES-128 encryption were pplied for secure life-logging. Finally, research into the degradation of the consumed energy regarding the described intrusions is presented