Hard Problems: Resilient Security Architectures 2015

 

 
SoS Logo

Hard Problems: Resilient Security Architectures 2015

 

Resilient security architectures are a hard problem in the Science of Security.   These scholarly articles about research into resilient security architectures were presented in 2015.  A great deal of research useful to resilience is coming from the literature on control theory.  In addition to the Science of Security community, much of this work is also relevant to the SURE project. 



Serageldin, A.; Krings, A., "A Resilient Real-Time Traffic Control System," in Intelligent Transportation Systems (ITSC), 2015 IEEE 18th International Conference on, pp. 2869-2876, 15-18 Sept. 2015. doi: 10.1109/ITSC.2015.461

Abstract: This paper describes a resilient control system operating in a critical infrastructure. The system is a real-time weather responsive system that accesses weather information that provides near-real-time atmospheric and pavement observation data that is used to adapt traffic signal timing to increase safety. Since the system controls part of a safety critical application survivability and resilience considerations must be an integral part of the system architecture. In order to provide adaptation to system behavior as the result of faults or malicious acts an architecture is presented that monitors itself and adapts its behavior in real-time. The main theoretical contributions are the combination and extension of approaches introduced in previous work. The theory of certifying executions is extended by three concepts: the detection of dependency violations, exceptions triggers, and sensor analysis are considered, a dual-bound threshold approach for detecting off-nominal executions is introduced, profiling is augmented with the concept of behavior sets. Extensive evidence of the effectiveness of the solutions based on a one-year observation of the system in action is presented.

Keywords: control engineering computing; intelligent transportation systems; real-time systems; road traffic control; safety-critical software; software architecture; ITS; critical infrastructure; intelligent transportation system; real-time traffic control system; resilient control system; safety critical application; system architecture; weather information access; weather responsive system; Control systems; Meteorology; Monitoring; Rabbits; Real-time systems; Software; Timing (ID#: 15-8588)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7313553&isnumber=7312804

 

Ali, K.; Nguyen, H.X.; Quoc-Tuan Vien; Shah, P., "Disaster Management Communication Networks: Challenges and Architecture Design," in Pervasive Computing and Communication Workshops (PerCom Workshops), 2015 IEEE International Conference on, pp. 537-542, 23-27 March 2015

doi: 10.1109/PERCOMW.2015.7134094

Abstract: In the past decades, serious natural disasters such as earthquakes, tsunamis, floods, and storms have occurred frequently worldwide with catastrophic consequences. They also helped us understand that organising and maintaining effective communication during the disaster are vital for the execution of rescue operations. As communication resources are often entirely or partially damaged by disasters, the demand for information and communication technology (ICT) services explosively increases just after the events. These situations instigate serious network traffic congestions and physical damage of ICT equipments and emergency ICT networks if uprooted as a pre-disaster network system. This article proposes a network architecture design by integrating the existing network infrastructure with the reinforcement of layers based techniques and cloud processing concepts. This resilient network architecture allows the ICT services to be launched within a reasonable short period of time of development. Furthermore, communication in a disaster is sustained by implementing a three-tier fortification of the overall network architecture which would also minimize the physical and logical redundancy for resilient and flexible ICT resources. As cloud processing will work as a parallel reinforced infrastructure, the proposed approach and network design will give new hope for the developing countries to consider cloud computing services for effectiveness and better dependability on the architecture to save ICT and humanitarian network at the time of disaster.

Keywords: cloud computing; emergency management; telecommunication congestion control; telecommunication network management; telecommunication traffic; ICT equipments; ICT services explosively; cloud computing services; cloud processing concepts; communication resources; emergency ICT networks; information and communication technology services; layers based techniques; logical redundancy; natural disasters; network traffic congestions; parallel reinforced infrastructure; physical redundancy; pre-disaster network system; rescue operations; three-tier fortification; Cities and towns; Cloud computing; Computer architecture; Conferences; Earthquakes; Emergency services; Reliability (ID#: 15-8589)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7134094&isnumber=7133953

 

Lecocke, M.B.; Blount, J.; Blount, J., "Use of Formal Modeling to Automatically Generate Correct Fault Detection and Response Methods," in Aerospace Conference, 2015 IEEE, pp. 1-7, 7-14 March 2015. doi: 10.1109/AERO.2015.7119245

Abstract: This paper describes an approach to fault tolerant design and implementation that uses a formal model to automatically generate fault detection and response methods. The approach is designed for resource-constrained embedded systems with high reliability requirements such as manned or critical space assets. The formal model-based approach offers several advantages over a conventional approach based on manual failure mode analysis (FMA). The primary benefits are increased confidence in the fault tolerance of the design and in the corresponding implementation. Increased confidence in the design is achieved because both the system architecture and reliability requirements are precisely described in a single formal model written in Answer Set Prolog (ASP). The readability of ASP facilitates precise communication between system engineers and stakeholders, thus increasing the likelihood that design errors are corrected early in the development cycle. Increased confidence in the implementation is achieved because it is automatically generated using the model and is guaranteed to satisfy the specified reliability requirements. Importantly, the control flow of the resulting implementation is straightforward and readable. Besides increased confidence, our approach is resilient to architecture and requirements changes. In our experience, once the model is updated it takes less than 10 minutes to re-generate the implementation and download to the target.

Keywords: PROLOG; aerospace computing; embedded systems; fault diagnosis; formal specification; logic programming; software architecture; software fault tolerance; Answer Set Prolog; automatic correct fault detection method generation; automatic correct fault response method generation; control flow; critical space assets; design errors; development cycle; fault tolerance; formal modeling; high reliability requirements; manned space assets; manual failure mode analysis; resource-constrained embedded systems; system architecture; Biographies; Biological system modeling; Computers; Manuals (ID#: 15-8590)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7119245&isnumber=7118873

 

Wenchao Li; Gerard, L.; Shankar, N., "Design and Verification of Multi-Rate Distributed Systems," in Formal Methods and Models for Codesign (MEMOCODE), 2015 ACM/IEEE International Conference on, pp. 20-29, 21-23 Sept. 2015. doi: 10.1109/MEMCOD.2015.7340463

Abstract: Multi-rate systems arise naturally in distributed settings where computing units execute periodically according to their local clocks and communicate among themselves via message passing. We present a systematic way of designing and verifying such systems with the assumption of bounded drift for local clocks and bounded communication latency. First, we capture the system model through an architecture definition language (called RADL) that has a precise model of computation and communication. The RADL paradigm is simple, compositional, and resilient against denial-of-service attacks. Our radler build tool takes the architecture definition and individual local functions as inputs and generate executables for the overall system as output. In addition, we present a modular encoding of multi-rate systems using calendar automata and describe how to verify real-time properties of these systems using SMT-based infinite-state bounded model checking. Lastly, we discuss our experiences in applying this methodology to building high-assurance cyber-physical systems.

Keywords: distributed processing; formal verification; specification languages; RADL language; RADL paradigm; SMT-based infinite-state bounded model checking; architecture definition language; bounded communication latency; calendar automata; cyber-physical systems; denial-of-service attacks; multirate distributed systems; radler build tool; Clocks; Computational modeling; Computer architecture; Cyber-physical systems; Real-time systems; Robots; Sensors (ID#: 15-8591)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7340463&isnumber=7340456

 

Antsaklis, P., "The Quest for Autonomy. Are We There Yet? Are CPS a Way to Build Autonomous Systems?," in American Control Conference (ACC), 2015, pp. 5080-5080, 1-3 July 2015. doi: 10.1109/ACC.2015.7172128

Abstract: Summary form only given. Achieving autonomy has been a dream for many years. The term autonomous system has had different meanings depending on who and when it was used. Attempts to build autonomous vehicles by major corporations and grand challenges by government funding agencies have captured the public's imagination. How much closer are today to this dream than we were 25 years ago? The issues surrounding autonomy together with the needed properties that make a system autonomous will be discussed and put in context. How do we go about realizing these properties in a safe, secure manner, to obtain a resilient system that keeps performing well over the lifetime of the control system? Could CPS provide an approach towards building autonomous systems? How would autonomous control architectures look like? Solutions to some problems will be proposed. Concrete approaches, that use CPS and energy like concepts such as passivity/dissipativity to preserve properties will be briefly discussed.

Keywords: control systems; CPS; autonomous control architecture; autonomous system; autonomous vehicle; autonomy; control system; cyber physical system; dissipativity; government funding agency; passivity; public imagination; Architecture; Concrete; Context; Control systems; Government; Mobile robots (ID#: 15-8592)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7172128&isnumber=7170700

 

Kemal, M.; Iov, F.; Olsen, R.; Le Fevre, T.; Apostolopoulos, C., "On-Line Configuration of Network Emulator for Intelligent Energy System Testbed Applications," in AFRICON, 2015 , vol., no., pp.1-4, 14-17 Sept. 2015

doi: 10.1109/AFRCON.2015.7331979

Abstract: Intelligent energy networks (or Smart Grids) provide efficient solutions for a grid integrated with near-real-time communication technologies between various grid assets in power generation, transmission and distribution systems. The design of a communication network associated with intelligent power system involves detailed analysis of its communication requirements, a proposal of the appropriate protocol architecture, the choice of appropriate communication technologies for each case study, and a means to support heterogeneous communication technology management system. This paper discuses a mechanism for on-line configuration and monitoring of heterogeneous communication technologies implemented at smart energy system testbed of Aal-borg university. It proposes a model with three main components, a network emulator used to emulate the communication scenarios using KauNet, graphical user interface for visualizing, configuring and monitoring of the emulated scenarios and a network socket linking the graphic server and network emulation server on-line. Specifically, our focus area is to build a model that gives us ability to look at some of the challenges on implementing inter-operable and resilient Smart Grid networks and how the current state of the art communication technologies are employed for smart control of energy distribution grids.

Keywords: graphical user interfaces; power engineering computing; smart power grids; KauNet; communication technologies; energy distribution grids; graphic server; graphical user interface; heterogeneous communication technology; intelligent energy networks; intelligent energy system testbed applications; near-real-time communication technologies; network emulation; network emulator; network socket linking; on-line configuration; power distribution systems; power generation systems; power transmission systems; smart control; smart grid networks; Emulation; Graphics; Mathematical model; Quality of service; Servers; Smart grids; Smart Control; Smart Grid; interoperability; renewable energy; wireline and wireless communications (ID#: 15-8593)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7331979&isnumber=7331857

 

Vega, Augusto; Lin, Chung-Ching; Swaminathan, Karthik; Buyuktosunoglu, Alper; Pankanti, Sharathchandra; Bose, Pradip, "Resilient, UAV-Embedded Real-Time Computing," in Computer Design (ICCD), 2015 33rd IEEE International Conference on, pp. 736-739, 18-21 Oct. 2015. doi: 10.1109/ICCD.2015.7357189

Abstract: In this paper, we propose a hierarchical computational system architecture to support the target domain of realtime mobile computing in the context of unmanned aerial vehicles (UAVs). The overall architectural vision includes support for system resilience in the presence of uncertainties in the operational environment of surveillance UAVs. We report measurement-based results that are obtained from a UAV proxy demonstration apparatus. The apparatus consists of a Raspberry Pi (RPi) board that serves as an on-board UAV computer, working with support from a laptop that serves as the on-ground computing infrastructure where an operator "consumes" video information received from the UAV. We quantify the gap between the on-board UAV camera frame rate (input) and the on-ground operator-observed frame rate (output) for a specialized class of computer vision applications germane to the UAV-based aerial surveillance domain. The goal is to keep the frame rate observed by the ground operator as close (or ideally equal) to the on-board UAV camera frame rate (i.e. to preserve the real-time aspect) despite the unstable bandwidth availability in the channel connecting both ends. The proposed hierarchical approach significantly outperforms two considered baselines: one in which computation takes place entirely on the UAV computer and another in which computation takes place entirely on the ground. This improved performance is due to a more balanced resource sharing between the on-board UAV computer and UAV-to-ground communication channel. Later, we show how the observed frame rate improves when the RPi board is replaced with an NVIDIA Jetson TK1 board. Based on the observations gleaned from these "proxy" experiments, we sketch the fundamentals of our ongoing work in model-based predictive analysis of resilient "UAV swarm" computational architectures of the future.

Keywords: Bandwidth; Cameras; Economic indicators; Portable computers; Real-time systems; Streaming media; Surveillance (ID#: 15-8594)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7357189&isnumber=7357071

 

Salato, Maurizio; Vig, Harry; Pauplis, Robert, "Flexible, Modular and Universal Power Conversion for Small Cell Stations in Distributed Systems," in PCIM Europe 2015; International Exhibition and Conference for Power Electronics, Intelligent Motion, Renewable Energy and Energy Management; Proceedings of, pp. 1-7, 19-20 May 2015.  doi:  (not provided)

Abstract: This article lays out power system architecture for Small Cell and Distributed Antenna Systems applications. The exponential increase in mobile data traffic forces the mobile telecom infrastructure to be distributed within diverse coverage areas ranging from heavily urbanized environments to rural settings. At the same time, high level of availability that is provided by classic landlines is expected from the mobile network, which in turns raise the question of how reliable and resilient is the power system that supplies energy to a large number of small, distributed base-stations. Guidelines and benefit analysis of a modular, power component based, distribution and conversion approach are introduced along with implementation results.

Keywords:  (not provided) (ID#: 15-8595)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7149029&isnumber=7148817

 

Douziech, P.-E.; Curtis, B., "Cross-Technology, Cross-Layer Defect Detection in IT Systems -- Challenges and Achievements," in Complex Faults and Failures in Large Software Systems (COUFLESS), 2015 IEEE/ACM 1st International Workshop on, pp. 21-26, 23-23 May 2015. doi: 10.1109/COUFLESS.2015.11

Abstract: Although critical for delivering resilient, secure, efficient, and easily changed IT systems, cross-technology, cross- layer quality defect detection in IT systems still faces hurdles. Two hurdles involve the absence of an absolute target architecture and the difficulty of apprehending multi-component anti-patterns. However, Static analysis and measurement technologies are now able to both consume contextual input and detect system-level anti-patterns. This paper will provide several examples of the information required to detect system-level anti-patterns using examples from the Common Weakness Enumeration repository maintained by MITRE Corp.

Keywords: program diagnostics; program testing; software architecture; software quality; IT systems; MITRE Corp; common weakness enumeration repository; cross-layer quality defect detection; cross-technology defect detection; measurement technologies; multicomponent antipatterns; static analysis; system-level antipattern detection; Computer architecture; Java; Organizations Reliability; Security; Software; Software measurement; CWE; IT systems; software anti-patterns; software architecture; software pattern detection; software quality measures; structural quality (ID#: 15-8596)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7181478&isnumber=7181467

 

Chakraborty, M.; Chaki, N., "An Ipv6 Based Hierarchical Address Configuration Scheme for Smart Grid," in Applications and Innovations in Mobile Computing (AIMoC), 2015, pp. 109-116, 12-14 Feb. 2015. doi: 10.1109/AIMOC.2015.7083838

Abstract: Smart Grid (SG) is an intelligent and adaptive energy delivery network that combines the traditional power grid and IT communication network. It aims to provide more efficient, better fault-resilient and reliable energy support. Robust communication architecture is the key that differentiates Smart Grid from the traditional energy delivery system. IP enabled devices are necessary to build such network spread over a large geographic region and connecting devices starting from common household electrical appliances up to power generation units. With the huge number of devices including the smart electrical appliances, increasingly being used in homes, IPv6 become an obvious choice for Smart Grid for its bandwidth. However, one of the main challenges of connecting IPv6 with Smart Grid will be address configuration. In this paper, a new IPv6 address configuration schema for Smart Grid has been proposed. The proposed schema is consistent with the demands of large, dynamic, hierarchical smart grid network. The schema improves accessibility and scalability in terms of configuring a huge number of devices in the smart grid, thereby, fully extracting the potential of 128-bit IPv6 addressing mode.

Keywords: IP networks; power engineering computing; smart power grids; IPv6 based hierarchical address configuration scheme; adaptive energy delivery network; hierarchical topology; intelligent energy delivery network; smart grid; IP networks; Organizations; Routing; Smart grids; Smart meters; Topology; Wireless sensor networks; IPv6 addressing; Smart Grid; address configuration; hierarchical topology (ID#: 15-8597)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7083838&isnumber=7083813

 

Kumar, S.; Das, N.; Islam, S., "High Performance Communication Redundancy in a Digital Substation Based on IEC 62439-3 with a Station Bus Configuration," in Power Engineering Conference (AUPEC), 2015 Australasian Universities, pp. 1-5, 27-30 Sept. 2015. doi: 10.1109/AUPEC.2015.7324838

Abstract: High speed communication is critical in a digital substation from protection, control and automation perspectives. Although International Electro-technical Commission (IEC) 61850 standard has proven to be a reliable guide for the substation automation and communication systems, yet it has few shortcomings in offering redundancies in the protection architecture, which has been addressed better in IEC 62439-3 standard encompassing Parallel Redundancy Protocol (PRP) and High-availability Seamless Redundancy (HSR). Due to single port failure, data losses and interoperability issues related to multi-vendor equipment, IEC working committee had to look beyond IEC 61850 standard. The enhanced features in a Doubly Attached Node components based on IEC 62439-3 provides redundancy in protection having two active frames circulating data packets in the ring. These frames send out copies in the ring and should one of the frame is lost, the other copy manages to reach the destination node via an alternate path, ensuring flawless data transfer at a significant faster speed using multi-vendor equipment and fault resilient circuits. The PRP and HSR topologies provides higher performance in a digitally protected substation and promise better future over the IEC 61850 standard due to its faster processing capabilities, increased availability and minimum delay in data packet transfer and wireless communication in the network. This paper exhibits the performance of PRP and HSR topologies focusing on the redundancy achievement within the network and at the end nodes of a station bus ring architecture, based on IEC 62439-3.

Keywords: IEC standards; redundancy; substation automation; substation protection; telecommunication networks; HSR topology; IEC 62439-3;International Electrotechnical Commission 61850 standard; PRP topology; data loss; data packet transfer; digital substation; doubly attached node components; fault resilient circuit; high performance communication redundancy; high speed communication; high-availability seamless redundancy; parallel redundancy protocol; single port failure; standard encompassing parallel redundancy protocol; station bus configuration; substation automation and communication systems; wireless communication; IEC Standards; Network topology; Peer-to-peer computing; Redundancy; Substations; Topology; Ethernet; IEC 61850; IEC 62439-3;PRP and HSR (ID#: 15-8598)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7324838&isnumber=7324780

 

Alzahrani, A.; DeMara, R.F., "Hypergraph-Cover Diversity for Maximally-Resilient Reconfigurable Systems," in High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conference on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on, pp.1086-1092, 24-26 Aug. 2015. doi: 10.1109/HPCC-CSS-ICESS.2015.294

Abstract: Scaling trends of reconfigurable hardware (RH) and their design flexibility have proliferated their use in dependability-critical embedded applications. Although their reconfigurability can enable significant fault tolerance, due to the complexity of execution time in their design flow, in-field reconfigurability can be infeasible and thus limit such potential. This need is addressed by developing a graph and set theoretic approach, named hypergraph-cover diversity (HCD), as a preemptive design technique to shift the dominant costs of resiliency to design-time. In particular, union-free hypergraphs are exploited to partition the reconfigurable resources pool into highly separable subsets of resources, each of which can be utilized by the same synthesized application netlist. The diverse implementations provide reconfiguration-based resilience throughout the system lifetime while avoiding the significant overheads associated with runtime placement and routing phases. Two novel scalable algorithms to construct union-free hypergraphs are proposed and described. Evaluation on a Motion-JPEG image compression core using a Xilinx 7-series-based FPGA hardware platform demonstrates a statistically significant increase in fault tolerance and area efficiency when using proposed work compared to commonly-used modular redundancy approaches.

Keywords: data compression; embedded systems; field programmable gate arrays; graph theory; image coding; motion estimation; reconfigurable architectures; HCD; Motion-JPEG image compression core; RH; Xilinx 7-series-based FPGA hardware platform; area efficiency; dependability-critical embedded applications; design flexibility; execution time; fault tolerance; hypergraph-cover diversity; in-field reconfigurability; maximally-resilient reconfigurable systems; preemptive design technique; reconfigurable hardware; reconfigurable resource partitioning; reconfiguration-based resilience; resiliency costs; routing phases; runtime placement; separable resource subsets; set theoretic approach; statistical analysis; synthesized application netlist; union-free hypergraphs; Circuit faults; Embedded systems; Fault tolerance; Fault tolerant systems; Field programmable gate arrays; Hardware; Runtime; Area Efficiency; Design Diversity; FPGAs; Fault Tolerance; Hypergraphs; Reconfigurable Systems; Reliability (ID#: 15-8599)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7336313&isnumber=7336120

 

Gomez, K.; Hourani, A.; Goratti, L.; Riggio, R.; Kandeepan, S.; Bucaille, I., "Capacity Evaluation of Aerial LTE Base-Stations for Public Safety Communications," in Networks and Communications (EuCNC), 2015 European Conference on, pp. 133-138, June 29 2015-July 2 2015. doi: 10.1109/EuCNC.2015.7194055

Abstract: Aerial-Terrestrial communication networks able to provide rapidly-deployable and resilient communications capable of offering broadband connectivity are emerging as a suitable solution for public safety scenarios. During natural disasters or unexpected events, terrestrial infrastructure can be seriously damaged or disrupted due to physical destruction of network components, disruption in subsystem interconnections and/or network congestion. In this context, Aerial-Terrestrial communication networks are intended to provide temporal large coverage with the provision of broadband services at the disaster area. This paper studies the performance of Aerial UMTS Long Term Evolution (LTE) base stations in terms of coverage and capacity. Network model relies on appropriate channel model, LTE 3GPP specifications and well known schedulers are used. The results show the effect of the temperature, bandwidth, and scheduling discipline on the system capacity while at the same time coverage is investigated in different public safety scenarios.

Keywords: 3G mobile communication; Long Term Evolution; aircraft communication; broadband networks; disasters; telecommunication scheduling; wireless channels; LTE 3GPP specification; aerial LTE base station capacity evaluation; aerial UMTS long term evolution base station; aerial-terrestrial communication network congestion; channel model; natural disaster; public safety communication; Bandwidth; Computer architecture; Indexes; Long Term Evolution; Phase shift keying; Safety; Signal to noise ratio; Aerial network infrastructure; Long Term Evolution (LTE); emergency communications; low altitude platforms (ID#: 15-8600)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7194055&isnumber=7194024

 

Hoefling, M.; Heimgaertner, F.; Menth, M.; Katsaros, K.V.; Romano, P.; Zanni, L.; Kamel, G., "Enabling Resilient Smart Grid Communication over the Information-Centric C-DAX Middleware," in Networked Systems (NetSys), 2015 International Conference and Workshops on, pp. 1-8, 9-12 March 2015

doi: 10.1109/NetSys.2015.7089080

Abstract: Limited scalability, reliability, and security of today’s utility communication infrastructures are main obstacles to the deployment of smart grid applications. The C-DAX project aims at providing and investigating a communication middleware for smart grids to address these problems, applying the information-centric networking and publish/subscribe paradigm. We briefly describe the C-DAX architecture, and extend it with a flexible resilience concept, based on resilient data forwarding and data redundancy. Different levels of resilience support are defined, and their underlying mechanisms are described. Experiments show fast and reliable performance of the resilience mechanism.

Keywords: middleware; power engineering computing; smart power grids; communication middleware; data redundancy; flexible resilience concept; information-centric C-DAX middleware; information-centric networking; publish/subscribe paradigm; resilient data forwarding; resilient smart grid communication; smart grids; utility communication infrastructures; Delays; Monitoring; Reliability; Resilience; Security; Subscriptions; Synchronization (ID#: 15-8601)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7089080&isnumber=7089054

 

Viguier, R.; Lin, C.-C.; Swaminathan, K.; Vega, A.; Buyuktosunoglu, A.; Pankanti, S.; Bose, P.; Akbarpour, H.; Bunyak, F.; Palaniappan, K.; Seetharaman, G., "Resilient Mobile Cognition: Algorithms, Innovations, and Architectures," in Computer Design (ICCD), 2015 33rd IEEE International Conference on, pp.728-731, 18-21 Oct. 2015. doi: 10.1109/ICCD.2015.7357187

Abstract: The importance of the internet-of-things (IOT) is now an established reality. With that backdrop, the phenomenal emergence of cameras/sensors mounted on unmanned aerial, ground and marine vehicles (UAVs, UGVs, UMVs) and body worn cameras is a notable new development. The swarms of cameras and real-time computing thereof are at the heart of new technologies like connected cars, drone-based city-wide surveillance and precision agriculture, etc. Smart computer vision algorithms (with or without dynamic learning) that enable object recognition and tracking, supported by baseline video content summarization or 2D/3D image reconstruction of the scanned environment are at the heart of such new applications. In this article, we summarize our recent innovations in this space. We focus primarily on algorithms and architectural design considerations for video summarization systems.

Keywords: Cameras; Computer architecture; Image segmentation; Metadata; Motion estimation; Streaming media; Tensile stress (ID#: 15-8602)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7357187&isnumber=7357071

 

Sommer, Matthias; Tomforde, Sven; Haehner, Joerg, "A Systematic Study on Forecasting of Traffic Flows with Artificial Neural Networks," in Architecture of Computing Systems. Proceedings, ARCS 2015 - The 28th International Conference on, vol., no., pp. 1-8, 24-27 March 2015.  Doi:  (not provded)

Abstract: Traffic flow is highly dynamic and complex to foresee, therefore it offers an interesting application domain for Organic Computing. Most traffic management systems try to adapt their traffic signalisation to the current traffic flow patterns, but for an optimal and fast adaptation, traffic flow forecasts are needed. A resilient traffic management system needs the ability to forecast traffic flows in order to pro-actively adapt the signalisation with the goal to decrease or even prevent negative impacts on the traffic network. Artificial Neural Networks have shown to be a powerful tool in forecasting traffic flows. This paper investigates a systematic study of Artificial Neural Networks and presents which variants and parameter settings are most profitable in which situations.

Keywords:  (not provided) (ID#: 15-8603)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7107101&isnumber=7107092

 

Januario, F.; Santos, A.; Palma, L.; Cardoso, A.; Gil, P., "A Distributed Multi-Agent Approach for Resilient Supervision over a IPv6 WSAN Infrastructure," in Industrial Technology (ICIT), 2015 IEEE International Conference on, pp. 1802-1807, 17-19 March 2015. doi: 10.1109/ICIT.2015.7125358

Abstract: Wireless Sensor and Actuator Networks has become an important area of research. They can provide flexibility, low operational and maintenance costs and they are inherently scalable. In the realm of Internet of Things the majority of devices is able to communicate with one another, and in some cases they can be deployed with an IP address. This feature is undoubtedly very beneficial in wireless sensor and actuator networks applications, such as monitoring and control systems. However, this kind of communication infrastructure is rather challenging as it can compromise the overall system performance due to several factors, namely outliers, intermittent communication breakdown or security issues. In order to improve the overall resilience of the system, this work proposes a distributed hierarchical multi-agent architecture implemented over a IPv6 communication infrastructure. The Contiki Operating System and RPL routing protocol were used together to provide a IPv6 based communication between nodes and an external network. Experimental results collected from a laboratory IPv6 based WSAN test-bed, show the relevance and benefits of the proposed methodology to cope with communication loss between nodes and the server.

Keywords: Internet of Things; multi-agent systems; routing protocols; wireless sensor networks; Contiki operating system; IP address;IPv6 WSAN infrastructure;IPv6 communication infrastructure; Internet of Things; RPL routing protocol; distributed hierarchical multiagent architecture; distributed multiagent approach; external network; intermittent communication; resilient supervision; wireless sensor and actuator networks; Actuators; Electric breakdown; Monitoring; Peer-to-peer computing; Routing protocols; Security (ID#: 15-8604)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7125358&isnumber=7125066

 

Heimgaertner, F.; Hoefling, M.; Vieira, B.; Poll, E.; Menth, M., "A Security Architecture for the Publish/Subscribe C-DAX Middleware," in Communication Workshop (ICCW), 2015 IEEE International Conference on, pp. 2616-2621, 8-12 June 2015. doi: 10.1109/ICCW.2015.7247573

Abstract: The limited scalability, reliability, and security of today's utility communication infrastructures are main obstacles for the deployment of smart grid applications. The C-DAX project aims at providing a cyber-secure publish/subscribe middleware tailored to the needs of smart grids. C-DAX provides end-to-end security, and scalable and resilient communication among participants in a smart grid. This work presents the C-DAX security architecture, and proposes different key distribution mechanisms. Security properties are defined for control plane and data plane communication, and their underlying mechanisms are explained. The presented work is partially implemented in the C-DAX prototype and will be deployed in a field trial.

Keywords: middleware; power engineering computing; power system security; security of data; smart power grids; software architecture; C-DAX project; control plane communication; cyber-secure publish/subscribe middleware; data plane communication; end-to-end security; key distribution mechanisms; publish/subscribe C-DAX middleware; reliability; resilient communication; scalability; scalable communication; security architecture; security properties; smart grid applications; utility communication infrastructures; Authentication; Encryption; Middleware; Public key; Smart grids (ID#: 15-8605)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7247573&isnumber=7247062

 

Spalla, E.S.; Mafioletti, D.R.; Liberato, A.B.; Rothenberg, C.; Camargos, L.; da S Villaca, R.; Martinello, M., "Resilient Strategies to SDN: An Approach Focused on Actively Replicated Controllers," in Computer Networks and Distributed Systems (SBRC), 2015 XXXIII Brazilian Symposium on, pp. 246-259, 18-22 May 2015. doi: 10.1109/SBRC.2015.37

Abstract: Software Defined Networking (SDN) are based on the separation of control and data planes. The SDN controller, although logically centralized, should be effectively distributed for high availability. Since the specification of OpenFlow 1.2, there are new features that allow the switches to communicate with multiple controllers that can play different roles -- master, slave, and equal. However, these roles alone are not sufficient to guarantee a resilient control plane and the actual implementation remains an open challenge for SDN designers. In this paper, we explore the OpenFlow roles for the design of resilient SDN architectures relying on multi-controllers. As a proof of concept, a strategy of active replication was implemented in the Ryu controller, using the OpenReplica service to ensure consistent state among the distributed controllers. The prototype was tested with commodity RouterBoards/MikroTik switches and evaluated for latency in failure recovery and switch migration for different workloads. We observe a set of trade-offs in real experiments with varyin workloads at both the data and control plane.

Keywords: distributed control; formal specification; software defined networking; OpenFlow 1.2 specification; OpenReplica service; Ryu controller; SDN architectures; SDN controller; active replication; actively replicated controllers; commodity MikroTik switch; commodity RouterBoard switch; distributed controllers; failure recovery; multicontrollers; resilient strategies; software defined networking; switch migration; Computer architecture; Computer networks; Control systems; Process control; Prototypes; Routing protocols; Software; Network; OpenFlow; Resilient; SDN (ID#: 15-8606)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7320532&isnumber=7320494

 

Xinxin Jin; Soyeon Park; Tianwei Sheng; Rishan Chen; Zhiyong Shan; Yuanyuan Zhou, "FTXen: Making Hypervisor Resilient to Hardware Faults on Relaxed Cores," in High Performance Computer Architecture (HPCA), 2015 IEEE 21st International Symposium on, pp. 451-462, 7-11 Feb. 2015. doi: 10.1109/HPCA.2015.7056054

Abstract: As CMOS technology scales, the Increasingly smaller transistor components are susceptible to a variety of in-field hardware errors. Traditional redundancy techniques to deal with the increasing error rates are expensive and energy inefficient. To address this emerging challenge, many researchers have recently proposed the idea of relaxed hardware design and exposing errors to software. For such relaxed hardware to become a reality, it is crucially important for system software, such as the virtual machine hypervisor, to be resilient to hardware faults. To address the above fundamental software challenge in enabling relaxed hardware design, we are making a major effort in restructuring an important part of system software, namely the virtual machine hypervisor, to be resilient to faulty cores. A fault in a relaxed core can only affect those virtual machines (and applications) running on that core, but the hypervisor and other virtual machines remain intact and continue providing services. We have redesigned every component of Xen, a large, popular virtual machine hypervisor, to achieve such error resiliency. This paper presents our design and implementation of the restructured Xen (we refer to it as FTXen). Our experimental evaluation on real systems shows that FTXen adds minimum application overhead, and scales well to different ratios of reliable and relaxed cores. Our results with random fault injection show that FTXen can successfully survive all injected hardware faults.

Keywords: fault tolerant computing; virtual machines; CMOS technology; FTXen; error resiliency; faulty cores; hardware faults; in-field hardware errors; random fault injection; relaxed cores; relaxed hardware design; system software; transistor components; virtual machine hypervisor; Data structures; Hardware; Reliability; System software; Virtual machine monitors; Virtual machining (ID#: 15-8607)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7056054&isnumber=7056013

 

Oboril, F.; Ebrahimi, M.; Kiamehr, S.; Tahoori, M.B., "Cross-Layer Resilient System Design Flow," in Circuits and Systems (ISCAS), 2015 IEEE International Symposium on, pp. 2457-2460, 24-27 May 2015. doi: 10.1109/ISCAS.2015.7169182

Abstract: Accelerated transistor aging is one of the major unreliability sources at nano-scale technology nodes. Aging causes the circuit delay to increase and eventually leads to timing failures. Since aging is dependent on various factors such as temperature and workload, the aging rates of different components of the circuit are non-uniform. However, timing failures start to occur once the most-aged part fails to meet the timing constraint. In this paper, we present a cross-layer aging mitigation methodology from device level up to architecture level by balancing the delays of different parts of the design at the desired lifetime rather than at design time. Our results show that the proposed approach can efficiently prolong the system lifetime with a negligible impact on area and power.

Keywords: delay circuits; failure analysis; integrated circuit design; timing circuits; accelerated transistor aging; architecture level; circuit delay; cross-layer aging mitigation methodology; cross-layer resilient system design flow; device level; nanoscale technology nodes; nonuniform circuit; timing constraint; timing failures; Aging; Delays; Logic gates; Microprocessors; Pipelines; Transistors (ID#: 15-8608)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7169182&isnumber=7168553

 

Ghazarian, A., "A Theory of Software Complexity," in General Theory of Software Engineering (GTSE), 2015 IEEE/ACM 4th SEMAT Workshop on a, pp. 29-32, 18-18 May 2015. doi: 10.1109/GTSE.2015.11

Abstract: The need for a theory of software complexity to serve as a rigorous, scientific foundation for software engineering has long been recognized. However, unfortunately, the complexity measures proposed thus far have only resulted in rough heuristics and rules of thumb. In this paper, we propose a new information theoretic measure of software complexity that, unlike previous measures, captures the volume of design information in software modules. By providing proof outlines for a number of theorems that collectively represent our current understanding and intuitions about software complexity, we demonstrate that this new, information-based formulation of software complexity is not only capable of explaining our current understanding of software complexity, but also is resilient to the factors that cause inaccuracies in previous measures.

Keywords: information theory; software architecture; software metrics; design information; information theoretic measure; scientific foundation; software complexity; software engineering; software modules; Complexity theory; Current measurement; Software measurement; Software systems; Volume measurement; Design Decisions; Information Volume; Metrics; Software Complexity; Software Design; Theory (ID#: 15-8609)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7169392&isnumber=7169380

 

Ukwandu, E.; Buchanan, W.J.; Fan, L.; Russell, G.; Lo, O., "RESCUE: Resilient Secret Sharing Cloud-Based Architecture," in Trustcom/BigDataSE/ISPA, 2015 IEEE, vol. 1, pp. 872-879, 20-22 Aug. 2015. doi: 10.1109/Trustcom.2015.459

Abstract: This paper presents an architecture (RESCUE) of a system that is capable of implementing: a keyless encryption method, self-destruction of data within a time frame without user's intervention, and break-glass data recovery, with in-built failover protection. It aims to overcome many of the current problems within Cloud-based infrastructures, such as in the loss of private keys, and inherent failover protection. The architecture uses a secret share method with: an Application Platform, Proxy Servers with Routers, and a Metadata Server. These interact within a multi-cloud environment to provide a robust, secure and dependable system, and which showcases a new direction in an improved cloud computing environment. It aims to ensure user privacy, and reduces the potential for data loss, as well as reducing denial-of-service outages within the cloud, and with failover protection for stored data. In order to assessment the best secret sharing method that could be used for the architecture, the paper outlines a range of experiments on the performance footprint of the most relevant secret sharing schemes.

Keywords: cloud computing; cryptography; RESCUE; application platform; denial-of-service outages; improved cloud computing environment; keyless encryption method; metadata server; proxy servers; resilient secret sharing cloud-based architecture; secret sharing method; Cloud computing; Computer architecture; Electronic voting; Encryption; Servers; break-glass data recovery; failover protection; multi-cloud; secret shares; self-destruct and keyless encryption (ID#: 15-8610)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7345367&isnumber=7345233

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.