Multi-purpose adaptable business tier components based on Call Level Interfaces

Call Level Interfaces (CLI) play a key role in business tiers of relational and on some NoSQL database applications whenever a fine tune control between application tiers and the host databases is a key requirement. Unfortunately, in spite of this significant advantage, CLI are low level API, this way not addressing high level architectural requirements. Among the examples we emphasize two situations: a) the need to decouple or not to decouple the development process of business tiers from the development process of application tiers and b) the need to automatically adapt business tiers to new business and/or security needs at runtime. To tackle these CLI drawbacks, and simultaneously keep their advantages, this paper proposes an architecture relying on CLI from which multi-purpose business tiers components are built, herein referred to as Adaptable Business Tier Components (ABTC). Beyond the reference architecture, this paper presents a proof of concept based on Java and Java Database Connectivity (an example of CLI).

On the implementation of a Laboratory of Digital Television according to the ISDB-Tb standard

Este artículo resume el proceso de implementación del Laboratorio de Televisión Digital (DTV) de la Universidad de Cuenca, que surge como un entorno confiable de experimentación e investigación que hace uso de las características asociadas al estándar ISDB-Tb adoptado por Ecuador en el año 2010 para la transmisión de señales de televisión abierta. El objetivo de este artículo es documentar los aspectos que se han considerado para simular un escenario real en el que un Transport Stream (TS) formado por contenido audiovisual y aplicaciones interactivas, primero se genera, para luego transmitirse a través del canal de comunicaciones, y finalmente ser recibido en una televisión con receptor ISDB-Tb. Así, se facilita el desarrollo y la experimentación de nuevos servicios aprovechando el nuevo formato de DTV.

Desenvolvimento de mediation e-health bus

Este relatório apresenta todo o trabalho desenvolvido na Portugal Telecom Inovação ao longo de 6 meses. Este projeto esteve inserido no produto Medigraf, o qual é uma plataforma de telemedicina, desenvolvida e comercializada pela Portugal Telecom Inovação, destinada a ser integrada em organizações de saúde. Um sistema de informação é um componente muito importante nas organizações de saúde. É através deste que toda a informação referente à organização é processada e comunicada. Para que um novo sistema, a ser incorporado na organização, seja capaz de atingir todas as suas potencialidades é necessário que haja uma integração e uma interoperabilidade total entre o novo sistema e o sistema de informação existente. Torna-se assim indispensável conseguir uma integração entre o Medigraf e o sistema de informação existente nas organizações de saúde. Para isso, é necessário apurar quais os requisitos necessários para haver uma integração e uma partilha de informação entre sistemas heterógenos, explicando o conceito de standards, interoperabilidade e terminologias. O estado da arte revelou que a integração entre sistemas heterogéneos em organizações de saúde é difícil de atingir. Das várias organizações existentes, destaquei a HL7 (Health Level Seven) pelos seus avanços nesta área e pelo desenvolvimento de duas versões de um standard de mediation de mensagens (HL7 v2.x e HL7 v3) com o objetivo de atingir uma interoperabilidade entre sistemas heterógenos. Com o estudo mais aprofundado do standard de mensagens HL7 v3, foi necessário adotar uma arquitetura/topologia de integração de forma a implementar o standard. Neste estudo, destaquei a família de soluções EAI (Enterprise Application Integration) como melhor solução. De modo a implementar o standard HL7 v3 com base na arquitetura escolhida, realizei um estudo sobre os softwares existentes. Desse estudo, resultou a escolha do Mirth Connect como melhor abordagem para implementação de uma interoperabilidade entre o Medigraf e um sistema de informação. Este software atua como um middleware de mediation na comunicação entre sistemas heterogéneos. Selecionei para implementação, dois casos de uso do standard, de modo a demonstrar a sua utilização. Nativamente, o Mirth Connect não suporta a validação das mensagens do standard HL7 v3, suportando apenas HL7 v2.x. O Mirth Connect, sendo um software Open Source, permitiu que eu pudesse desenvolver um método capaz de executar essa validação. O método foi publicado no fórum da Mirth Corporation, possibilitando a sua partilha. No final são tecidas algumas conclusões, referindo o trabalho futuro que pode ser desenvolvido.

Time-Reversal Massive Multipath Effect and Bandwidth Heterogeneity

The proliferation of new mobile communication devices, such as smartphones and tablets, has led to an exponential growth in network traffic. The demand for supporting the fast-growing consumer data rates urges the wireless service providers and researchers to seek a new efficient radio access technology, which is the so-called 5G technology, beyond what current 4G LTE can provide. On the other hand, ubiquitous RFID tags, sensors, actuators, mobile phones and etc. cut across many areas of modern-day living, which offers the ability to measure, infer and understand the environmental indicators. The proliferation of these devices creates the term of the Internet of Things (IoT). For the researchers and engineers in the field of wireless communication, the exploration of new effective techniques to support 5G communication and the IoT becomes an urgent task, which not only leads to fruitful research but also enhance the quality of our everyday life. Massive MIMO, which has shown the great potential in improving the achievable rate with a very large number of antennas, has become a popular candidate. However, the requirement of deploying a large number of antennas at the base station may not be feasible in indoor scenarios. Does there exist a good alternative that can achieve similar system performance to massive MIMO for indoor environment? In this dissertation, we address this question by proposing the time-reversal technique as a counterpart of massive MIMO in indoor scenario with the massive multipath effect. It is well known that radio signals will experience many multipaths due to the reflection from various scatters, especially in indoor environments. The traditional TR waveform is able to create a focusing effect at the intended receiver with very low transmitter complexity in a severe multipath channel. TR's focusing effect is in essence a spatial-temporal resonance effect that brings all the multipaths to arrive at a particular location at a specific moment. We show that by using time-reversal signal processing, with a sufficiently large bandwidth, one can harvest the massive multipaths naturally existing in a rich-scattering environment to form a large number of virtual antennas and achieve the desired massive multipath effect with a single antenna. Further, we explore the optimal bandwidth for TR system to achieve maximal spectral efficiency. Through evaluating the spectral efficiency, the optimal bandwidth for TR system is found determined by the system parameters, e.g., the number of users and backoff factor, instead of the waveform types. Moreover, we investigate the tradeoff between complexity and performance through establishing a generalized relationship between the system performance and waveform quantization in a practical communication system. It is shown that a 4-bit quantized waveforms can be used to achieve the similar bit-error-rate compared to the TR system with perfect precision waveforms. Besides 5G technology, Internet of Things (IoT) is another terminology that recently attracts more and more attention from both academia and industry. In the second part of this dissertation, the heterogeneity issue within the IoT is explored. One of the significant heterogeneity considering the massive amount of devices in the IoT is the device heterogeneity, i.e., the heterogeneous bandwidths and associated radio-frequency (RF) components. The traditional middleware techniques result in the fragmentation of the whole network, hampering the objects interoperability and slowing down the development of a unified reference model for the IoT. We propose a novel TR-based heterogeneous system, which can address the bandwidth heterogeneity and maintain the benefit of TR at the same time. The increase of complexity in the proposed system lies in the digital processing at the access point (AP), instead of at the devices' ends, which can be easily handled with more powerful digital signal processor (DSP). Meanwhile, the complexity of the terminal devices stays low and therefore satisfies the low-complexity and scalability requirement of the IoT. Since there is no middleware in the proposed scheme and the additional physical layer complexity concentrates on the AP side, the proposed heterogeneous TR system better satisfies the low-complexity and energy-efficiency requirement for the terminal devices (TDs) compared with the middleware approach.

Towards Distributed Model Transformations with LinTra

Performance and scalability of model transformations are becoming prominent topics in Model-Driven Engineering. In previous works we introduced LinTra, a platform for executing model transformations in parallel. LinTra is based on the Linda model of a coordination language and is intended to be used as a middleware where high-level model transformation languages are compiled. In this paper we present the initial results of our analyses on the scalability of out-place model-to-model transformation executions in LinTra when the models and the processing elements are distributed over a set of machines.

Interoperable Resource Brokering with Policy-based Provisioning and Job Allocation

The increasing needs for computational power in areas such as weather simulation, genomics or Internet applications have led to sharing of geographically distributed and heterogeneous resources from commercial data centers and scientific institutions. Research in the areas of utility, grid and cloud computing, together with improvements in network and hardware virtualization has resulted in methods to locate and use resources to rapidly provision virtual environments in a flexible manner, while lowering costs for consumers and providers. However, there is still a lack of methodologies to enable efficient and seamless sharing of resources among institutions. In this work, we concentrate in the problem of executing parallel scientific applications across distributed resources belonging to separate organizations. Our approach can be divided in three main points. First, we define and implement an interoperable grid protocol to distribute job workloads among partners with different middleware and execution resources. Second, we research and implement different policies for virtual resource provisioning and job-to-resource allocation, taking advantage of their cooperation to improve execution cost and performance. Third, we explore the consequences of on-demand provisioning and allocation in the problem of site-selection for the execution of parallel workloads, and propose new strategies to reduce job slowdown and overall cost.

Un framework per l'analisi di big data con elevata eterogeneità all'interno di multistore

I big data sono caratterizzati dalle ben note 4v: volume, velocità, veracità e varietà. Quest'ultima risulta di importanza critica nei sistemi schema-less, dove il concetto di schema non è rigido. In questo contesto rientrano i database NoSQL, i quali offrono modelli dati diversi dal classico modello dati relazionale, ovvero: documentale, wide-column, grafo e key-value. Si parla di multistore quando ci si riferisce all'uso di database con modelli dati diversi che vengono esposti con un'unica interfaccia di interrogazione, sia per sfruttare caratteristiche di un modello dati che per le maggiori performance dei database NoSQL in contesti distribuiti. Fare analisi sui dati all'interno di un multistore risulta molto più complesso: i dati devono essere integrati e va ripristinata la consistenza. A questo scopo nasce la necessità di approcci più soft, chiamati pay-as-you-go: l'integrazione è leggera e incrementale, aggira la complessità degli approcci di integrazione tradizionali e restituisce risposte best-effort o approssimative. Seguendo tale filosofia, nasce il concetto di dataspace come rappresentazione logica e di alto livello dei dataset disponibili. Obiettivo di questo lavoro tesi è studiare, progettare e realizzare una modalità di interrogazione delle sorgenti dati eterogenee in contesto multistore con l'intento di fare analisi situazionali, considerando le problematiche di varietà e appoggiandosi all'integrazione fornita dal dataspace. Lo scopo finale è di sviluppare un prototipo che esponga un'interfaccia per interrogare il dataspace con la semantica GPSJ, ovvero la classe di query più comune nelle applicazioni OLAP. Un'interrogazione nel dataspace dovrà essere tradotta in una serie di interrogazioni nelle sorgenti e, attraverso un livello middleware, i risultati parziali dovranno essere integrati tra loro in modo che il risultato dell'interrogazione sia corretto e allo stesso tempo completo.

An architecture for network acceleration as a service in the cloud continuum

The pervasive availability of connected devices in any industrial and societal sector is pushing for an evolution of the well-established cloud computing model. The emerging paradigm of the cloud continuum embraces this decentralization trend and envisions virtualized computing resources physically located between traditional datacenters and data sources. By totally or partially executing closer to the network edge, applications can have quicker reactions to events, thus enabling advanced forms of automation and intelligence. However, these applications also induce new data-intensive workloads with low-latency constraints that require the adoption of specialized resources, such as high-performance communication options (e.g., RDMA, DPDK, XDP, etc.). Unfortunately, cloud providers still struggle to integrate these options into their infrastructures. That risks undermining the principle of generality that underlies the cloud computing scale economy by forcing developers to tailor their code to low-level APIs, non-standard programming models, and static execution environments. This thesis proposes a novel system architecture to empower cloud platforms across the whole cloud continuum with Network Acceleration as a Service (NAaaS). To provide commodity yet efficient access to acceleration, this architecture defines a layer of agnostic high-performance I/O APIs, exposed to applications and clearly separated from the heterogeneous protocols, interfaces, and hardware devices that implement it. A novel system component embodies this decoupling by offering a set of agnostic OS features to applications: memory management for zero-copy transfers, asynchronous I/O processing, and efficient packet scheduling. This thesis also explores the design space of the possible implementations of this architecture by proposing two reference middleware systems and by adopting them to support interactive use cases in the cloud continuum: a serverless platform and an Industry 4.0 scenario. A detailed discussion and a thorough performance evaluation demonstrate that the proposed architecture is suitable to enable the easy-to-use, flexible integration of modern network acceleration into next-generation cloud platforms.

Adaptable security in the cloud-to-thing continuum

Recent technological advancements have played a key role in seamlessly integrating cloud, edge, and Internet of Things (IoT) technologies, giving rise to the Cloud-to-Thing Continuum paradigm. This cloud model connects many heterogeneous resources that generate a large amount of data and collaborate to deliver next-generation services. While it has the potential to reshape several application domains, the number of connected entities remarkably broadens the security attack surface. One of the main problems is the lack of security measures to adapt to the dynamic and evolving conditions of the Cloud-To-Thing Continuum. To address this challenge, this dissertation proposes novel adaptable security mechanisms. Adaptable security is the capability of security controls, systems, and protocols to dynamically adjust to changing conditions and scenarios. However, since the design and development of novel security mechanisms can be explored from different perspectives and levels, we place our attention on threat modeling and access control. The contributions of the thesis can be summarized as follows. First, we introduce a model-based methodology that secures the design of edge and cyber-physical systems. This solution identifies threats, security controls, and moving target defense techniques based on system features. Then, we focus on access control management. Since access control policies are subject to modifications, we evaluate how they can be efficiently shared among distributed areas, highlighting the effectiveness of distributed ledger technologies. Furthermore, we propose a risk-based authorization middleware, adjusting permissions based on real-time data, and a federated learning framework that enhances trustworthiness by weighting each client's contributions according to the quality of their partial models. Finally, since authorization revocation is another critical concern, we present an efficient revocation scheme for verifiable credentials in IoT networks, featuring decentralization, demanding minimum storage and computing capabilities. All the mechanisms have been evaluated in different conditions, proving their adaptability to the Cloud-to-Thing Continuum landscape.

Analisi e implementazione di un sistema di autorizzazione compatibile con token OAuth 2.0 e certificati VOMS

Il Worldwide LHC Computing Grid (WLCG) è una collaborazione internazionale costituita da decine di centri di calcolo distribuiti globalmente, la cui missione consiste nell'elaborazione delle grandi quantità di dati prodotti dai maggiori esperimenti di Fisica delle Alte Energie, in particolare quelli al CERN di Ginevra. Uno di questi centri di calcolo è ospitato presso il CNAF dell'Istituto Nazionale di Fisica Nucleare a Bologna, che contribuisce anche allo sviluppo di middleware per la gestione dell'infrastruttura. Molti componenti di tale middleware, che hanno funzionalità e scopi diversi, richiedono un servizio di autorizzazione versatile e compatibile con i meccanismi di autenticazione attualmente in uso, basati su token OAuth 2.0 e su certificati VOMS Proxy. In questa tesi si analizzerà l'architettura e l'implementazione di un proof-of-concept di un sistema di autorizzazione che soddisfi queste necessità, enfatizzando l'integrazione delle tecniche di autenticazione citate. Per dimostrare la sua versatilità, verrà illustrato il processo di interfacciamento con un componente middleware attualmente in sviluppo al CNAF. Il risultato finale ottenuto è un sistema che rispetta i vincoli richiesti e si integra facilmente con servizi eterogenei.