Swedish Institute of Computer Science Publications Database
Not a member yet
2787 research outputs found
Sort by
Component Integrity Guarantees in Software-Defined Networking Infrastructure
Operating system level virtualization containers are commonly used to deploy virtual network functions (VNFs) which access the centralized network controller in software-defined net- working (SDN) infrastructure. While this allows flexible network configuration, it also increases the attack surface, as sensitive information is transmitted between the controller and the virtual network functions. In this work we propose a mechanism for bootstrapping secure communication between the SDN controller and deployed network applications. The proposed mechanism relies on platform integrity evaluation and execution isolation mechanisms, such as Linux Integrity Measurement Architecture and Intel Software Guard Extensions. To validate the feasibility of the proposed approach, we have implemented a proof of concept which was further tested and evaluated to assess its performance. The prototype can be seen as the first step into providing users with security guarantees regarding the integrity of components in the SDN infrastructure
Towards a comprehensive model for track allocation and roll-time scheduling at marshalling yards
This paper considers multi-stage train formation with mixed usage tracks at a marshalling yard without departure yard. A novel integer programming model for scheduling shunting tasks as well as allocating arrival yard tracks and classification bowl tracks is presented. By taking a comprehensive view of the marshalling yard operations, more effective schedules can be found, and a variety of characteristics can be optimised, including shunting work effort, number or cost of tracks, and shunting task start times. Two different objective functions are evaluated: minimising work effort in terms of wagon pull-backs and minimising track costs. A procedure for finding a hot-start solution with few wagon pull-backs is also presented. The proposed model is tested on real data from Sävenäs marshalling yard in Sweden. The results show that the method is able to return an optimal schedule for a planning period of 4 days if the hot-start solution is optimal or the remaining problem is tractable for the heuristics in CPLEX
Safeguarding VNF Credentials with Intel SGX
Operators use containers – enabled by operating system (OS) level virtualization – to deploy virtual network functions (VNFs) that access the centralized network controller in software-defined net- working (SDN) deployments. While SDN allows flexible network configuration, it also increases the attack surface on the network deployment [8]. For example, insecure communication channels may be tapped to extract or inject sensitive data transferred on the north-bound interface, between the network controller and VNFs; furthermore, to protect the network controller from malicious VNF instances, the integrity and authenticity of VNFs must be verified prior to deployment.o mitigate the risks described above, we implemented a prototype that leverages hardware-based mechanisms for isolated execution implemented by Intel SGX in combination with a run-time integrity measurement subsystem, namely Linux Integrity Measure- ment Architecture (IMA)1. This prototype is a first step towards providing to tenants and end-users integrity guarantees regarding the network components in SDN deployments
Traceability and Deep Learning - Safety-critical Systems with Traces Ending in Deep Neural Networks
Distributed dynamic load balancing with applications in radio access networks
Managing and balancing load in distributed systems remains a challenging problem in resource management, especially in networked systems where scalability concerns favour distributed and dynamic approaches. Distributed methods can also integrate well with centralised control paradigms if they provide high-level usage statistics and control interfaces for supporting and deploying centralised policy decisions. We present a general method to compute target values for an arbitrary metric on the local system state and show that autonomous rebalancing actions based on the target values can be used to reliably and robustly improve the balance for metrics based on probabilistic risk estimates. To balance the trade-off between balancing efficiency and cost, we introduce 2 methods of deriving rebalancing actuations from the computed targets that depend on parameters that directly affects the trade-off. This enables policy level control of the distributed mechanism based on collected metric statistics from network elements. Evaluation results based on cellular radio access network simulations indicate that load balancing based on probabilistic overload risk metrics provides more robust balancing solutions with fewer handovers compared to a baseline setting based on average load
A survey on design and implementation of protected searchable data in the cloud
While cloud computing has exploded in popularity in recent years thanks to the potential efficiency and cost savings of outsourcing the storage and management of data and applications, a number of vulnerabilities that led to multiple attacks have deterred many potential users.
As a result, experts in the field argued that new mechanisms are needed in order to create trusted and secure cloud services. Such mechanisms would eradicate the suspicion of users towards cloud computing by providing the necessary security guarantees. Searchable Encryption is among the most promising solutions—one that has the potential to help offer truly secure and privacy-preserving cloud services. We start this paper by surveying the most important searchable encryption schemes and their relevance to cloud computing. In light of this analysis we demonstrate the inefficiencies of the existing schemes and expand our analysis by discussing certain confidentiality and privacy issues. Further, we examine how to integrate such a scheme with a popular cloud platform. Finally, we have chosen – based on the findings of our analysis – an existing scheme and implemented it to review its practical maturity for deployment in real systems. The survey of the field, together with the analysis and with the extensive experimental results provides a comprehensive review of the theoretical and practical aspects of searchable encryption