Methodology For Securing Networked Self-Adaptive Embedded Systems

Similar documents
Real Time Network Server Monitoring using Smartphone with Dynamic Load Balancing

Evaluating The Performance of Symmetric Encryption Algorithms

TOPOLOGIES NETWORK SECURITY SERVICES

FRANCESCO BELLOCCHIO S CURRICULUM VITAE ET STUDIORUM

Role Based Access Control for the interaction with Search Engines

Cisco Integrated Services Routers Performance Overview

Optimized Scheduling in Real-Time Environments with Column Generation

Anomaly Intrusion Detection System in Wireless Sensor Networks: Security Threats and Existing Approaches

Automating Service Negotiation Process for Service Architecture on the cloud by using Semantic Methodology

Proposal of Dynamic Load Balancing Algorithm in Grid System

Self-organized Multi-agent System for Service Management in the Next Generation Networks

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

DR AYŞE KÜÇÜKYILMAZ. Imperial College London Personal Robotics Laboratory Department of Electrical and Electronic Engineering SW7 2BT London UK

GATEWAY TRAFFIC COMPRESSION

Martino Sykora CURRICULUM VITAE ET STUDIORUM

Performance Oriented Management System for Reconfigurable Network Appliances

An apparatus for P2P classification in Netflow traces

Design of Remote Laboratory dedicated to E2LP board for e-learning courses.

MAXIMIZING RESTORABLE THROUGHPUT IN MPLS NETWORKS

A PERFORMANCE EVALUATION OF COMMON ENCRYPTION TECHNIQUES WITH SECURE WATERMARK SYSTEM (SWS)

Securing IP Networks with Implementation of IPv6

Experiments in Collaborative Cloud-based Distance Learning

Keywords: Dynamic Load Balancing, Process Migration, Load Indices, Threshold Level, Response Time, Process Age.

Operating System Support for Multiprocessor Systems-on-Chip

An Active Packet can be classified as

Mobile and Sensor Systems

Secured Data Transmissions In Manet Using Neighbor Position Verfication Protocol

Reconfigurable Architecture Requirements for Co-Designed Virtual Machines

Efficient and Robust Allocation Algorithms in Clouds under Memory Constraints

Network Security. Introduction. Università degli Studi di Brescia Dipartimento di Ingegneria dell Informazione 2014/2015

A Comparative Study of Load Balancing Algorithms in Cloud Computing

Energy Optimal Routing Protocol for a Wireless Data Network

Mobile Security Wireless Mesh Network Security. Sascha Alexander Jopen

Problems of Security in Ad Hoc Sensor Network

A Well-organized Dynamic Bandwidth Allocation Algorithm for MANET

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Online Network Traffic Security Inspection Using MMT Tool

Efficient Software Implementation of AES on 32-bit Platforms

Trust based Peer-to-Peer System for Secure Data Transmission ABSTRACT:

The Service Availability Forum Specification for High Availability Middleware

IEEE JAVA TITLES

Heterogeneous Workload Consolidation for Efficient Management of Data Centers in Cloud Computing

Cisco Application Networking for Citrix Presentation Server

A Comparative Performance Analysis of Load Balancing Algorithms in Distributed System using Qualitative Parameters

SH-Sim: A Flexible Simulation Platform for Hybrid Storage Systems

Costs and Benefits of Reputation Management Systems

Wireless Sensor Network Performance Monitoring

Proposition of a new approach to adapt SIP protocol to Ad hoc Networks

PERFORMANCE STUDY AND SIMULATION OF AN ANYCAST PROTOCOL FOR WIRELESS MOBILE AD HOC NETWORKS

A NOVEL OVERLAY IDS FOR WIRELESS SENSOR NETWORKS

OPTIMIZE DMA CONFIGURATION IN ENCRYPTION USE CASE. Guillène Ribière, CEO, System Architect

End-to-end Secure Data Aggregation in Wireless Sensor Networks

Keywords Distributed Computing, On Demand Resources, Cloud Computing, Virtualization, Server Consolidation, Load Balancing

Thesis work and research project

An Optimization Model of Load Balancing in P2P SIP Architecture

A UBIQUITOUS PROTOCOL FOR ADDRESS DYNAMICALLY AUTO CONFIGURATION FOR MOBILE AD HOC NETWORKS

Securing MANET Using Diffie Hellman Digital Signature Scheme

Making Dynamic Memory Allocation Static To Support WCET Analyses

Paolo Maistri. September 8, Personal Information 2. Education and Studies 2. Academic Activities and Affiliations 3

Entropy-Based Collaborative Detection of DDoS Attacks on Community Networks

A Study of New Trends in Blowfish Algorithm

Dynamic Resource Allocation in Software Defined and Virtual Networks: A Comparative Analysis

Multi-objective Design Space Exploration based on UML

A Comparison of Mobile Peer-to-peer File-sharing Clients

LV4MV: A CONCEPT FOR OPTIMAL POWER FLOW MANAGEMENT IN DISTRIBUTION GRIDS, USING DER FLEXIBILITY

IoT Security Platform

Dr Christos Anagnostopoulos. 1. Education. 2. Present employment. 3. Previous Appointments. Page 1 of 6

An Architecture Model of Sensor Information System Based on Cloud Computing

An Efficient Hybrid Data Gathering Scheme in Wireless Sensor Networks

How To Become A Computer Scientist

CHAPTER THREE, Network Services Management Framework

A Quality Requirements Safety Model for Embedded and Real Time Software Product Quality

Single Sign-On Secure Authentication Password Mechanism

Dr. STYLIANI KLEANTHOUS LOIZOU CURRICULUM VITAE

Designing and Embodiment of Software that Creates Middle Ware for Resource Management in Embedded System

M.S. Project Proposal. SAT Based Attacks on SipHash

DYNAMIC LOAD BALANCING IN A DECENTRALISED DISTRIBUTED SYSTEM

5 Performance Management for Web Services. Rolf Stadler School of Electrical Engineering KTH Royal Institute of Technology.

Decomposition into Parts. Software Engineering, Lecture 4. Data and Function Cohesion. Allocation of Functions and Data. Component Interfaces

About the Authors Preface Acknowledgements List of Acronyms

Microsoft Windows Server System White Paper

Dr. Shashank Srivastava. Contact. Telephone: Teaching. Courses Taught: Current Courses: Past Courses:

A Slow-sTart Exponential and Linear Algorithm for Energy Saving in Wireless Networks

Transcription:

Taddeo - PhD Review Methodology For Securing Networked Self-Adaptive Embedded Systems Antonio Vincenzo Taddeo antonio.taddeo@alari.ch Academic Advisor: Prof. Mariagiovanna Sami sami@alari.ch Research Advisor: Dr. Alberto Ferrante ferrante@alari.ch ALaRI Faculty of Informatics Università della Svizzera Italiana - 09.12.08

Problem Statement Self-Adaptive Systems (SAS) introduce new security challenges Need for new security principles and design Solution: (Self-)Adaptive Security My research work is part of the AETHER - FET FP6 EU Project on Self-Adaptive Embedded Technologies for Pervasive Computing Architectures http://www.aether-ist.org 2

Why is the subject innovative? Typically, security mechanisms are designed as static and non-flexible Adaptation focuses on a single security aspects Self-adaptive embedded systems require innovative dynamic and adaptive security approaches characterized by strong resource constraints (processing capacity, memory space, energy availability ) To be adopted at run time, in real time 3

My contributions (1) A new model of SAS Defined through coordinated management of HW & SW self-adaptivity (2) A framework for security self-adaptation instance of the model in (1) run-time adaptation of security services (3) Enhancement of (2) for networked SAS Dynamic Service Negotiation Guarantee of Services 4

(1) New SAS Model Decentralized control algorithm RTE as interface between SW and HW. Separation of adaptivity concerns at each level. Each level uses MCA paradigm to handle self-adaptation. Recommender module as coordination mechanism. Extensive simulations have been performed to validate and evaluate the recommender module. 5

Simulation Results (Recommender) 6

(2) Security Self-Adaptation How can we have self-adaptive security? MCA Paradigm Goals: Satisfy the Application requirements; Maximize the # of Running Applications; Minimize the Cost of Security Configurations; Monitorable Space: Running Application; Current Cost; System Cost Threshold; Adaptation Space: Requirement satisfaction; Running Applications; Security Configurations; 7

Security Self-Adaptation: Configurations and Costs Different sets of security configuration are enforced at different instants of time A cost is associated with each configuration e.g. power consumption A cost threshold is introduced as the maximum cost for the current system status. Each application has its specific requirements, hard or soft Multiple applications run on a given ES Critical applications have precedence over non critical ones. 8

Security Self-Adaptation Logic Searches a cost sub-optimal solution that: Satisfies the Application requirements; Maximizes the # of Running Applications; Minimizes the Cost of Security Configurations; by means of: Exact solutions (coverage table); Heuristic solutions (branch and bound); Cost reached is below the system threshold Extensive simulations have been performed to validate and evaluate the adaptive security framework 9

(3a) Security Services Negotiation Nodes establish an agreement for secure communication How can nodes select the most efficient security services? Are the used security services the cheapest? Are the used security services the most secure? 10

Security Service Negotiation Protocol Nodes provides different security services Symmetric cipher, hash algorithms,... Services are organized in homogeneous groups Same functionalities different performances Each data transmission has associated a price. 11

Security Service Price Cost?? Each node computes its costs for each security service Identical services can have different costs on different nodes Each node has a global budget that can be consumed A portion of the global budget is assigned to each transmission session 12

Service Selection Concept Apply Linear Programming (LP) to minimize the cost for transmission of bytes between the two nodes. subject to: Security services must be available in both nodes cost paid by each node must be below node's budget 13

(3b) GoS Trusting Protocol Will the node perform the tasks assigned to it? 14

Trusting computation A node is trusted if respects service agreements Reputation-based protocol By mixing Personal experience Indirect experience Update using: 15

Simulation Results 50% of nodes are 10% faulty The others have different level of faultiness 16

Evaluation of protocol w.r.t attacks Bad mounting attack a large number of malicious nodes are required to perform an efficient attack On-Off attack Nodes quickly reach a trust value of 7 Sybil attack Prevented by using identity check mechanism (not in our case) Conflicting behavior influences systems where there is a rating of the recommender (not in our case) 17

Publications (1/2) Journals Derin Onur, Alberto Ferrante, and Antonio V. Taddeo, Coordinated Management of Hardware and Software Self-adaptivity, to appear in Elsevier Journal of Systems Architecture. (Authors appear in alphabetical order). Antonio Vincenzo Taddeo, Alberto Ferrante, Scheduling Small Packets in IPSec Multi-accelerator Based Systems, in Journal of Communications (JCM). Academy Publisher, Mar. 2007, vol. 2, no. 2, pp. 53 60. Conferences and Workshops Antonio Vincenzo Taddeo, Alberto Ferrante, A Security Service Protocol for MANETs, to appear as a short paper in IEEE CCNC 2008, Las Vegas, 10-13 January 2009. Alberto Ferrante, Roberto Pompei, Anastasia Stulova, Antonio Taddeo, A Protocol for Guarantee of Service in Pervasive Distributed Systems, 2 nd AETHER-Morpheus Workshop (AMWAS 08), Lugano, October 2008.(Authors appear in alphabetical order). Alberto Ferrante, Roberto Pompei, Anastasia Stulova, Antonio Taddeo, A Protocol For Pervasive Distributed Computing Reliability,. In proceedings of SecPri_WiMob 2008, Avignon, France, October 12, 2008. (Authors appear in alphabetical order). Alberto Ferrante, Antonio Vincenzo Taddeo, Mariagiovanna Sami, Fabrizio Mantovani, and Jurijs Fridkins, Self-adaptive Security at Application Level: a Proposal, in ReCoSoC 2007. Montpellier, France, Jun. 2007. A. Ferrante, A. V. Taddeo, O. Derin. Security in self-adaptive systems, 1 st AETHER-Morpheus Workshop (AMWAS 07), Paris, October 2007. Antonio Vincenzo Taddeo, Alberto Ferrante, and Vincenzo Piuri, Scheduling Small Packets in IPSec-based Systems, in IEEE CCNC 2006. Las Vegas, NV, USA: IEEE, 8 Jan. 2006. 18

Publications (2/2) Conferences and Workshops (minor research on e-learning) Alessandro Bozzon and Tereza Iofciu and Wolfgang Nejdl and Antonio Vincenzo Taddeo and Sascha Tonnies."Role Based Access Control for the interaction with Search Engines" in COOPER Workshop in conjunction with ECTEL07 Conference, 17 September 2007.(Authors appear in alphabetical order). Bas Giesbers and Antonio Vincenzo Taddeo and Wim van der Vegt and Jan van Bruggen and Rob Koper. "A Question Answering service for information retrieval in Cooper" in COOPER Workshop in conjunction with ECTEL07 Conference, 17 September 2007. Carola Salvioni and Antonio Vincenzo Taddeo. "Remote Cooperation on Project-centred Learning: a Working Implemented Solution in Academia", in COOPER Workshop in conjunction with ECTEL07 Conference, 17 September 2007.(Authors appear in alphabetical order). Aldo Bongio, Jan van Bruggen, Stefano Ceri, Valentin Cristea, Peter Dolog, Andreas Hoffmann, Maristella Matera, Marzia Mura, Antonio V. Taddeo, Xuan Zhou, and Larissa Zoni. "COOPER: Towards a Collaborative Open En-vironment of Project-Centred Learning. In Innovative Approaches for Learning and Knowledge Sharing", volume Volume 4227/2006 of Lecture Notes in Computer Science, pages 561 566. Springer Berlin / Heidelberg, 2006..(Authors appear in alphabetical order). 19

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information