980 resultados para Software-Defined Networking, OpenFlow, rete programmabile
Resumo:
The multi-faced evolution of network technologies ranges from big data centers to specialized network infrastructures and protocols for mission-critical operations. For instance, technologies such as Software Defined Networking (SDN) revolutionized the world of static configuration of the network - i.e., by removing the distributed and proprietary configuration of the switched networks - centralizing the control plane. While this disruptive approach is interesting from different points of view, it can introduce new unforeseen vulnerabilities classes. One topic of particular interest in the last years is industrial network security, an interest which started to rise in 2016 with the introduction of the Industry 4.0 (I4.0) movement. Networks that were basically isolated by design are now connected to the internet to collect, archive, and analyze data. While this approach got a lot of momentum due to the predictive maintenance capabilities, these network technologies can be exploited in various ways from a cybersecurity perspective. Some of these technologies lack security measures and can introduce new families of vulnerabilities. On the other side, these networks can be used to enable accurate monitoring, formal verification, or defenses that were not practical before. This thesis explores these two fields: by introducing monitoring, protections, and detection mechanisms where the new network technologies make it feasible; and by demonstrating attacks on practical scenarios related to emerging network infrastructures not protected sufficiently. The goal of this thesis is to highlight this lack of protection in terms of attacks on and possible defenses enabled by emerging technologies. We will pursue this goal by analyzing the aforementioned technologies and by presenting three years of contribution to this field. In conclusion, we will recapitulate the research questions and give answers to them.
Resumo:
Software Defined Networking along with Network Function Virtualisation have brought an evolution in the telecommunications laying out the bases for 5G networks and its softwarisation. The separation between the data plane and the control plane, along with having a decentralisation of the latter, have allowed to have a better scalability and reliability while reducing the latency. A lot of effort has been put into creating a distributed controller, but most of the solutions provided by now have a monolithic approach that reduces the benefits of having a software defined network. Disaggregating the controller and handling it as microservices is the solution to problems faced when working with a monolithic approach. Microservices enable the cloud native approach which is essential to benefit from the architecture of the 5G Core defined by the 3GPP standards development organisation. Applying the concept of NFV allows to have a softwarised version of the entire network structure. The expectation is that the 5G Core will be deployed on an orchestrated cloud infrastructure and in this thesis work we aim to provide an application of this concept by using Kubernetes as an implementation of the MANO standard. This means Kubernetes acts as a Network Function Virtualisation Orchestrator (NFVO), Virtualised Network Function Manager (VNFM) and Virtualised Infrastructure Manager (VIM) rather than just a Network Function Virtualisation Infrastructure. While OSM has been adopted for this purpose in various scenarios, this work proposes Kubernetes opposed to OSM as the MANO standard implementation.
Resumo:
L'erogazione dei servizi informatici tramite cloud è ormai una delle soluzioni più in voga nel mercato odierno, tant'è che, analizzando le statistiche fornite dalle piattaforme principali, anche il futuro sembra andare proprio in quella direzione. Quest'evoluzione avrà un forte impatto persino nelle telecomunicazioni, dove le tecniche di virtualizzazione e softwarizzazione vengono già oggi impiegate per facilitare la gestione delle infrastrutture di rete, creando le cosiddette SDN (Software Defined Network). I provider che scelgono di adottare queste soluzioni ottengono un elevato grado di flessibilità dei propri servizi, facilitando notevolmente lo sviluppo di nuove funzionalità, grazie alla presenza di controller esterni a cui vengono demandati gli aspetti di gestione della rete stessa. In uno scenario di questo tipo è fondamentale che gli strumenti volti allo studio e alla sperimentazione di reti software-based siano in grado di stare al passo con i tempi, utilizzando tecnologie all'avanguardia ed accessibili anche agli utenti che si interfacciano per la prima volta con queste metodologie. Perché questo sia possibile è necessario che telecomunicazioni e sviluppo software, aspetti storicamente appartenenti a due mondi dell'informatica paralleli, si uniscano. Ad oggi gli strumenti che permettono di operare su SDN sono innumerevoli, ma spesso accomunati dalla mancanza di qualsivoglia interfaccia grafica, restringendo l'utenza di riferimento ad un gruppo ancor più di nicchia, escludendo gli utilizzatori alle prime armi. L'obiettivo di questo progetto è proporre uno strumento alternativo, basato su Ryu, che permetta all’utente di creare, configurare e gestire secondo le proprie esigenze una rete virtuale, attraverso un’interfaccia grafica e un simulatore interattivo per controllare e visualizzare lo stato dei dispositivi connessi. Infine, verranno analizzati i vantaggi didattici ottenuti dall'impiego dell'applicativo rispetto alle metodologie classiche.
Resumo:
Os Sistemas de Detecção e Prevenção de Intrusão (Intrusion Detection Systems – IDS e Intrusion Prevention Systems - IPS) são ferramentas bastante conhecidas e bem consagradas no mundo da segurança da informação. Porém, a falta de integração com os equipamentos de rede como switches e roteadores acaba limitando a atuação destas ferramentas e exige um bom dimensionamento de recursos de hardware como processamento, memória e interfaces de rede de alta velocidade, utilizados para implementá-las. Diante de diversas limitações deparadas por pesquisadores e administradores de redes, surgiu o conceito de Rede Definida por Software (Software Defined Network – SDN), que ao separar os planos de controle e de dados, permite adaptar o funcionamento da rede de acordo com as necessidades de cada um. Desta forma, devido à padronização e flexibilidade propostas pelas SDNs, e das limitações apresentadas dos IPSs, esta dissertação de mestrado propõe o IPSFlow, um framework que utiliza uma rede baseada na arquitetura SDN e o protocolo OpenFlow para a criação de um IPS com ampla cobertura e que permite bloquear um tráfego caracterizado pelos IDS(s) como malicioso no equipamento mais próximo da origem. Para validar o framework, experimentos no ambiente virtual Mininet foram realizados utilizando-se o Snort como IDS para analisar tráfego de varredura (scan) gerado pelo Nmap de um host ao outro. Os resultados coletados apresentam que o IPSFlow funcionou conforme planejado ao efetuar o bloqueio de 85% do tráfego de varredura.
Resumo:
Dissertação para obtenção do Grau de Mestre em Engenharia Electrotécnica e de Computadores
Resumo:
Pós-graduação em Engenharia Elétrica - FEIS
Resumo:
La prova informatica richiede l’adozione di precauzioni come in un qualsiasi altro accertamento scientifico. Si fornisce una panoramica sugli aspetti metodologici e applicativi dell’informatica forense alla luce del recente standard ISO/IEC 27037:2012 in tema di trattamento del reperto informatico nelle fasi di identificazione, raccolta, acquisizione e conservazione del dato digitale. Tali metodologie si attengono scrupolosamente alle esigenze di integrità e autenticità richieste dalle norme in materia di informatica forense, in particolare della Legge 48/2008 di ratifica della Convenzione di Budapest sul Cybercrime. In merito al reato di pedopornografia si offre una rassegna della normativa comunitaria e nazionale, ponendo l’enfasi sugli aspetti rilevanti ai fini dell’analisi forense. Rilevato che il file sharing su reti peer-to-peer è il canale sul quale maggiormente si concentra lo scambio di materiale illecito, si fornisce una panoramica dei protocolli e dei sistemi maggiormente diffusi, ponendo enfasi sulla rete eDonkey e il software eMule che trovano ampia diffusione tra gli utenti italiani. Si accenna alle problematiche che si incontrano nelle attività di indagine e di repressione del fenomeno, di competenza delle forze di polizia, per poi concentrarsi e fornire il contributo rilevante in tema di analisi forensi di sistemi informatici sequestrati a soggetti indagati (o imputati) di reato di pedopornografia: la progettazione e l’implementazione di eMuleForensic consente di svolgere in maniera estremamente precisa e rapida le operazioni di analisi degli eventi che si verificano utilizzando il software di file sharing eMule; il software è disponibile sia in rete all’url http://www.emuleforensic.com, sia come tool all’interno della distribuzione forense DEFT. Infine si fornisce una proposta di protocollo operativo per l’analisi forense di sistemi informatici coinvolti in indagini forensi di pedopornografia.
Resumo:
The constant development of digital systems in radio communications demands the adaptation of the current receiving equipment to the new technologies. In this context, a new Software Defined Radio based receiver is being implemented with the aim of carrying out different experiments to analyze the propagation of signals through the atmosphere from a satellite beacon. The receiver selected for this task is the PERSEUS SDR from the Italian company Microtelecom s.r.l. It is a software defined VLF-LF-MF-HF receiver based on an outstanding direct sampling digital architecture which features a 14 bit 80 MSamples/s analog-to-digital converter, a high-performance FPGA-based digital down-converter and a high-speed 480 Mbit/s USB2.0 PC interface. The main goal is to implement the related software and adapt the new receiver to the current working environment. In this paper, SDR technology guidelines are given and PERSEUS receiver digital signal processing is presented with the most remarkable results.
Resumo:
Thesis (Master's)--University of Washington, 2016-06
Resumo:
[ANGLÈS] This project introduces GNSS-SDR, an open source Global Navigation Satellite System software-defined receiver. The lack of reconfigurability of current commercial-of-the-shelf receivers and the advent of new radionavigation signals and systems make software receivers an appealing approach to design new architectures and signal processing algorithms. With the aim of exploring the full potential of this forthcoming scenario with a plurality of new signal structures and frequency bands available for positioning, this paper describes the software architecture design and provides details about its implementation, targeting a multiband, multisystem GNSS receiver. The result is a testbed for GNSS signal processing that allows any kind of customization, including interchangeability of signal sources, signal processing algorithms, interoperability with other systems, output formats, and the offering of interfaces to all the intermediate signals, parameters and variables. The source code release under the GNU General Public License (GPL) secures practical usability, inspection, and continuous improvement by the research community, allowing the discussion based on tangible code and the analysis of results obtained with real signals. The source code is complemented by a development ecosystem, consisting of a website (http://gnss-sdr.org), as well as a revision control system, instructions for users and developers, and communication tools. The project shows in detail the design of the initial blocks of the Signal Processing Plane of the receiver: signal conditioner, the acquisition block and the receiver channel, the project also extends the functionality of the acquisition and tracking modules of the GNSS-SDR receiver to track the new Galileo E1 signals available. Each section provides a theoretical analysis, implementation details of each block and subsequent testing to confirm the calculations with both synthetically generated signals and with real signals from satellites in space.
Resumo:
Estudi de viabilitat sobre la implantació d'un software-defined storage open source en entorns empresarials. Comparativa entre Gluster, Ceph, OpenAFS, TahoeFS i XtreemFS.
Resumo:
Työssä tutkitaan tiedonsiirtoa eri modulaatioilla, bittinopeuksilla ja amplitudin voimakkuuksilla ja tuloksia tarkastellaan Bit Error Ration avulla. Signaaleja siirrettiiin myös koodattuna ja vertailtiin koodauksen etuja ja haittoja verrattuna koodaamattomaan tietoon. Datavirta kulkee AXMK-kaapelissa, joko tasasähkön mukana, tai maadoituskaapelissa. Tuloksissa havaittiin, että suurempi bittinopeus ei kasvattanut häviöiden määrää. Koodauksen käyttö toisaalta vähenti bittivirheiden määrää.
Resumo:
Software Defined Radio (SDR) hardware platforms use parallel architectures. Current concepts of developing applications (such as WLAN) for these platforms are complex, because developers describe an application with hardware-specifics that are relevant to parallelism such as mapping and scheduling. To reduce this complexity, we have developed a new programming approach for SDR applications, called Virtual Radio Engine (VRE). VRE defines a language for describing applications, and a tool chain that consists of a compiler kernel and other tools (such as a code generator) to generate executables. The thesis presents this concept, as well as describes the language and the compiler kernel that have been developed by the author. The language is hardware-independent, i.e., developers describe tasks and dependencies between them. The compiler kernel performs automatic parallelization, i.e., it is capable of transforming a hardware-independent program into a hardware-specific program by solving hardware-specifics, in particular mapping, scheduling and synchronizations. Thus, VRE simplifies programming tasks as developers do not solve hardware-specifics manually.
Resumo:
The exponential growth in the applications of radio frequency (RF) is accompanied by great challenges as more efficient use of spectrum as in the design of new architectures for multi-standard receivers or software defined radio (SDR) . The key challenge in designing architecture of the software defined radio is the implementation of a wide-band receiver, reconfigurable, low cost, low power consumption, higher level of integration and flexibility. As a new solution of SDR design, a direct demodulator architecture, based on fiveport technology, or multi-port demodulator, has been proposed. However, the use of the five-port as a direct-conversion receiver requires an I/Q calibration (or regeneration) procedure in order to generate the in-phase (I) and quadrature (Q) components of the transmitted baseband signal. In this work, we propose to evaluate the performance of a blind calibration technique without additional knowledge about training or pilot sequences of the transmitted signal based on independent component analysis for the regeneration of I/Q five-port downconversion, by exploiting the information on the statistical properties of the three output signals
Resumo:
This work presents an wideband ring VCO for cognitive radio five-port based receivers. A three-stage differential topology using transmission gate was adopted in order to maintain wide and linear tuning range and a low phase-noise. Monte-Carlo analysis were performed for phase-shift response of individual stages, which is an important figure of merit in five-port works. It was observed a fairly linear correlation between control voltage and oscillation frequency in the range between 200 MHz and 1800 MHz. The VCO was preliminarily designed for IBM 130nm CMOS technology
