A Survey of Security in Software Defined Networks

The proposition of increased innovation in network applications and reduced cost for network operators has won over the networking world to the vision of Software-Defined Networking (SDN). With the excitement of holistic visibility across the network and the ability to program network devices, developers have rushed to present a range of new SDN-compliant hardware, software and services. However, amidst this frenzy of activity, one key element has only recently entered the debate: Network Security. In this article, security in SDN is surveyed presenting both the research community and industry advances in this area. The challenges to securing the network from the persistent attacker are discussed and the holistic approach to the security architecture that is required for SDN is described. Future research directions that will be key to providing network security in SDN are identified.

The WEU::A Europe of the Seven, 1954-1969

The history of the Western European Union after 1954–1955 is still a terra incognita. This article examines the function of the Western European Union in the Euro-Atlantic security architecture of the Cold War up to the 1960s. The paper studies the prime shifts of the tectonic plates forming the Western partial system of the bipolar Cold War system – and their systemic repercussions. The relationship between the Western umbrella organisation, NATO, and its European subsystem is analysed in four case studies: (1) the Arms Pool Negotiations of 1955; (2) Selwyn Lloyd's Grand Design of 1956–1957; (3) the wider Political European Union agenda of 1960–1962 and (4) the Western European Union nuclear force project of 1963.

Low-cost digital signature architecture suitable for radio frequency identification tags

Continuing achievements in hardware technology are bringing ubiquitous computing closer to reality. The notion of a connected, interactive and autonomous environment is common to all sensor networks, biosystems and radio frequency identification (RFID) devices, and the emergence of significant deployments and sophisticated applications can be expected. However, as more information is collected and transmitted, security issues will become vital for such a fully connected environment. In this study the authors consider adding security features to low-cost devices such as RFID tags. In particular, the authors consider the implementation of a digital signature architecture that can be used for device authentication, to prevent tag cloning, and for data authentication to prevent transmission forgery. The scheme is built around the signature variant of the cryptoGPS identification scheme and the SHA-1 hash function. When implemented on 130 nm CMOS the full design uses 7494 gates and consumes 4.72 mu W of power, making it smaller and more power efficient than previous low-cost digital signature designs. The study also presents a low-cost SHA-1 hardware architecture which is the smallest standardised hash function design to date.

Dynamic global security-aware synthesis using System-C

A dynamic global security-aware synthesis flow using the SystemC language is presented. SystemC security models are first specified at the system or behavioural level using a library of SystemC behavioural descriptions which provide for the reuse and extension of security modules. At the core of the system is incorporated a global security-aware scheduling algorithm which allows for scheduling to a mixture of components of varying security level. The output from the scheduler is translated into annotated nets which are subsequently passed to allocation, optimisation and mapping tools for mapping into circuits. The synthesised circuits incorporate asynchronous secure power-balanced and fault-protected components. Results show that the approach offers robust implementations and efficient security/area trade-offs leading to significant improvements in turnover.

The Disrupted Space: Safety and Security in traditional contexts

One of the core elements of successful planning is the individuals’ experience of their shared open spaces. This paper attributes to the relationship between safety and urban design by means of natural surveillance and security in the city’s shared spaces. It examines how political claims over space reassembled alternative definitions of security in one of Cairo’s oldest quarters, and how ambitious planning schemes were mostly driven by problems of insecurity, chaos and disorder. The main crux to this account is based on original documents, interviews and maps which reveals considerable insights and accounts of how this vision affected the quarter’s spatial quality and the user’s reactions to his new spatial formula. It also reveals conflicting conceptions of safety and security between the planning ambitions and the users experiences, which not only lacked reliable visions for securing the quarter, but also resulted further disruption to their everyday living spaces.

Effective network security monitoring: from attribution to target-centric monitoring

Network security monitoring remains a challenge. As global networks scale up, in terms of traffic, volume and speed, effective attribution of cyber attacks is increasingly difficult. The problem is compounded by a combination of other factors, including the architecture of the Internet, multi-stage attacks and increasing volumes of nonproductive traffic. This paper proposes to shift the focus of security monitoring from the source to the target. Simply put, resources devoted to detection and attribution should be redeployed to efficiently monitor for targeting and prevention of attacks. The effort of detection should aim to determine whether a node is under attack, and if so, effectively prevent the attack. This paper contributes by systematically reviewing the structural, operational and legal reasons underlying this argument, and presents empirical evidence to support a shift away from attribution to favour of a target-centric monitoring approach. A carefully deployed set of experiments are presented and a detailed analysis of the results is achieved.

GeneGrid: Architecture, Implementation and Application

The emergence of Grid computing technology has opened up an unprecedented opportunity for biologists to share and access data, resources and tools in an integrated environment leading to a greater chance of knowledge discovery. GeneGrid is a Grid computing framework that seamlessly integrates a myriad of heterogeneous resources spanning multiple administrative domains and locations. It provides scientists an integrated environment for the streamlined access of a number of bioinformatics programs and databases through a simple and intuitive interface. It acts as a virtual bioinformatics laboratory by allowing scientists to create, execute and manage workflows that represent bioinformatics experiments. A number of cooperating Grid services interact in an orchestrated manner to provide this functionality. This paper gives insight into the details of the architecture, components and implementation of GeneGrid.