Your search keyword '"Fernando M. V. Ramos"' showing total 3 results

1. The KISS principle in Software-Defined Networking: a framework for secure communications

Author

Diego Kreutz, Jiangshan Yu, Catia Magalhaes, Fernando M. V. Ramos, Paulo Esteves-Verissimo, Fonds National de la Recherche - FnR [sponsor], and Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Critical and Extreme Security and Dependability Research Group (CritiX) [research center]

Subjects

Computer Networks and Communications, Computer science, Key distribution, Cryptography, Context (language use), 02 engineering and technology, security, system architecture, Computer security, computer.software_genre, SDN, Forward secrecy, 0202 electrical engineering, electronic engineering, information engineering, perfect forward secrecy, Electrical and Electronic Engineering, software-defined networking, Secure channel, Computer science [C05] [Engineering, computing & technology], Authentication, Cryptographic primitive, business.industry, integrated device verification value (iDVV), 020206 networking & telecommunications, 020207 software engineering, cryptographic primitives, Sciences informatiques [C05] [Ingénierie, informatique & technologie], KISS (TNC), KISS principle, Systems architecture, business, Software-defined networking, Law, computer, performance

Abstract

Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the performance overhead of traditional solutions and of the complexity of their support infrastructure. To address these challenges we propose KISS, a secure SDN control plane communications architecture that includes innovative solutions in the context of key distribution and secure channel support. Core to our contribution is the integrated device verification value (iDVV), a deterministic but indistinguishablefrom-random secret code generation protocol that allows local but synchronized generation/verification of keys at both ends of the control channel, even on a per-message basis. We show that our solution, while offering the same security properties, outperforms reference alternatives, with performance improvements up to 30% over OpenSSL, and improvement in robustness based on a code footprint one order of magnitude smaller.

Published

2017

2. Chrysaor: Fine-Grained, Fault-Tolerant Cloud-of-Clouds MapReduce

Author

Fernando M. V. Ramos, Miguel Correia, and Pedro Costa

Subjects

Scheme (programming language), Correctness, Source code, business.industry, Computer science, media_common.quotation_subject, Distributed computing, Fault tolerance, Cloud computing, Context (language use), 02 engineering and technology, Parallel computing, Replication (computing), 020204 information systems, Scalability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer, media_common, computer.programming_language

Abstract

MapReduce is a framework for processing large data sets much used in the context of cloud computing. MapReduce implementations like Hadoop can tolerate crashes and file corruptions, but not arbitrary faults. Unfortunately, there is evidence that arbitrary faults do occur and can affect the correctness of MapReduce job executions. Furthermore, many outages of major cloud offerings have been reported, raising concerns about the dependence on a single cloud. In this paper we propose a novel execution system that allows to scale out MapReduce computations to a cloud-of-clouds and tolerate arbitrary faults, malicious faults, and cloud outages. Our system, Chrysaor, is based on a fine-grained replication scheme that tolerates faults at the task level. Our solution has three important properties: it tolerates the above-mentioned classes of faults at reasonable cost; it requires minimal modifications to the users’ applications; and it does not involve changes to the Hadoop source code.We performed an extensive evaluation of our system in Amazon EC2, showing that our fine-grained solution is efficient in terms of computation by recovering only faulty tasks. This is achieved without incurring a significant penalty for the baseline case (i.e., without faults) in most workloads.

Published

2017

3. (Literally) Above The Clouds: Virtualizing The Network Over Multiple Clouds

Author

Max Alaluna, Fernando M. V. Ramos, and Nuno Neves

Subjects

Computer Science - Networking and Internet Architecture, Networking and Internet Architecture (cs.NI), FOS: Computer and information sciences, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 020206 networking & telecommunications, 02 engineering and technology

Abstract

Recent SDN-based solutions give cloud providers the opportunity to extend their "as-a-service" model with the offer of complete network virtualization. They provide tenants with the freedom to specify the network topologies and addressing schemes of their choosing, while guaranteeing the required level of isolation among them. These platforms, however, have been targeting the datacenter of a single cloud provider with full control over the infrastructure. This paper extends this concept further by supporting the creation of virtual networks that span across several datacenters, which may belong to distinct cloud providers, while including private facilities owned by the tenant. In order to achieve this, we introduce a new network layer above the existing cloud hypervisors, affording the necessary level of control over the communications while hiding the heterogeneity of the clouds. The benefits of this approach are various, such as enabling finer decisions on where to place the virtual machines (e.g., to fulfill legal requirements), avoiding single points of failure, and potentially decreasing costs. Although our focus in the paper is on architecture design, we also present experimental results of a first prototype of the proposed solution.

Published

2016