An architecture for a heterogeneous private IaaS management system

Cloud computing and, more particularly, private IaaS, is seen as a mature technology with a myriad solutions tochoose from. However, this disparity of solutions and products has instilled in potential adopters the fear of vendor and data lock-in. Several competing and incompatible interfaces and management styles have given even more voice to these fears. On top of this, cloud users might want to work with several solutions at the same time, an integration that is difficult to achieve in practice. In this paper, we propose a management architecture that tries to tackle these problems; it offers a common way of managing several cloud solutions, and an interface that can be tailored to the needs of the user. This management architecture is designed in a modular way, and using a generic information model. We have validated our approach through the implementation of the components needed for this architecture to support a sample private IaaS solution: OpenStack

A federated repository for PaaS components in a multi-cloud environment

Cloud computing has seen an impressive growth in recent years, with virtualization technologies being massively adopted to create IaaS (Infrastructure as a Service) public and private solutions. Today, the interest is shifting towards the PaaS (Platform as a Service) model, which allows developers to abstract from the execution platform and focus only on the functionality. There are several public PaaS offerings available, but currently no private PaaS solution is ready for production environments. To fill this gap a new solution must be developed. In this paper we present a key element for enabling this model: a cloud repository based on the OSGi component model. The repository stores, manages, provisions and resolves the dependencies of PaaS software components and services. This repository can federate with other repositories located in the same or different clouds, both private and public. This way, dependencies can be fulfilled collaboratively, and new business models can be implemented.

An online failure prediction system for private IaaS platforms

The size and complexity of cloud environments make them prone to failures. The traditional approach to achieve a high dependability for these systems relies on constant monitoring. However, this method is purely reactive. A more proactive approach is provided by online failure prediction (OFP) techniques. In this paper, we describe a OFP system for private IaaS platforms, currently under development, that combines di_erent types of data input, including monitoring information, event logs, and failure data. In addition, this system operates at both the physical and virtual planes of the cloud, taking into account the relationships between nodes and failure propagation mechanisms that are unique to cloud environments.

MultiPARTES: Multicore Virtualization for Mixed-Criticality Systems

Modern embedded applications typically integrate a multitude of functionalities with potentially different criticality levels into a single system. Without appropriate preconditions, the integration of mixed-criticality subsystems can lead to a significant and potentially unacceptable increase of engineering and certification costs. A promising solution is to incorporate mechanisms that establish multiple partitions with strict temporal and spatial separation between the individual partitions. In this approach, subsystems with different levels of criticality can be placed in different partitions and can be verified and validated in isolation. The MultiPARTES FP7 project aims at supporting mixed- criticality integration for embedded systems based on virtualization techniques for heterogeneous multicore processors. A major outcome of the project is the MultiPARTES XtratuM, an open source hypervisor designed as a generic virtualization layer for heterogeneous multicore. MultiPARTES evaluates the developed technology through selected use cases from the offshore wind power, space, visual surveillance, and automotive domains. The impact of MultiPARTES on the targeted domains will be also discussed. In a number of ongoing research initiatives (e.g., RECOMP, ARAMIS, MultiPARTES, CERTAINTY) mixed-criticality integration is considered in multicore processors. Key challenges are the combination of software virtualization and hardware segregation and the extension of partitioning mechanisms to jointly address significant non-functional requirements (e.g., time, energy and power budgets, adaptivity, reliability, safety, security, volume, weight, etc.) along with development and certification methodology.

Ada real-time services and virtualization

Virtualization techniques have received increased attention in the field of embedded real-time systems. Such techniques provide a set of virtual machines that run on a single hardware platform, thus allowing several application programs to be executed as though they were running on separate machines, with isolated memory spaces and a fraction of the real processor time available to each of them.This papers deals with some problems that arise when implementing real-time systems written in Ada on a virtual machine. The effects of virtualization on the performance of the Ada real-time services are analysed, and requirements for the virtualization layer are derived. Virtual-machine time services are also defined in order to properly support Ada real-time applications. The implementation of the ORK+ kernel on the XtratuM supervisor is used as an example.

Virtualization of event sources in wireless sensor networks for the Internet of Things

Wireless Sensor Networks (WSNs) are generally used to collect information from the environment. The gathered data are delivered mainly to sinks or gateways that become the endpoints where applications can retrieve and process such data. However, applications would also expect from a WSN an event-driven operational model, so that they can be notified whenever occur some specific environmental changes instead of continuously analyzing the data provided periodically. In either operational model, WSNs represent a collection of interconnected objects, as outlined by the Internet of Things. Additionally, in order to fulfill the Internet of Things principles, Wireless Sensor Networks must have a virtual representation that allows indirect access to their resources, a model that should also include the virtualization of event sources in a WSN. Thus, in this paper a model for a virtual representation of event sources in a WSN is proposed. They are modeled as internet resources that are accessible by any internet application, following an Internet of Things approach. The model has been tested in a real implementation where a WSN has been deployed in an open neighborhood environment. Different event sources have been identified in the proposed scenario, and they have been represented following the proposed model.

Internet of things virtualization and identity management via fiware generic enablers

La iniciativa FIWARE ofrece un conjunto de APIs potentes que proporcionan la base para una innovación rápida y eficiente en el Internet del Futuro. Estas APIs son clave en el desarrollo de aplicaciones que usan tecnologías muy recientes e innovadoras, como el Internet de las cosas o la Gestión de Identidad en módulos de seguridad. Este documento presenta el desarrollo de una aplicación web de FIWARE usando componentes virtualizados en máquinas virtuales. La aplicación web está basada en “la fábrica de chocolate de Willy Wonka” como una implementación metafórica de una aplicación de seguridad e IoT en un entorno industrial. El componente principal es un servidor web en node.js que conecta con varios componentes de FIWARE, conocidos como “Generic Enablers”. La implementación está compuesta por dos módulos principales: el módulo de IoT y el módulo de seguridad. El módulo de IoT gestiona los sensores instalados por Willy Wonka en las salas de fábrica para monitorizar varios parámetros como, por ejemplo, la temperatura, la presión o la ocupación. El módulo de IoT crea y recibe información de contexto de los sensores virtuales. Esta información de contexto es gestionada y almacenada en un componente de FIWARE conocido como Context Broker. El Context Broker está basado en mecanismos de subscripciones que postean los datos de los sensores en la aplicación, en tiempo real y cuando estos cambian. La conexión con el cliente se produce mediante Web Sockets (socket.io). El módulo de seguridad gestiona las cuentas y la información de los usuarios, les autentica en la aplicación usando una cuenta de FIWARE y comprueba la autorización para acceder a distintos recursos. Distintos roles son creados con distintos permisos asignados. Por ejemplo, Willy Wonka puede tener acceso a todos los recursos, mientras que un Oompa Loopa encargado de la sala del chocolate solo deberías de tener acceso a los recursos de su sala. Este módulo está compuesto por tres componentes: el Gestor de Identidades, el PEP Proxy y el PDP AuthZForce. El gestor de identidades almacena las cuentas de FIWARE de los usuarios y permite la autenticación Single Sing On usando el protocolo OAuth2. Tras logearse, los usuarios autenticados reciben un token de autenticación que es usado después por el AuthZForce para comprobar el rol y permiso asociado del usuario. El PEP Proxy actúa como un servidor proxy que redirige las peticiones permitidas y bloquea las no autorizadas.

Virtualización de laboratorios

Para empezar, se ha hecho un análisis de las diferentes posibilidades que se podían implementar para poder conseguir el objetivo del trabajo. El resultado final debe ser, disponer de máquinas para que el sistema operativo fuese independiente del hardware que se tiene instalado en él . Para ello, se decide montar un sistema operativo de base en todos los equipos del laboratorio, que tenga las necesidades mínimas que se necesitan, las cuales son una interfaz gráfica y conexión de red. Hay que intentar reducir el consumo de recursos al máximo con este sistema operativo mínimo para que el rendimiento de las máquinas sea lo más fluido posible para los usuarios. El sistema elegido fue Linux con su distribución Ubuntu [ubu, http] con los módulos mínimos que permita funcionar el software necesario. Una vez se instala el sistema operativo anfitrión, se instala el escritorio Xfce [ubu2, http], que es el más ligero de Ubuntu, pero que proporciona buen rendimiento. Después, se procedió a instalar un software de virtualización en cada equipo. En este caso se decidió, por las buenas prestaciones que ofrecía, que fuera VirtualBox [vir2,http] de Oracle. Sobre éste software se crean tantas máquinas virtuales (con sistema operativo Windows) como asignaturas diferentes se cursan en el laboratorio donde se trabaje. Con esto, se consigue que al arrancar el programa los alumnos pudieran escoger qué máquina arrancar y lo que es más importante, se permite realizar cualquier cambio en el hardware (exceptuando el disco duro porque borraría todo lo que se tuviera guardado). Además de no tener que volver a reinstalar el sistema operativo nuevamente, se consigue la abstracción del software y hardware. También se decide que, para tener un respaldo de las máquinas virtuales que se tengan creadas en VirtualBox, se utiliza un servidor NAS. Uno de los motivos de utilizar dicho servidor fue por aprovechar una infraestructura ya creada. Un servidor NAS da la posibilidad de recuperar cualquier archivo (máquina virtual) cuando haga falta porque haya alguna máquina virtual corrupta en algún equipo, o en varios. Este tipo de servidor tiene la gran ventaja de ser multicast, es decir, permite solicitudes simultáneas. ABSTRACT For starters, there has been an analysis of the different possibilities that could be implemented to achieve the objective of the work. This objective was to have machines for the operating system to be independent of the hardware we have installed on it. Therefore, we decided to create an operating system based on all computers in the laboratory, taking the minimum needs we need. This is a graphical interface and network connection. We must try to reduce the consumption of resources to the maximum for the performance of the machines is as fluid as possible for users. The system was chosen with its Ubuntu Linux distribution with minimum modules that allow us to run software that is necessary for us. Once the base is installed, we install the Xfce desktop, which is the lightest of Ubuntu, but which provided good performance. Then we proceeded to install a virtualization software on each computer. In this case we decided, for good performance that gave us, it was Oracle VirtualBox. About this software create many virtual machines (Windows operating system) as different subjects are studied in the laboratory where we are. With that, we got it at program startup students could choose which machine start and what is more important, allowed us to make any changes to the hardware (except the hard drive because it would erase all we have). Besides not having to reinstall the operating system again, we get the software and hardware abstraction. We also decided that in order to have a backup of our virtual machines that we created in VirtualBox, we use a NAS server. One reason to use that server was to leverage their existing network infrastructure. A NAS server gives us the ability to retrieve any file (image) when we do need because there is some corrupt virtual machine in a team, or several. This is possible because this type of server allows multicast connection.

Plataformas de ejercicios de ciberseguridad

El objetivo principal de este proyecto es estudiar, desde un punto de vista práctico, las posibilidades que ofrece la plataforma de ejercicios de ciberseguridad propuesta por la Universidad de Rhode Island en Estado Unidos, denominada Open Cyber Challenge Platform (OCCP); para ello primero nos ubicaremos dentro del campo de la ciberseguridad, estudiando porqué este área está tomando tanta relevancia, observando datos de estudios reales realizados por instituciones de prestigio, al mismo tiempo estudiaremos la tendencia actual y futura de los ciberataques. Seguidamente, analizaremos el estado del arte de la enseñanza en ciberseguridad y como se está enfocando por parte de las universidades y empresas más importantes en el sector. En esta parte del sector se está imponiendo una novedosa forma para desarrollar el aprendizaje tanto práctico como teórico basada en simular situaciones reales mediante escenarios virtuales. Una vez vistas otras opciones, nos centraremos en OCCP, podremos estudiar el estado de desarrollo de esta plataforma, la situación actual y las principales características. Además detallaremos el primer escenario propuesto por ellos mismos, estudiando los principales componentes, la topología de la red virtual de la empresa virtualizada, los principales ficheros de configuración, e incluso la montaremos y ejecutaremos y podremos observar como el equipo rojo ataca el servidor web de la empresa que lo tiene que proteger el equipo azul y consigue que la web deje de funcionar. También incluiremos una guía de instalación del escenario para que el lector pueda probar con su propio ordenador las posibilidades de esta plataforma. VirtualBox es un programa gratuito de virtualización perteneciente a la empresa Oracle. Más adelante estudiaremos este programa centrándonos en el servicio web ofrecido por VirtualBox ya que es utilizado por la plataforma Open Cyber Challenge Platform como virtualizador o hipervisor. Podremos ver como suelen funcionar los servicios web de este tipo en general y después nos centraremos principalmente en el archivo descriptivo de las interfaces que ofrece esta plataforma. Finalmente, resumiremos los resultados y conclusiones proponiendo un trabajo futuro ya que como hemos dicho esta plataforma está en estado de desarrollo y seguramente al final de la lectura del proyecto incluso el lector se haya podido percatar del potencial tan elevado que tiene una plataforma de este estilo. ABSTRACT. The main objective of this project is to study, from a practical standpoint the possibilities offered by the cybersecurity exercises platform proposed by the University of Rhode Island in United States, called Cyber Challenge Open Platform (OCCP); therefore we will place first in the field of cybersecurity, studying why this area is taking so much relevance, watching real data studies by prestigious institutions and the current and future trend of cyber-attacks. Then, we will discuss the state of the art of teaching cybersecurity and how universities and major companies in the sector are focusing to reach the aims among students or workers. In this part of the sector it is increasing the popularity of a new way to develop both practical and theoretical learning based on simulating real situations through virtual scenarios. Once seen other options, we will focus on OCCP, we can study the state of development of this platform, the current situation and main characteristics. In addition we will detail the first proposed scenario by the very own university, studying the main components, the topology of the virtual network virtualized enterprise, the main configuration files, and even we would mount and execute it. We will see how the red team attacks the web server of the company and get it thrown out. At the same time the blue team will have to protect it. We will also include an installation guide of the scenario so that the reader can test in their own computer the possibilities of this tool. VirtualBox is a free virtualization program belonging to the Oracle enterprise. Later on we will study this program focusing on the web service provided by VirtualBox because it is used by the Open Cyber Challenge Platform like hypervisor. We will see how this kind of web services work and then we will focus mainly on the descriptive file of the interfaces provided by this tool. Finally we summarize the results and conclusions proposing a future work since as we have said this platform is in the development stage and certainly at the end of reading the project even the reader may have realized of such high potential as would have a tool of this kind.