859 resultados para distributed denial-of-service attacks
Resumo:
Kybersodankäynnin merkitys on kasvanut viime vuosina merkittävästi, ja yhtenä kyberso-dankäynnin välineenä voidaan käyttää palvelunestohyökkäyksiä. Tässä tutkimuksessa selvi-tän millä menetelmillä palvelunestohyökkäyksiltä voidaan suojautua ja miten niitä voidaan torjua. Tutkimuksen pääkysymyksenä on: Millä menetelmillä voidaan suojautua palvelunes-tohyökkäyksien vaikutukselta? ja alakysymyksiä ovat: Mikä on palvelunestohyökkäys ja mi-ten se toimii? Mitä erilaisia palvelunestohyökkäyksiä on olemassa? Miten eri palvelunesto-hyökkäykset vaikuttavat? Miten palvelunestohyökkäys havaitaan? Tutkielman lähteinä on käytetty pääasiassa aihealuetta käsitteleviä ja sitä sivuuttavia tutkimuksia. Palvelunestohyökkäyksellä (Denial of Service, DoS) tarkoitetaan Internet-palveluun tai muu-hun tietotekniseen palveluun oikeutettujen käyttäjien palvelun käyttämisen estämistä tai huomattavaa hidastamista kuormittamalla joko tietoliikennettä tai itse kohdejärjestelmää. Palvelunestohyökkäykset ovat keskeytyshyökkäyksiä, joilla toisin kuin muilla kyberhyökkä-yksillä ei yleensä pyritä varastamaan tietoa tai asentamaan haittaohjelmia, vaan pelkästään es-tämään palvelun tai järjestelmän käyttö siihen oikeutetuilta käyttäjiltä. Tutkielman tuloksista selviää, että palvelunestohyökkäyksiä vastaan taisteleminen voidaan jakaa kolmeen osaan: hyökkäysten estämiseen, niiden havaitsemiseen sekä hyökkäyksen tor-jumiseen. Tärkeintä palvelunestohyökkäysten välttämisessä on niiden ennaltaehkäisy. Hyväk-si havaittu yleinen tapa ennaltaehkäistä hyökkäyksiä ja parantaa tietoturvallisuutta on pitää tietoverkko yksinkertaisena, hyvin organisoituna ja hyvin ylläpidettynä sekä päivitettynä. Jo-kaiseen eri palvelunestohyökkäystyyppiin löytyy kyllä suojautumis- ja torjuntakeinot, mutta niiden tehokkuutta hyökkäyksen pysähtymiselle ei voida taata. Vaikeimpia palvelunesto-hyökkäyksiä suojautumisen ja torjumisen suhteen ovat hajautetut palvelunestohyökkäykset, koska niitä ei voida suodattaa IP-osoitteen perusteella.
Resumo:
Pós-graduação em Ciência da Computação - IBILCE
Resumo:
Backbone networks are responsible for long-haul data transport serving many clients with a large volume of data. Since long-haul data transport service must rely on a robust high capacity network the current technology broadly adopted by the industry is Wavelength Division Multiplexing (WDM). WDM networks enable one single ber to operate with multiple high capacity channels, drastically increasing the ber capacity. In WDM networks each channel is associated with an individual wavelength. Therefore a whole wavelength capacity is assigned to a connection, causing waste of bandwidth in case the connection bandwidth requirement is less than the channel total capacity. In the last half decade, Elastic Optical Networks (EON) have been proposed and developed based on the fexible use of the optical spectrum known as the exigrid. EONs are adaptable to clients requirements and may enhance optical networks performance. For these reasons, research community and data transport providers have been demonstrating increasingly high interest in EONs which are likely to replace WDM as the universally adopted technology in backbone networks in the near future. EONs have two characteristics that may limit its ecient resources use. The spectrum fragmentation, inherent to the dynamic EON operation, decrease the network capacity to assign resources to connection requests increasing network blocking probability. The spectrum fragmentation also intensifides the denial of service to higher rate request inducing service unfairness. Due to the fact EONs were just recently developed and proposed, the aforementioned issues were not yet extensively studied and solutions are still being proposed. Furthermore, EONs do not yet provide specific features as differentiated service mechanisms. Differentiated service strategies are important in backbone networks to guarantee client\'s diverse requirements in case of a network failure or the natural congestion and resources contention that may occur at some periods of time in a network. Impelled by the foregoing facts, this thesis objective is three-fold. By means of developing and proposing a mechanism for routing and resources assignment in EONs, we intend to provide differentiated service while decreasing fragmentation level and increasing service fairness. The mechanism proposed and explained in this thesis was tested in a EON simulation environment and performance results indicated that it promotes beneficial performance enhancements when compared to benchmark algorithms.
Resumo:
Advancements in cloud computing have enabled the proliferation of distributed applications, which require management and control of multiple services. However, without an efficient mechanism for scaling services in response to changing workload conditions, such as number of connected users, application performance might suffer, leading to violations of Service Level Agreements (SLA) and possible inefficient use of hardware resources. Combining dynamic application requirements with the increased use of virtualised computing resources creates a challenging resource Management context for application and cloud-infrastructure owners. In such complex environments, business entities use SLAs as a means for specifying quantitative and qualitative requirements of services. There are several challenges in running distributed enterprise applications in cloud environments, ranging from the instantiation of service VMs in the correct order using an adequate quantity of computing resources, to adapting the number of running services in response to varying external loads, such as number of users. The application owner is interested in finding the optimum amount of computing and network resources to use for ensuring that the performance requirements of all her/his applications are met. She/he is also interested in appropriately scaling the distributed services so that application performance guarantees are maintained even under dynamic workload conditions. Similarly, the infrastructure Providers are interested in optimally provisioning the virtual resources onto the available physical infrastructure so that her/his operational costs are minimized, while maximizing the performance of tenants’ applications. Motivated by the complexities associated with the management and scaling of distributed applications, while satisfying multiple objectives (related to both consumers and providers of cloud resources), this thesis proposes a cloud resource management platform able to dynamically provision and coordinate the various lifecycle actions on both virtual and physical cloud resources using semantically enriched SLAs. The system focuses on dynamic sizing (scaling) of virtual infrastructures composed of virtual machines (VM) bounded application services. We describe several algorithms for adapting the number of VMs allocated to the distributed application in response to changing workload conditions, based on SLA-defined performance guarantees. We also present a framework for dynamic composition of scaling rules for distributed service, which used benchmark-generated application Monitoring traces. We show how these scaling rules can be combined and included into semantic SLAs for controlling allocation of services. We also provide a detailed description of the multi-objective infrastructure resource allocation problem and various approaches to satisfying this problem. We present a resource management system based on a genetic algorithm, which performs allocation of virtual resources, while considering the optimization of multiple criteria. We prove that our approach significantly outperforms reactive VM-scaling algorithms as well as heuristic-based VM-allocation approaches.
Resumo:
Internet of Things (IoT) technologies are developing rapidly, and therefore there exist several standards of interconnection protocols and platforms. The existence of heterogeneous protocols and platforms has become a critical challenge for IoT system developers. To mitigate this challenge, few alliances and organizations have taken the initiative to build a framework that helps to integrate application silos. Some of these frameworks focus only on a specific domain like home automation. However, the resource constraints in the large proportion of connected devices make it difficult to build an interoperable system using such frameworks. Therefore, a general purpose, lightweight interoperability framework that can be used for a range of devices is required. To tackle the heterogeneous nature, this work introduces an embedded, distributed and lightweight service bus, Lightweight IoT Service bus Architecture (LISA), which fits inside the network stack of a small real-time operating system for constrained nodes. LISA provides a uniform application programming interface for an IoT system on a range of devices with variable resource constraints. It hides platform and protocol variations underneath it, thus facilitating interoperability in IoT implementations. LISA is inspired by the Network on Terminal Architecture, a service centric open architecture by Nokia Research Center. Unlike many other interoperability frameworks, LISA is designed specifically for resource constrained nodes and it provides essential features of a service bus for easy service oriented architecture implementation. The presented architecture utilizes an intermediate computing layer, a Fog layer, between the small nodes and the cloud, thereby facilitating the federation of constrained nodes into subnetworks. As a result of a modular and distributed design, the part of LISA running in the Fog layer handles the heavy lifting to assist the lightweight portion of LISA inside the resource constrained nodes. Furthermore, LISA introduces a new networking paradigm, Node Centric Networking, to route messages across protocol boundaries to facilitate interoperability. This thesis presents a concept implementation of the architecture and creates a foundation for future extension towards a comprehensive interoperability framework for IoT.
Resumo:
Sharing of information with those in need of it has always been an idealistic goal of networked environments. With the proliferation of computer networks, information is so widely distributed among systems, that it is imperative to have well-organized schemes for retrieval and also discovery. This thesis attempts to investigate the problems associated with such schemes and suggests a software architecture, which is aimed towards achieving a meaningful discovery. Usage of information elements as a modelling base for efficient information discovery in distributed systems is demonstrated with the aid of a novel conceptual entity called infotron.The investigations are focused on distributed systems and their associated problems. The study was directed towards identifying suitable software architecture and incorporating the same in an environment where information growth is phenomenal and a proper mechanism for carrying out information discovery becomes feasible. An empirical study undertaken with the aid of an election database of constituencies distributed geographically, provided the insights required. This is manifested in the Election Counting and Reporting Software (ECRS) System. ECRS system is a software system, which is essentially distributed in nature designed to prepare reports to district administrators about the election counting process and to generate other miscellaneous statutory reports.Most of the distributed systems of the nature of ECRS normally will possess a "fragile architecture" which would make them amenable to collapse, with the occurrence of minor faults. This is resolved with the help of the penta-tier architecture proposed, that contained five different technologies at different tiers of the architecture.The results of experiment conducted and its analysis show that such an architecture would help to maintain different components of the software intact in an impermeable manner from any internal or external faults. The architecture thus evolved needed a mechanism to support information processing and discovery. This necessitated the introduction of the noveI concept of infotrons. Further, when a computing machine has to perform any meaningful extraction of information, it is guided by what is termed an infotron dictionary.The other empirical study was to find out which of the two prominent markup languages namely HTML and XML, is best suited for the incorporation of infotrons. A comparative study of 200 documents in HTML and XML was undertaken. The result was in favor ofXML.The concept of infotron and that of infotron dictionary, which were developed, was applied to implement an Information Discovery System (IDS). IDS is essentially, a system, that starts with the infotron(s) supplied as clue(s), and results in brewing the information required to satisfy the need of the information discoverer by utilizing the documents available at its disposal (as information space). The various components of the system and their interaction follows the penta-tier architectural model and therefore can be considered fault-tolerant. IDS is generic in nature and therefore the characteristics and the specifications were drawn up accordingly. Many subsystems interacted with multiple infotron dictionaries that were maintained in the system.In order to demonstrate the working of the IDS and to discover the information without modification of a typical Library Information System (LIS), an Information Discovery in Library Information System (lDLIS) application was developed. IDLIS is essentially a wrapper for the LIS, which maintains all the databases of the library. The purpose was to demonstrate that the functionality of a legacy system could be enhanced with the augmentation of IDS leading to information discovery service. IDLIS demonstrates IDS in action. IDLIS proves that any legacy system could be augmented with IDS effectively to provide the additional functionality of information discovery service.Possible applications of IDS and scope for further research in the field are covered.
Resumo:
Web services from different partners can be combined to applications that realize a more complex business goal. Such applications built as Web service compositions define how interactions between Web services take place in order to implement the business logic. Web service compositions not only have to provide the desired functionality but also have to comply with certain Quality of Service (QoS) levels. Maximizing the users' satisfaction, also reflected as Quality of Experience (QoE), is a primary goal to be achieved in a Service-Oriented Architecture (SOA). Unfortunately, in a dynamic environment like SOA unforeseen situations might appear like services not being available or not responding in the desired time frame. In such situations, appropriate actions need to be triggered in order to avoid the violation of QoS and QoE constraints. In this thesis, proper solutions are developed to manage Web services and Web service compositions with regard to QoS and QoE requirements. The Business Process Rules Language (BPRules) was developed to manage Web service compositions when undesired QoS or QoE values are detected. BPRules provides a rich set of management actions that may be triggered for controlling the service composition and for improving its quality behavior. Regarding the quality properties, BPRules allows to distinguish between the QoS values as they are promised by the service providers, QoE values that were assigned by end-users, the monitored QoS as measured by our BPR framework, and the predicted QoS and QoE values. BPRules facilitates the specification of certain user groups characterized by different context properties and allows triggering a personalized, context-aware service selection tailored for the specified user groups. In a service market where a multitude of services with the same functionality and different quality values are available, the right services need to be selected for realizing the service composition. We developed new and efficient heuristic algorithms that are applied to choose high quality services for the composition. BPRules offers the possibility to integrate multiple service selection algorithms. The selection algorithms are applicable also for non-linear objective functions and constraints. The BPR framework includes new approaches for context-aware service selection and quality property predictions. We consider the location information of users and services as context dimension for the prediction of response time and throughput. The BPR framework combines all new features and contributions to a comprehensive management solution. Furthermore, it facilitates flexible monitoring of QoS properties without having to modify the description of the service composition. We show how the different modules of the BPR framework work together in order to execute the management rules. We evaluate how our selection algorithms outperform a genetic algorithm from related research. The evaluation reveals how context data can be used for a personalized prediction of response time and throughput.
Resumo:
Cloud Computing has evolved to become an enabler for delivering access to large scale distributed applications running on managed network-connected computing systems. This makes possible hosting Distributed Enterprise Information Systems (dEISs) in cloud environments, while enforcing strict performance and quality of service requirements, defined using Service Level Agreements (SLAs). {SLAs} define the performance boundaries of distributed applications, and are enforced by a cloud management system (CMS) dynamically allocating the available computing resources to the cloud services. We present two novel VM-scaling algorithms focused on dEIS systems, which optimally detect most appropriate scaling conditions using performance-models of distributed applications derived from constant-workload benchmarks, together with SLA-specified performance constraints. We simulate the VM-scaling algorithms in a cloud simulator and compare against trace-based performance models of dEISs. We compare a total of three SLA-based VM-scaling algorithms (one using prediction mechanisms) based on a real-world application scenario involving a large variable number of users. Our results show that it is beneficial to use autoregressive predictive SLA-driven scaling algorithms in cloud management systems for guaranteeing performance invariants of distributed cloud applications, as opposed to using only reactive SLA-based VM-scaling algorithms.
Resumo:
Access control (AC) is a necessary defense against a large variety of security attacks on the resources of distributed enterprise applications. However, to be effective, AC in some application domains has to be fine-grain, support the use of application-specific factors in authorization decisions, as well as consistently and reliably enforce organization-wide authorization policies across enterprise applications. Because the existing middleware technologies do not provide a complete solution, application developers resort to embedding AC functionality in application systems. This coupling of AC functionality with application logic causes significant problems including tremendously difficult, costly and error prone development, integration, and overall ownership of application software. The way AC for application systems is engineered needs to be changed. ^ In this dissertation, we propose an architectural approach for engineering AC mechanisms to address the above problems. First, we develop a framework for implementing the role-based access control (RBAC) model using AC mechanisms provided by CORBA Security. For those application domains where the granularity of CORBA controls and the expressiveness of RBAC model suffice, our framework addresses the stated problem. ^ In the second and main part of our approach, we propose an architecture for an authorization service, RAD, to address the problem of controlling access to distributed application resources, when the granularity and support for complex policies by middleware AC mechanisms are inadequate. Applying this architecture, we developed a CORBA-based application authorization service (CAAS). Using CAAS, we studied the main properties of the architecture and showed how they can be substantiated by employing CORBA and Java technologies. Our approach enables a wide-ranging solution for controlling the resources of distributed enterprise applications. ^
Resumo:
The research presented in this dissertation is comprised of several parts which jointly attain the goal of Semantic Distributed Database Management with Applications to Internet Dissemination of Environmental Data. ^ Part of the research into more effective and efficient data management has been pursued through enhancements to the Semantic Binary Object-Oriented database (Sem-ODB) such as more effective load balancing techniques for the database engine, and the use of Sem-ODB as a tool for integrating structured and unstructured heterogeneous data sources. Another part of the research in data management has pursued methods for optimizing queries in distributed databases through the intelligent use of network bandwidth; this has applications in networks that provide varying levels of Quality of Service or throughput. ^ The application of the Semantic Binary database model as a tool for relational database modeling has also been pursued. This has resulted in database applications that are used by researchers at the Everglades National Park to store environmental data and to remotely-sensed imagery. ^ The areas of research described above have contributed to the creation TerraFly, which provides for the dissemination of geospatial data via the Internet. TerraFly research presented herein ranges from the development of TerraFly's back-end database and interfaces, through the features that are presented to the public (such as the ability to provide autopilot scripts and on-demand data about a point), to applications of TerraFly in the areas of hazard mitigation, recreation, and aviation. ^
Resumo:
Access control (AC) is a necessary defense against a large variety of security attacks on the resources of distributed enterprise applications. However, to be effective, AC in some application domains has to be fine-grain, support the use of application-specific factors in authorization decisions, as well as consistently and reliably enforce organization-wide authorization policies across enterprise applications. Because the existing middleware technologies do not provide a complete solution, application developers resort to embedding AC functionality in application systems. This coupling of AC functionality with application logic causes significant problems including tremendously difficult, costly and error prone development, integration, and overall ownership of application software. The way AC for application systems is engineered needs to be changed. In this dissertation, we propose an architectural approach for engineering AC mechanisms to address the above problems. First, we develop a framework for implementing the role-based access control (RBAC) model using AC mechanisms provided by CORBA Security. For those application domains where the granularity of CORBA controls and the expressiveness of RBAC model suffice, our framework addresses the stated problem. In the second and main part of our approach, we propose an architecture for an authorization service, RAD, to address the problem of controlling access to distributed application resources, when the granularity and support for complex policies by middleware AC mechanisms are inadequate. Applying this architecture, we developed a CORBA-based application authorization service (CAAS). Using CAAS, we studied the main properties of the architecture and showed how they can be substantiated by employing CORBA and Java technologies. Our approach enables a wide-ranging solution for controlling the resources of distributed enterprise applications.
Resumo:
Over the last decade, there has been a trend where water utility companies aim to make water distribution networks more intelligent in order to improve their quality of service, reduce water waste, minimize maintenance costs etc., by incorporating IoT technologies. Current state of the art solutions use expensive power hungry deployments to monitor and transmit water network states periodically in order to detect anomalous behaviors such as water leakage and bursts. However, more than 97% of water network assets are remote away from power and are often in geographically remote underpopulated areas, facts that make current approaches unsuitable for next generation more dynamic adaptive water networks. Battery-driven wireless sensor/actuator based solutions are theoretically the perfect choice to support next generation water distribution. In this paper, we present an end-to-end water leak localization system, which exploits edge processing and enables the use of battery-driven sensor nodes. Our system combines a lightweight edge anomaly detection algorithm based on compression rates and an efficient localization algorithm based on graph theory. The edge anomaly detection and localization elements of the systems produce a timely and accurate localization result and reduce the communication by 99% compared to the traditional periodic communication. We evaluated our schemes by deploying non-intrusive sensors measuring vibrational data on a real-world water test rig that have had controlled leakage and burst scenarios implemented.
Resumo:
This article analyzed whether the practices of hearing health care were consistent with the principles of universality, comprehensiveness and equity from the standpoint of professionals. It involved qualitative research conducted at a Medium Complexity Hearing Health Care Center. A social worker, three speech therapists, a physician and a psychologist constituted the study subjects. Interviews were conducted as well as observation registered in a field diary. The thematic analysis technique was used in the analysis of the material. The analysis of interviews resulted in the construction of the following themes: Universality and access to hearing health, Comprehensive Hearing Health Care and Hearing Health and Equity. The study identified issues that interfere with the quality of service and run counter to the principles of Brazilian Unified Health System. The conclusion reached was that a relatively simple investment in training and professional qualification can bring about significant changes in order to promote a more universal, comprehensive and equitable health service.
Resumo:
Objective: To examine the extent to which suicidal ideation and suicide attempts are predictive of service use. Design and setting: The National Survey of Mental Health and Wellbeing considered service utilisation in relation to self-reported mental health problems. Service utilisation was inquired of in relation to hospital-based care (including both specialist mental health and general care settings), as well as consultations with a range of health professionals (both specialist and non-specialist mental health professionals, including psychiatrists, psychologists and general practitioners) on an outpatient basis. Participants: Secondary analysis of self-report data from 10 641 randomly selected Australian adults who participated in the National Survey of Mental Health and Wellbeing in 1997. The key predictor variables were reported suicidal ideation and suicide attempts over the past 12 months. Main outcome measures: Use of services for mental health problems (past 12 months). Results: When considered in isolation, individuals reporting suicidal ideation were more likely to make use of at least one type of service for mental health problems than non-suicidal individuals (OR, 17.3; 95% Cl, 13.2-22.6), and individuals reporting suicide attempts were even more likely to do so (OR, 32.3; 95% CI, 9.0-115.4). In the case of suicidal ideation, this effect remained significant after controlling for a range of potential confounders. For suicide attempts, the effect of mental health service use was no longer significant after other variables were taken into account. Conclusions: Suicidal individuals are likely to make use of services, and a high proportion of suicides may be preventable through appropriate healthcare system responses.
Resumo:
Background, Rural experience for dental students can provide valuable clinical education, change attitudes to rural practice, and make a valuable contribution to clinical service provision. The aim of this paper is to assess the costs and benefits of service delivery by students through rural training programmes Methods: Groups of two students worked in the public dental clinics in adjacent rural centres where there had been long-term difficulties in recruiting staff. The costs and benefits of the programme were assessed by the impact on waiting lists, the total cost per patient of, a course of care and by the marginal cost of adding service provision by students to existing arrangements. Results: The total costs of emergency and complete treatment provided by students were greater than the costs of treatment provided by public-sector dentists but less than the costs of private providers treating public patients. However, the value of services were greater when care was provided by students or private providers and the marginal cost of students providing services was 50-70 per cent of the cost of care provided by public dentists. Conclusion: This assessment suggests that the service benefits achieved compliment the primary objective of influencing the attitude of students to rural practice.
