Design and Development of Network Monitoring Strategies in P4-enabled Programmable Switches

Network monitoring is of paramount importance for effective network management: it allows to constantly observe the network’s behavior to ensure it is working as intended and can trigger both automated and manual remediation procedures in case of failures and anomalies. The concept of SDN decouples the control logic from legacy network infrastructure to perform centralized control on multiple switches in the network, and in this context, the responsibility of switches is only to forward packets according to the flow control instructions provided by controller. However, as current SDN switches only expose simple per-port and per-flow counters, the controller has to do almost all the processing to determine the network state, which causes significant communication overhead and excessive latency for monitoring purposes. The absence of programmability in the data plane of SDN prompted the advent of programmable switches, which allow developers to customize the data-plane pipeline and implement novel programs operating directly in the switches. This means that we can offload certain monitoring tasks to programmable data planes, to perform fine-grained monitoring even at very high packet processing speeds. Given the central importance of network monitoring exploiting programmable data planes, the goal of this thesis is to enable a wide range of monitoring tasks in programmable switches, with a specific focus on the ones equipped with programmable ASICs. Indeed, most network monitoring solutions available in literature do not take computational and memory constraints of programmable switches into due account, preventing, de facto, their successful implementation in commodity switches. This claims that network monitoring tasks can be executed in programmable switches. Our evaluations show that the contributions in this thesis could be used by network administrators as well as network security engineers, to better understand the network status depending on different monitoring metrics, and thus prevent network infrastructure and service outages.

Security enhancements and flaws of emerging communication technologies

The multi-faced evolution of network technologies ranges from big data centers to specialized network infrastructures and protocols for mission-critical operations. For instance, technologies such as Software Defined Networking (SDN) revolutionized the world of static configuration of the network - i.e., by removing the distributed and proprietary configuration of the switched networks - centralizing the control plane. While this disruptive approach is interesting from different points of view, it can introduce new unforeseen vulnerabilities classes. One topic of particular interest in the last years is industrial network security, an interest which started to rise in 2016 with the introduction of the Industry 4.0 (I4.0) movement. Networks that were basically isolated by design are now connected to the internet to collect, archive, and analyze data. While this approach got a lot of momentum due to the predictive maintenance capabilities, these network technologies can be exploited in various ways from a cybersecurity perspective. Some of these technologies lack security measures and can introduce new families of vulnerabilities. On the other side, these networks can be used to enable accurate monitoring, formal verification, or defenses that were not practical before. This thesis explores these two fields: by introducing monitoring, protections, and detection mechanisms where the new network technologies make it feasible; and by demonstrating attacks on practical scenarios related to emerging network infrastructures not protected sufficiently. The goal of this thesis is to highlight this lack of protection in terms of attacks on and possible defenses enabled by emerging technologies. We will pursue this goal by analyzing the aforementioned technologies and by presenting three years of contribution to this field. In conclusion, we will recapitulate the research questions and give answers to them.

Addressing challenges in heterogeneous embedded systems programming: security and performance

Embedded systems are increasingly integral to daily life, improving and facilitating the efficiency of modern Cyber-Physical Systems which provide access to sensor data, and actuators. As modern architectures become increasingly complex and heterogeneous, their optimization becomes a challenging task. Additionally, ensuring platform security is important to avoid harm to individuals and assets. This study primarily addresses challenges in contemporary Embedded Systems, focusing on platform optimization and security enforcement. The initial section of this study delves into the application of machine learning methods to efficiently determine the optimal number of cores for a parallel RISC-V cluster to minimize energy consumption using static source code analysis. Results demonstrate that automated platform configuration is not only viable but also that there is a moderate performance trade-off when relying solely on static features. The second part focuses on addressing the problem of heterogeneous device mapping, which involves assigning tasks to the most suitable computational device in a heterogeneous platform for optimal runtime. The contribution of this section lies in the introduction of novel pre-processing techniques, along with a training framework called Siamese Networks, that enhances the classification performance of DeepLLVM, an advanced approach for task mapping. Importantly, these proposed approaches are independent from the specific deep-learning model used. Finally, this research work focuses on addressing issues concerning the binary exploitation of software running in modern Embedded Systems. It proposes an architecture to implement Control-Flow Integrity in embedded platforms with a Root-of-Trust, aiming to enhance security guarantees with limited hardware modifications. The approach involves enhancing the architecture of a modern RISC-V platform for autonomous vehicles by implementing a side-channel communication mechanism that relays control-flow changes executed by the process running on the host core to the Root-of-Trust. This approach has limited impact on performance and it is effective in enhancing the security of embedded platforms.

Comparison between 5G private network and Wifi6 in industrial environment

Industry 4.0 refers to the 4th industrial revolution and at its bases, we can see the digitalization and the automation of the assembly line. The whole production process has improved and evolved thanks to the advances made in networking, and AI studies, which include of course machine learning, cloud computing, IoT, and other technologies that are finally being implemented into the industrial scenario. All these technologies have in common a need for faster, more secure, robust, and reliable communication. One of the many solutions for these demands is the use of mobile communication technologies in the industrial environment, but which technology is better suited for these demands? Of course, the answer isn’t as simple as it seems. The 4th industrial revolution has a never seen incomparable potential with respect to the previous ones, every factory, enterprise, or company have different network demands, and even in each of these infrastructures, the demands may diversify by sector, or by application. For example, in the health care industry, there may be e a need for increased bandwidth for the analysis of high-definition videos or, faster speeds in order to have analytics occur in real-time, and again another application might be higher security and reliability to protect patients’ data. As seen above, choosing the right technology for the right environment and application, considers many things, and the ones just stated are but a speck of dust with respect to the overall picture. In this thesis, we will investigate a comparison between the use of two of the available technologies in use for the industrial environment: Wi-Fi 6 and 5G Private Networks in the specific case of a steel factory.

On The Distinct Molecular Architectures Of Dipping- And Spray-lbl Films Containing Lipid Vesicles.

The introduction of spraying procedures to fabricate layer-by-layer (LbL) films has brought new possibilities for the control of molecular architectures and for making the LbL technique compliant with industrial processes. In this study we show that significantly distinct architectures are produced for dipping and spray-LbL films of the same components, which included DODAB/DPPG vesicles. The films differed notably in their thickness and stratified nature. The electrical response of the two types of films to aqueous solutions containing erythrosin was also different. With multidimensional projections we showed that the impedance for the DODAB/DPPG spray-LbL film is more sensitive to changes in concentration, being therefore more promising as sensing units. Furthermore, with surface-enhanced Raman scattering (SERS) we could ascribe the high sensitivity of the LbL films to adsorption of erythrosin.

Comparison between detailed model simulation and artificial neural network for forecasting building energy consumption

There are several ways to attempt to model a building and its heat gains from external sources as well as internal ones in order to evaluate a proper operation, audit retrofit actions, and forecast energy consumption. Different techniques, varying from simple regression to models that are based on physical principles, can be used for simulation. A frequent hypothesis for all these models is that the input variables should be based on realistic data when they are available, otherwise the evaluation of energy consumption might be highly under or over estimated. In this paper, a comparison is made between a simple model based on artificial neural network (ANN) and a model that is based on physical principles (EnergyPlus) as an auditing and predicting tool in order to forecast building energy consumption. The Administration Building of the University of Sao Paulo is used as a case study. The building energy consumption profiles are collected as well as the campus meteorological data. Results show that both models are suitable for energy consumption forecast. Additionally, a parametric analysis is carried out for the considered building on EnergyPlus in order to evaluate the influence of several parameters such as the building profile occupation and weather data on such forecasting. (C) 2008 Elsevier B.V. All rights reserved.

Development and evaluation of neural network freeway incident detection models using field data

This paper discusses a multi-layer feedforward (MLF) neural network incident detection model that was developed and evaluated using field data. In contrast to published neural network incident detection models which relied on simulated or limited field data for model development and testing, the model described in this paper was trained and tested on a real-world data set of 100 incidents. The model uses speed, flow and occupancy data measured at dual stations, averaged across all lanes and only from time interval t. The off-line performance of the model is reported under both incident and non-incident conditions. The incident detection performance of the model is reported based on a validation-test data set of 40 incidents that were independent of the 60 incidents used for training. The false alarm rates of the model are evaluated based on non-incident data that were collected from a freeway section which was video-taped for a period of 33 days. A comparative evaluation between the neural network model and the incident detection model in operation on Melbourne's freeways is also presented. The results of the comparative performance evaluation clearly demonstrate the substantial improvement in incident detection performance obtained by the neural network model. The paper also presents additional results that demonstrate how improvements in model performance can be achieved using variable decision thresholds. Finally, the model's fault-tolerance under conditions of corrupt or missing data is investigated and the impact of loop detector failure/malfunction on the performance of the trained model is evaluated and discussed. The results presented in this paper provide a comprehensive evaluation of the developed model and confirm that neural network models can provide fast and reliable incident detection on freeways. (C) 1997 Elsevier Science Ltd. All rights reserved.

Resources for security and stability? The politics of regional cooperation on the Mekong, 1957-2001

This article tells about the relationship between resource politics and security in international relations. Using the Mekong River Basin as its case study, the article examines the place of resource and development issues in attempts to develop regional institutions. The question of whether a resource development regime with apparently low productivity in terms of technical output, but high levels of resilience and longevity, should be considered a failure or not, is considered. This question is examined within the broader context of Southeast Asian politics during the First, Second, and Third Indochina conflicts as well as the post-cold war era. The article argues that survival and a capacity to change to meet the challenges of extreme broader events are clear evidence of regime success. From this standpoint, the article explores ways in which the Mekong resource regime is linked to more general concerns for political security and stability and may in fact reflect political concerns for subregional neighborhood maintenance.

Hybrid wired/wireless PROFIBUS architectures: performance study based on simulation models

The problem of providing a hybrid wired/wireless communications for factory automation systems is still an open issue, notwithstanding the fact that already there are some solutions. This paper describes the role of simulation tools on the validation and performance analysis of two wireless extensions for the PROFIBUS protocol. In one of them, the Intermediate Systems, which connect wired and wireless network segments, operate as repeaters. In the other one the Intermediate Systems operate as bridge. We also describe how the analytical analysis proposed for these kinds of networks can be used for the setting of some network parameters and for the guaranteeing real-time behaviour of the system. Additionally, we also compare the bridge-based solution simulation results with the analytical results.

Scale-free networks and scalable interdomain routing

Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia Informática

Maritime Security in the Gulf of Guinea: Issues and Solutions for the 21st Century

A producer of 5.4 M bbl/d, totalling almost half of the consumption of the entire European Union, the Gulf of Guinea is a fundamental lifeline and maritime link between Europe, the Americas and Africa. Geographically positioned as a staging post for transit originating in Latin America and coupled with its relatively porous borders, the region is also the perfect stepping stone for contraband heading to European shores. While blessed with an enviable wealth of marine and mineral resources, the region is also plagued by an ever-increasing spectre of maritime piracy; accounting for around 30% of incidents in African waters from 2003 to 2011. It is for these reasons that this research centres around the issues of maritime security in the Gulf of Guinea, with a particular focus on the first two decades of the 21st century. This research looks to examine the overall picture of the present state of play in the area, before going on to provide an analysis of potential regional developments in maritime security. This research begins with the analysis of concepts/phenomena that have played a notable role in the shaping of the field of maritime security, namely Globalisation and security issues in the post-Cold War era. The ensuing chapter then focuses in on the Gulf of Guinea and the issues dominating the field of maritime security in the region. The penultimate chapter presents a SWOT analysis, undertaken as part of this research with the aim of correlating opinions from a variety of sectors/professions regarding maritime security in the Gulf of Guinea. The final chapter builds upon the results obtained from the abovementioned SWOT analysis, presenting a series of potential proposals/strategies that can contribute to the field of maritime security in the region over the coming years. This research draws to a close with the presentation of conclusions taken from this particular investigation, as well as a final overview of the earlier presented proposals applicable to the field of maritime security during the second decade of the 21st century.

Modelling and verifying smell-free architectures with the Archery language

Architectural (bad) smells are design decisions found in software architectures that degrade the ability of systems to evolve. This paper presents an approach to verify that a software architecture is smellfree using the Archery architectural description language. The language provides a core for modelling software architectures and an extension for specifying constraints. The approach consists in precisely specifying architectural smells as constraints, and then verifying that software architectures do not satisfy any of them. The constraint language is based on a propositional modal logic with recursion that includes: a converse operator for relations among architectural concepts, graded modalities for describing the cardinality in such relations, and nominals referencing architectural elements. Four architectural smells illustrate the approach.

An investigation into system security requirements and implementation in an Application Service Provider (ASP) environment

Although the ASP model has been around for over a decade, it has not achieved the expected high level of market uptake. This research project examines the past and present state of ASP adoption and identifies security as a primary factor influencing the uptake of the model. The early chapters of this document examine the ASP model and ASP security in particular. Specifically, the literature and technology review chapter analyses ASP literature, security technologies and best practices with respect to system security in general. Based on this investigation, a prototype to illustrate the range and types of technologies that encompass a security framework was developed and is described in detail. The latter chapters of this document evaluate the practical implementation of system security in an ASP environment. Finally, this document outlines the research outputs, including the conclusions drawn and recommendations with respect to system security in an ASP environment. The primary research output is the recommendation that by following best practices with respect to security, an ASP application can provide the same level of security one would expect from any other n-tier client-server application. In addition, a security evaluation matrix, which could be used to evaluate not only the security of ASP applications but the security of any n-tier application, was developed by the author. This thesis shows that perceptions with regard to fears of inadequate security of ASP solutions and solution data are misguided. Finally, based on the research conducted, the author recommends that ASP solutions should be developed and deployed on tried, tested and trusted infrastructure. Existing Application Programming Interfaces (APIs) should be used where possible and security best practices should be adhered to where feasible.

Airline competition and network structure

This paper characterizes the equilibria in airline networks and their welfare implications in an unregulated environment. Competing airlines may adopt either fully-connected (FC) or hub-and-spoke (HS) network structures; and passengers exhibiting low brand loyalty to their preferred carrier choose an outside option to travel so that markets are partially served by airlines. In this context, carriers adopt hubbing strategies when costs are sufficiently low, and asymmetric equilibria where one carrier chooses a FC strategy and the other chooses a HS strategy may arise. Quite interestingly, flight frequency can become excessive under HS network configurations.

Technology, business models and network structure in the airline industry

Network airlines have been increasingly focusing their operations on hub airports through the exploitation of connecting traffic, allowing them to take advantage of economies of traffic density, which are unequivocal in the airline industry. Less attention has been devoted to airlines' decisions on point-to-point thin routes, which could be served using different aircraft technologies and different business models. This paper examines, both theoretically and empirically, the impact on airlines' networks of the two major innovations in the airline industry in the last two decades: the regional jet technology and the low-cost business model. We show that, under certain circumstances, direct services on point-to-point thin routes can be viable and thus airlines may be interested in deviating passengers out of the hub. Keywords: regional jet technology; low-cost business model; point-to-point network; hub-and-spoke network JEL Classi…fication Numbers: L13; L2; L93