Pub Date : 2020-04-24DOI: 10.1504/ijguc.2020.10028886
A. Ksentini, Maha Jebalia, S. Tabbane
In the Internet of Things (IoT) paradigm, data is gathered for treatment from locals, machines, vehicles, etc. Cloud computing is providing suitable hardware and software for data processing. Thus, the integration of IoT with cloud capabilities offers several benefits for many applications. However, challenges persist for some use-cases like delay-sensitive services due to the huge amount of information collected by IoT devices and to be processed by cloud servers. Fog computing is expected to overcome several limits and challenges in cloud computing concerning the Quality of Service (QoS) requirements like latency, bandwidth and location awareness. Nevertheless, researchers still have to deal with several issues namely the architectural level and the energetic aspect. In this paper, we investigate fog system architectures and energy consumption in literature, while considering QoS requirements in the synthesis. A system model is then introduced with a potential solution for QoS management for fog computing environment.
{"title":"A study on fog computing architectures and energy consumption approaches regarding QoS requirements","authors":"A. Ksentini, Maha Jebalia, S. Tabbane","doi":"10.1504/ijguc.2020.10028886","DOIUrl":"https://doi.org/10.1504/ijguc.2020.10028886","url":null,"abstract":"In the Internet of Things (IoT) paradigm, data is gathered for treatment from locals, machines, vehicles, etc. Cloud computing is providing suitable hardware and software for data processing. Thus, the integration of IoT with cloud capabilities offers several benefits for many applications. However, challenges persist for some use-cases like delay-sensitive services due to the huge amount of information collected by IoT devices and to be processed by cloud servers. Fog computing is expected to overcome several limits and challenges in cloud computing concerning the Quality of Service (QoS) requirements like latency, bandwidth and location awareness. Nevertheless, researchers still have to deal with several issues namely the architectural level and the energetic aspect. In this paper, we investigate fog system architectures and energy consumption in literature, while considering QoS requirements in the synthesis. A system model is then introduced with a potential solution for QoS management for fog computing environment.","PeriodicalId":375871,"journal":{"name":"Int. J. Grid Util. Comput.","volume":"119 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125753659","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-04-24DOI: 10.1504/ijguc.2020.10028895
M. Monteiro, R. Villaça, K. Simonassi, R. Tavares, C. Reginato
Software Defined Infrastructure (SDI) has become a relevant topic for computing and communication industry. Despite this huge technological movement, Network and Systems Management has been disregarded as one of the main themes in this ecosystem, and Software Defined Infrastructure has been managed by semi-software-defined management solutions. In order to reduce this gap, this paper presents SDMan, a Software Defined Management framework. The SDMan's proof of concept uses the OpenStack cloud platform and aims to demonstrate the feasibility of the proposed solution.
{"title":"Implementing the software defined management framework","authors":"M. Monteiro, R. Villaça, K. Simonassi, R. Tavares, C. Reginato","doi":"10.1504/ijguc.2020.10028895","DOIUrl":"https://doi.org/10.1504/ijguc.2020.10028895","url":null,"abstract":"Software Defined Infrastructure (SDI) has become a relevant topic for computing and communication industry. Despite this huge technological movement, Network and Systems Management has been disregarded as one of the main themes in this ecosystem, and Software Defined Infrastructure has been managed by semi-software-defined management solutions. In order to reduce this gap, this paper presents SDMan, a Software Defined Management framework. The SDMan's proof of concept uses the OpenStack cloud platform and aims to demonstrate the feasibility of the proposed solution.","PeriodicalId":375871,"journal":{"name":"Int. J. Grid Util. Comput.","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126775219","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-04-24DOI: 10.1504/ijguc.2020.10028887
D. Nedbal, Mark Stieninger
The emergence of cloud computing has been triggering fundamental changes in the information technology landscape for years. The proliferation of cloud services gave rise to novel types of business models, the complexity of which results from numerous different factors critical to a successful adoption. However, when it comes to improvement activities by cloud service providers, due to their multifacetedness, the challenge lies in figuring out where to start. Furthermore, the acuteness of actions to be taken varies among different settings. Thus, we propose the success factor analysis as an approach to prioritise improvement activities according to their acuteness, which is thereby indicated by the gap between the priority and the actual performance of a particular factor. Results show that the factors with the overall highest gap are security & safety, trust, and costs. Overall, the strengths of cloud services are seen in technical features leading to a good ease of use, a positively perceived usefulness, and a broad availability.
{"title":"Success factor analysis for cloud services: a comparative study on software as a service","authors":"D. Nedbal, Mark Stieninger","doi":"10.1504/ijguc.2020.10028887","DOIUrl":"https://doi.org/10.1504/ijguc.2020.10028887","url":null,"abstract":"The emergence of cloud computing has been triggering fundamental changes in the information technology landscape for years. The proliferation of cloud services gave rise to novel types of business models, the complexity of which results from numerous different factors critical to a successful adoption. However, when it comes to improvement activities by cloud service providers, due to their multifacetedness, the challenge lies in figuring out where to start. Furthermore, the acuteness of actions to be taken varies among different settings. Thus, we propose the success factor analysis as an approach to prioritise improvement activities according to their acuteness, which is thereby indicated by the gap between the priority and the actual performance of a particular factor. Results show that the factors with the overall highest gap are security & safety, trust, and costs. Overall, the strengths of cloud services are seen in technical features leading to a good ease of use, a positively perceived usefulness, and a broad availability.","PeriodicalId":375871,"journal":{"name":"Int. J. Grid Util. Comput.","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124521193","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-02-03DOI: 10.1504/ijguc.2020.10026551
Caio Yuri da Silva Costa, E. Alchieri
The dependability and security properties of a system could be impaired by a failure or by an opponent that exploits its vulnerabilities. State Machine Replication (SMR) is a technique widely used to implement fault-tolerant systems, mitigating these risks. Unfortunately, the proposed SMR solutions do not implement diversity and all replicas execute the same software. Consequently, the same attack or software bug could compromise the whole system. This work proposes an architecture to allow diversity in the implementation of dependable and secure services using the SMR approach. The goal is not to implement different versions of a SMR library, but to use an underlying SMR library and provide means to implement and execute service replicas (the application code) in different programming languages. The main problems addressed are twofold: communication among different languages; and data representation. The proposed architecture was integrated in BFT-SMaRt and a set of experiments showed its practical feasibility.
{"title":"Architecture for diversity in the implementation of dependable and secure services using the state machine replication approach","authors":"Caio Yuri da Silva Costa, E. Alchieri","doi":"10.1504/ijguc.2020.10026551","DOIUrl":"https://doi.org/10.1504/ijguc.2020.10026551","url":null,"abstract":"The dependability and security properties of a system could be impaired by a failure or by an opponent that exploits its vulnerabilities. State Machine Replication (SMR) is a technique widely used to implement fault-tolerant systems, mitigating these risks. Unfortunately, the proposed SMR solutions do not implement diversity and all replicas execute the same software. Consequently, the same attack or software bug could compromise the whole system. This work proposes an architecture to allow diversity in the implementation of dependable and secure services using the SMR approach. The goal is not to implement different versions of a SMR library, but to use an underlying SMR library and provide means to implement and execute service replicas (the application code) in different programming languages. The main problems addressed are twofold: communication among different languages; and data representation. The proposed architecture was integrated in BFT-SMaRt and a set of experiments showed its practical feasibility.","PeriodicalId":375871,"journal":{"name":"Int. J. Grid Util. Comput.","volume":"133 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121356594","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-02-03DOI: 10.1504/ijguc.2020.10026553
Vinicius Fulber Garcia, G. Souza, E. P. Duarte, Thales Nicolai Tavares, L. D. C. Marcuzzo, C. R. P. D. Santos, M. Franco, Lucas Bondan, L. Granville, A. E. S. Filho, F. Turck
Network Functions Virtualisation (NFV) presents several advantages over traditional network architectures, such as flexibility, security, and reduced CAPEX/OPEX. In traditional middleboxes, network functions are usually executed on specialised hardware (e.g., firewall, DPI). Virtual Network Functions (VNFs) on the other hand, are executed on commodity hardware, employing Software Defined Networking (SDN) technologies (e.g., OpenFlow, P4). Although platforms for prototyping NFV environments have emerged in recent years, they still present limitations that hinder the evaluation of NFV scenarios such as fog computing and heterogeneous networks. In this work, we present NIEP: a platform for designing and testing NFV-based infrastructures and VNFs. NIEP consists of a network emulator and a platform for Click-based VNFs development. NIEP provides a complete NFV emulation environment, allowing network operators to test their solutions in a controlled scenario prior to deployment in production networks.
{"title":"On the design and development of emulation platforms for NFV-based infrastructures","authors":"Vinicius Fulber Garcia, G. Souza, E. P. Duarte, Thales Nicolai Tavares, L. D. C. Marcuzzo, C. R. P. D. Santos, M. Franco, Lucas Bondan, L. Granville, A. E. S. Filho, F. Turck","doi":"10.1504/ijguc.2020.10026553","DOIUrl":"https://doi.org/10.1504/ijguc.2020.10026553","url":null,"abstract":"Network Functions Virtualisation (NFV) presents several advantages over traditional network architectures, such as flexibility, security, and reduced CAPEX/OPEX. In traditional middleboxes, network functions are usually executed on specialised hardware (e.g., firewall, DPI). Virtual Network Functions (VNFs) on the other hand, are executed on commodity hardware, employing Software Defined Networking (SDN) technologies (e.g., OpenFlow, P4). Although platforms for prototyping NFV environments have emerged in recent years, they still present limitations that hinder the evaluation of NFV scenarios such as fog computing and heterogeneous networks. In this work, we present NIEP: a platform for designing and testing NFV-based infrastructures and VNFs. NIEP consists of a network emulator and a platform for Click-based VNFs development. NIEP provides a complete NFV emulation environment, allowing network operators to test their solutions in a controlled scenario prior to deployment in production networks.","PeriodicalId":375871,"journal":{"name":"Int. J. Grid Util. Comput.","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116243679","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-02-03DOI: 10.1504/ijguc.2020.10024769
Ihtisham Ali, S. Bagchi
The data-intensive applications employ complex workflow graph models in dynamic networks having heterogeneity and mobility of nodes, which result in enhanced end-to-end delay in executions. The current workflow models lack structural stability for visualising a complex workflow graph. This paper proposes a hybrid AND/OR mobile workflow graph (MWG) model to visualise a fully conditioned complex workflow graph containing mobile nodes. This paper proposes nodes validity detection (NVD) algorithm for classifying the total number of nodes in the AND/OR MWG. Furthermore, nodes criticality detection (NCD) algorithm is also proposed to identify the set of critical nodes in the AND/OR MWG aiming to enable efficient analysing, mapping and scheduling of complex workflow graphs in a dynamic network environment. The algorithms are implemented and evaluated on Java platform and, the regression analysis is performed to project the algorithmic performances. A detailed comparative analysis with other works is presented in this paper.
{"title":"Algorithmic node classification in AND/OR mobile workflow graph","authors":"Ihtisham Ali, S. Bagchi","doi":"10.1504/ijguc.2020.10024769","DOIUrl":"https://doi.org/10.1504/ijguc.2020.10024769","url":null,"abstract":"The data-intensive applications employ complex workflow graph models in dynamic networks having heterogeneity and mobility of nodes, which result in enhanced end-to-end delay in executions. The current workflow models lack structural stability for visualising a complex workflow graph. This paper proposes a hybrid AND/OR mobile workflow graph (MWG) model to visualise a fully conditioned complex workflow graph containing mobile nodes. This paper proposes nodes validity detection (NVD) algorithm for classifying the total number of nodes in the AND/OR MWG. Furthermore, nodes criticality detection (NCD) algorithm is also proposed to identify the set of critical nodes in the AND/OR MWG aiming to enable efficient analysing, mapping and scheduling of complex workflow graphs in a dynamic network environment. The algorithms are implemented and evaluated on Java platform and, the regression analysis is performed to project the algorithmic performances. A detailed comparative analysis with other works is presented in this paper.","PeriodicalId":375871,"journal":{"name":"Int. J. Grid Util. Comput.","volume":"93 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126205430","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-02-03DOI: 10.1504/ijguc.2020.10026556
V. Casola, Alessandra De Benedictis, M. Rak, Umberto Villano
Security assessment is a very time- and money-consuming activity. It needs specialised security skills and, furthermore, it is not fully integrated into the software development life-cycle. One of the best solutions for the security testing of an application relies on the use of penetration testing techniques. Unfortunately, penetration testing is a typically human-driven procedure that requires a deep knowledge of the possible attacks to carry out and of the hacking tools that can be used to launch the tests. In this paper, we present a methodology that enables the automation of penetration testing techniques based on both application-level models, used to represent the application architecture and its security properties in terms of applicable threats, vulnerabilities and weaknesses, and on system-level models, adopted to automatically generate and execute the penetration testing activities. The proposed methodology can be easily integrated into a continuous integration development process and aid software developers in evaluating security.
{"title":"A methodology for automated penetration testing of cloud applications","authors":"V. Casola, Alessandra De Benedictis, M. Rak, Umberto Villano","doi":"10.1504/ijguc.2020.10026556","DOIUrl":"https://doi.org/10.1504/ijguc.2020.10026556","url":null,"abstract":"Security assessment is a very time- and money-consuming activity. It needs specialised security skills and, furthermore, it is not fully integrated into the software development life-cycle. One of the best solutions for the security testing of an application relies on the use of penetration testing techniques. Unfortunately, penetration testing is a typically human-driven procedure that requires a deep knowledge of the possible attacks to carry out and of the hacking tools that can be used to launch the tests. In this paper, we present a methodology that enables the automation of penetration testing techniques based on both application-level models, used to represent the application architecture and its security properties in terms of applicable threats, vulnerabilities and weaknesses, and on system-level models, adopted to automatically generate and execute the penetration testing activities. The proposed methodology can be easily integrated into a continuous integration development process and aid software developers in evaluating security.","PeriodicalId":375871,"journal":{"name":"Int. J. Grid Util. Comput.","volume":"108 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124771905","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-02-03DOI: 10.1504/ijguc.2020.10026547
A. Alkhamisi, S. Buhari, Georgios Tsaramirsis, Mohammed Basheri
A Mobile Ad hoc Network (MANET) can work well only when the mobile nodes behave cooperatively in packet routing. To reduce the hazards from malicious nodes and enhance the security of the network, this paper extends an Ad hoc On-Demand Multipath Distance Vector (AOMDV) routing protocol, named as an Integrated Incentive and Trust-based optimal path identification in AOMDV (IIT-AOMDV) for MANET. The proposed IIT-AOMDV routing protocol integrates an Intrusion Detection System (IDS) with the Bayesian Network (BN) based trust and payment model. The IDS utilises the empirical first-and second-hand trust information of BN, and it underpins the cuckoo search algorithm to map the QoS and trust value into a single fitness metric, tuned according to the presence of malicious nodes. The simulation results show that the IIT-AOMDV improves the detection accuracy and throughput by 20% and 16.6%, respectively, more than that of existing AOMDV integrated with the IDS (AID).
{"title":"An integrated incentive and trust-based optimal path identification in ad hoc on-demand multipath distance vector routing for MANET","authors":"A. Alkhamisi, S. Buhari, Georgios Tsaramirsis, Mohammed Basheri","doi":"10.1504/ijguc.2020.10026547","DOIUrl":"https://doi.org/10.1504/ijguc.2020.10026547","url":null,"abstract":"A Mobile Ad hoc Network (MANET) can work well only when the mobile nodes behave cooperatively in packet routing. To reduce the hazards from malicious nodes and enhance the security of the network, this paper extends an Ad hoc On-Demand Multipath Distance Vector (AOMDV) routing protocol, named as an Integrated Incentive and Trust-based optimal path identification in AOMDV (IIT-AOMDV) for MANET. The proposed IIT-AOMDV routing protocol integrates an Intrusion Detection System (IDS) with the Bayesian Network (BN) based trust and payment model. The IDS utilises the empirical first-and second-hand trust information of BN, and it underpins the cuckoo search algorithm to map the QoS and trust value into a single fitness metric, tuned according to the presence of malicious nodes. The simulation results show that the IIT-AOMDV improves the detection accuracy and throughput by 20% and 16.6%, respectively, more than that of existing AOMDV integrated with the IDS (AID).","PeriodicalId":375871,"journal":{"name":"Int. J. Grid Util. Comput.","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133816276","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-02-03DOI: 10.1504/ijguc.2020.10026552
K. Sugihara, Naohiro Hayashibara
Levy walk has attracted attention for its search efficiency. Homesick Levy walk is a family of random walks whose encounter probability of one another is similar to the one of human behaviour. However, its homing behaviour limits the search area of each agent. In this paper, we propose a variant of Homesick Levy walk called Nomadic Levy walk and analyse the behaviour of the algorithm regarding the cover ratio on unit disk graphs. We also show the comparison of Nomadic Levy walk and Homesick Levy walk regarding the target search problem. Our simulation results indicate that the proposed algorithm is significantly efficient for sparse target detection on unit disk graphs compared to Homesick Levy walk, and it also improves the cover ratio. Moreover, we analyse the impact of the movement of the sink (home position) on the efficiency of the target exploration.
Levy walk因其搜索效率而备受关注。想家的利维漫步是一个随机漫步的家族,它们彼此相遇的概率与人类的行为相似。然而,它的归巢行为限制了每个agent的搜索区域。在本文中,我们提出了一种叫做游牧式列维行走的思乡式列维行走的变体,并分析了该算法在单位磁盘图上的覆盖率方面的行为。在目标搜索问题上,我们还比较了Nomadic Levy walk和Homesick Levy walk。仿真结果表明,与Homesick Levy walk相比,该算法在单位磁盘图上的稀疏目标检测效率显著提高,并且提高了覆盖率。此外,还分析了储层的移动对靶区勘探效率的影响。
{"title":"Target exploration by Nomadic Lévy walk on unit disk graphs","authors":"K. Sugihara, Naohiro Hayashibara","doi":"10.1504/ijguc.2020.10026552","DOIUrl":"https://doi.org/10.1504/ijguc.2020.10026552","url":null,"abstract":"Levy walk has attracted attention for its search efficiency. Homesick Levy walk is a family of random walks whose encounter probability of one another is similar to the one of human behaviour. However, its homing behaviour limits the search area of each agent. In this paper, we propose a variant of Homesick Levy walk called Nomadic Levy walk and analyse the behaviour of the algorithm regarding the cover ratio on unit disk graphs. We also show the comparison of Nomadic Levy walk and Homesick Levy walk regarding the target search problem. Our simulation results indicate that the proposed algorithm is significantly efficient for sparse target detection on unit disk graphs compared to Homesick Levy walk, and it also improves the cover ratio. Moreover, we analyse the impact of the movement of the sink (home position) on the efficiency of the target exploration.","PeriodicalId":375871,"journal":{"name":"Int. J. Grid Util. Comput.","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122159187","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-02-03DOI: 10.1504/ijguc.2020.10026554
Marco de Benedictis, A. Lioy, Paolo Smiraglia
Cloud computing has deeply affected the structure of modern ICT infrastructures. It represents an enabling technology for novel paradigms such as Network Function Virtualisation (NFV), which proposes the virtualisation of network functions to enhance the flexibility of networks and to reduce the costs of infrastructure management. Besides potential benefits, NFV inherits the limitations of traditional virtualisation where the isolation of resources comes at the cost of a performance overhead. Lightweight forms of virtualisation, like containers, aim to mitigate this limitation. Furthermore, they allow the agile composition of complex services. These characteristics make containers a suitable technology for NFV environment. A major concern towards the exploitation of containers is security. Since containers provide less isolation than virtual machines, they can expose the whole host to vulnerabilities. In this work, we investigate container-related threats and propose a secure design for a Virtual Network Function deployed in a lightweight NFV environment.
{"title":"Towards a secure and lightweight network function virtualisation environment","authors":"Marco de Benedictis, A. Lioy, Paolo Smiraglia","doi":"10.1504/ijguc.2020.10026554","DOIUrl":"https://doi.org/10.1504/ijguc.2020.10026554","url":null,"abstract":"Cloud computing has deeply affected the structure of modern ICT infrastructures. It represents an enabling technology for novel paradigms such as Network Function Virtualisation (NFV), which proposes the virtualisation of network functions to enhance the flexibility of networks and to reduce the costs of infrastructure management. Besides potential benefits, NFV inherits the limitations of traditional virtualisation where the isolation of resources comes at the cost of a performance overhead. Lightweight forms of virtualisation, like containers, aim to mitigate this limitation. Furthermore, they allow the agile composition of complex services. These characteristics make containers a suitable technology for NFV environment. A major concern towards the exploitation of containers is security. Since containers provide less isolation than virtual machines, they can expose the whole host to vulnerabilities. In this work, we investigate container-related threats and propose a secure design for a Virtual Network Function deployed in a lightweight NFV environment.","PeriodicalId":375871,"journal":{"name":"Int. J. Grid Util. Comput.","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-02-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130755698","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: