A model for the analysis of security policies in service function chains

Two emerging architectural paradigms, i.e., Software Defined Networking (SDN) and Network Function Virtualization (NFV), enable the deployment and management of Service Function Chains (SFCs). A SFC is an ordered sequence of abstract Service Functions (SFs), e.g., firewalls, VPN-gateways,traffic monitors, that packets have to traverse in the route from source to destination. While this appealing solution offers significant advantages in terms of flexibility, it also introduces new challenges such as the correct configuration and ordering of SFs in the chain to satisfy overall security requirements. This paper presents a formal model conceived to enable the verification of correct policy enforcements in SFCs. Software tools based on the model can then be designed to cope with unwanted network behaviors (e.g., security flaws) deriving from incorrect interactions of SFs in the same SFC

Wetting Behavior of Ternary Au-Ge-X (X=Sb, Sn) Alloys on Cu and Ni

Au-Ge-based alloys are potential substitutes for Pb-rich solders currently used for high-temperature applications. In the present work, the wetting behavior of two Au-Ge-X (X=Sb, Sn) ternary alloys, i.e., Au-15Ge-17Sb and Au-13.7 Ge-15.3Sn (at.%), in contact with Cu and Ni substrates has been investigated. Au-13.7Ge-15.3Sn alloy showed complete wetting on both Cu and Ni substrates. Total spreading of Au-15Ge-17Sb alloy on Cu was also observed, while the final contact angle of this alloy on Ni was about 29°. Pronounced dissolution of Cu substrates into the solder alloys investigated was detected, while the formation of Ni-Ge intermetallic compounds at the interface of both solder/Ni systems suppressed the dissolution of Ni into the solde

A hybrid threat model for smart systems

Cyber-physical systems and their smart components have a pervasive presence in all our daily activities. Unfortunately, identifying the potential threats and issues in these systems and selecting enough protection is challenging given that such environments combine human, physical and cyber aspects to the system design and implementation. Current threat models and analysis do not take into consideration all three aspects of the analyzed system, how they can introduce new vulnerabilities or protection measures to each other. In this work, we introduce a novel threat model for cyber-physical systems that combines the cyber, physical, and human aspects. Our model represents the system's components relations and security properties by taking into consideration these three aspects. Together with the threat model we also propose a threat analysis method that allows understanding the security state of the system's components. The threat model and the threat analysis have been implemented into an automatic tool, called TAMELESS, that automatically analyzes threats to the system, verifies its security properties, and generates a graphical representation, useful for security architects to identify the proper prevention/mitigation solutions. We show and prove the use of our threat model and analysis with three cases studies from different sectors

A novel approach for security function graph configuration and deployment

Network virtualization increased the versatility in enforcing security protection, by easing the development of new security function implementations. However, the drawback of this opportunity is that a security provider, in charge of configuring and deploying a security function graph, has to choose the best virtual security functions among a pool so large that makes manual decisions unfeasible. In light of this problem, the paper proposes a novel approach for synthesizing virtual security services by introducing the functionality abstraction. This new level of abstraction allows to work in the virtual level without considering the different function implementations, with the objective to postpone the function selection jointly with the deployment, after the configuration of the virtual graph. This novelty enables to optimize the function selection when the pool of available functions is very large. A framework supporting this approach has been implemented and it showed adequate scalability for the requirements of modern virtual networks

Inhomogeneous Point-Processes to Instantaneously Assess Affective Haptic Perception through Heartbeat Dynamics Information

This study proposes the application of a comprehensive signal processing framework, based on inhomogeneous point-process models of heartbeat dynamics, to instantaneously assess affective haptic perception using electrocardiogram-derived information exclusively. The framework relies on inverse-Gaussian point-processes with Laguerre expansion of the nonlinear Wiener-Volterra kernels, accounting for the long-term information given by the past heartbeat events. Up to cubic-order nonlinearities allow for an instantaneous estimation of the dynamic spectrum and bispectrum of the considered cardiovascular dynamics, as well as for instantaneous measures of complexity, through Lyapunov exponents and entropy. Short-term caress-like stimuli were administered for 4.3?25?seconds on the forearms of 32 healthy volunteers (16 females) through a wearable haptic device, by selectively superimposing two levels of force, 2?N and 6?N, and two levels of velocity, 9.4?mm/s and 65?mm/s. Results demonstrated that our instantaneous linear and nonlinear features were able to finely characterize the affective haptic perception, with a recognition accuracy of 69.79% along the force dimension, and 81.25% along the velocity dimension

Ab initio simulations of the Ag(111)/Al2O3 interface at intermediate oxygen partial pressures

The relative stability of different realizations of the Ag(111)/Alumina interfaces with varying oxygen partial pressures is investigated by means of ab initio density functional theory (DFT) simulations. Previous theoretical studies of similar systems always involve oversimplified geometries like stoichiometric Al-terminated, Al-rich, or O-terminated alumina interfaces. Such framework cannot explain the experimental behavior observed at intermediate oxygen partial pressure. Our approach, instead, suggests that the oxygen at the interface can play an important role at intermediate concentrations, leading to a more realistic interpretation of the experimental dat

Towards a Framework for Automatic Firewalls Configuration via Argumentation Reasoning

Firewalls have been widely used to protect not only small and local networks but also large enterprise networks. The configuration of firewalls is mainly done by network administrators, thus, it suffers from human errors. This paper aims to solve the network administrators' problem by introducing a formal approach that helps to configure centralized and distributed firewalls and automatically generate conflict-free firewall rules. We propose a novel framework, called ArgoFiCo, which is based on argumentation reasoning. Our framework automatically populates the firewalls of a network, given the network topology and the high-level requirements that represent how the network should behave. ArgoFiCo provides two strategies for firewall rules distribution