On the Fly Orchestration of Unikernels: Tuning and Performance Evaluation of Virtual Infrastructure Managers

Network operators are facing significant challenges meeting the demand for more bandwidth, agile infrastructures, innovative services, while keeping costs low. Network Functions Virtualization (NFV) and Cloud Computing are emerging as key trends of 5G network architectures, providing flexibility, fast instantiation times, support of Commercial Off The Shelf hardware and significant cost savings. NFV leverages Cloud Computing principles to move the data-plane network functions from expensive, closed and proprietary hardware to the so-called Virtual Network Functions (VNFs). In this paper we deal with the management of virtual computing resources (Unikernels) for the execution of VNFs. This functionality is performed by the Virtual Infrastructure Manager (VIM) in the NFV MANagement and Orchestration (MANO) reference architecture. We discuss the instantiation process of virtual resources and propose a generic reference model, starting from the analysis of three open source VIMs, namely OpenStack, Nomad and OpenVIM. We improve the aforementioned VIMs introducing the support for special-purpose Unikernels and aiming at reducing the duration of the instantiation process. We evaluate some performance aspects of the VIMs, considering both stock and tuned versions. The VIM extensions and performance evaluation tools are available under a liberal open source licence

RDCL 3D, a Model Agnostic Web Framework for the Design and Composition of NFV Services

We present RDCL 3D, a "model agnostic" web framework for the design and composition of NFV services and components. The framework allows editing and validating the descriptors of services and components both textually and graphically and supports the interaction with external orchestrators or with deployment and execution environments. RDCL 3D is open source and designed with a modular approach, allowing developers to "plug in" the support for new models. We describe several advances with respect to the NFV state of the art, which have been implemented with RDCL 3D. We have integrated in the platform the latest ETSI NFV ISG model specifications for which no parsers/validators were available. We have also included in the platform the support for OASIS TOSCA models, reusing existing parsers. Then we have considered the modelling of components in a modular software router (Click), which goes beyond the traditional scope of NFV. We have further developed this approach by combining traditional NFV components (Virtual Network Functions) and Click elements in a single model. Finally, we have considered the support of this solution using the Unikernels virtualization technology.Comment: Accepted pape

Secure Path: Block-Chaining IoT Information for Continuous Authentication in Smart Spaces

The Internet of Things offers a wide range of possibilities that can be exploited more or less explicitly for user authentication, ranging from specifically designed systems including biometric devices to environmental sensors that can be opportunistically used to feed behavioural authentication systems. How to integrate all this information in a reliable way to get a continuous authentication service presents several open challenges. Among these: how to combine semi-trusted information coming from non-tamper-proof sensors, where to store such data avoiding a single point of failure, how to analyse data in a distributed way, which interface to use to provide an authentication service to a multitude of different services and applications. In this paper, we present a Blockchain-based architectural solution of a distributed system able to transform IoT interactions into useful data for an authentication system. The design includes: (i) a security procedure to certify users’ positions and identities, (ii) a secure storage to hold this information, and (iii) a service to dynamically assign a trust level to a user’s position. We call this system “Secure Path”

WI-FAB: Attribute-based WLAN access control, without pre-shared keys and backend infrastructures

Two mainstream techniques are traditionally used to authorize access to a WiFi network. Small scale networks usually rely on the offline distribution of a WPA/WPA2 static preshared secret key (PSK); security hence relies on the fact that this PSK is not leaked by end user, and is not disclosed via dictionary or brute-force attacks. On the other side, Enterprise and large scale networks typically employ online authorization using an 802.1X-based authentication service leveraging a backend online infrastructure (e.g. Radius servers/proxies). In this work, we propose a new mechanism which does not require neither online operation nor backend access control infrastructure, but which does not force us to rely on a static pre-shared secret key. The idea is very simple, yet effective: directly broadcast in the WLAN beacons an encrypted version of the secret key required to access the WLAN network, so that only the users which possess suitable authorization credentials can decrypt and use it. This proposed approach clearly decouples the management of authorization credentials, issued offline to the authorized end users, from the actual secret key used in the WLAN network, which can thus be in principle changed at each new user's access. The solution described in the paper relies on attribute-based encryption, and is designed to be compatible with WPA2 and deployable within standard 802.11 management frames. Since no user identification is required (access control is based on attributes rather than on the user identity), the proposed approach further improves privacy. We demonstrate the feasibility of the proposed solution via a concrete implementation in Linux-based devices and via relevant testing in a real-world experimental setup

A Minimally Invasive Antenna for Microwave Ablation Therapies: Design, Performances, and Experimental Assessment

A new coaxial antenna for microwave ablation therapies is proposed. The antenna design includes a miniaturized choke and an arrowhead cap to facilitate antenna insertion into the tissues. Antenna matching and the shape and dimension of the area of ablated tissue (thermal lesion) obtained in ex vivo conditions are evaluated both numerically and experimentally, finding an optimal agreement between numerical and experimental data. Results show that the antenna is well matched, and that it is able to produce a thermal lesion with an average length of 6.5 cm and an average diameter of 4.5 cm in ex vivo bovine liver when irradiates 60 W for 10 min. Finally, the dependence of antenna performances on possible changes in the antenna's structure is investigated, finding an optimal stability with respect to manufacturing tolerances and highlighting the fundamental role played by the antenna's choke

External memory simplification of huge meshes

Consiglio Nazionale delle Ricerche - Biblioteca Centrale - P.le Aldo Moro, 7 Rome / CNR - Consiglio Nazionale delle RichercheSIGLEITItal