Search

Your search keyword '"Gaspary, Luciano Paschoal"' showing total 252 results
Start Over Author "Gaspary, Luciano Paschoal"

Refine your results

more »

more »

more »

more »
252 results on '"Gaspary, Luciano Paschoal"'

101. ChangeLedge: Change design and planning in networked systems based on reuse of knowledge and automation

Author

da Costa Cordeiro, Weverton Luis, primary, Machado, Guilherme Sperb, additional, Andreis, Fabrício Girardi, additional, dos Santos, Alan Diego, additional, Both, Cristiano Bonato, additional, Gaspary, Luciano Paschoal, additional, Granville, Lisandro Zambenedetti, additional, Bartolini, Claudio, additional, and Trastour, David, additional

Published
2009
Full Text
View/download PDF

104. CHANGEMINER: A solution for discovering IT change templates from past execution traces

Author

Cordeiro, Weverton Luis da Costa, primary, Machado, Guilherme Sperb, additional, Andreis, Fabricio Girardi, additional, Wickboldt, Juliano Araujo, additional, Lunardi, Roben Castagna, additional, dos Santos, Alan Diego, additional, Both, Cristiano Bonato, additional, Gaspary, Luciano Paschoal, additional, Granville, Lisandro Zambenedetti, additional, Trastour, David, additional, and Bartolini, Claudio, additional

Published
2009
Full Text
View/download PDF

106. A solution to support risk analysis on IT Change Management

Author

Wickboldt, Juliano Araujo, primary, Machado, Guilherme Sperb, additional, da Costa Cordeiro, Weverton Luis, additional, Lunardi, Roben Castagna, additional, dos Santos, Alan Diego, additional, Andreis, Fabricio Girardi, additional, Both, Cristiano Bonato, additional, Granville, Lisandro Zambenedetti, additional, Gaspary, Luciano Paschoal, additional, Bartolini, Claudio, additional, and Trastour, David, additional

Published
2009
Full Text
View/download PDF

107. Refined failure remediation for IT change management systems

Author

Machado, Guilherme Sperb, primary, Cordeiro, Weverton Luis da Costa, additional, dos Santos, Alan Diego, additional, Wickboldt, Juliano, additional, Lunardi, Roben Castagna, additional, Andreis, Fabricio Girardi, additional, Both, Cristiano Bonato, additional, Gaspary, Luciano Paschoal, additional, Granville, Lisandro Zambenedetti, additional, Trastour, David, additional, and Bartolini, Claudio, additional

Published
2009
Full Text
View/download PDF

110. A template-based solution to support knowledge reuse in IT change design

Author

Cordeiro, Weverton Luis da Costa, primary, Machado, Guilherme Sperb, additional, Daitx, Fabio Fabian, additional, Both, Cristiano Bonato, additional, Gaspary, Luciano Paschoal, additional, Granville, Lisandro Zambenedetti, additional, Sahai, Akhil, additional, Bartolini, Claudio, additional, Trastour, David, additional, and Saikoski, Katia, additional

Published
2008
Full Text
View/download PDF

112. Enabling rollback support in IT change management systems

Author

Machado, Guilherme Sperb, primary, Daitx, Fabio Fabian, additional, Cordeiro, Weverton Luis da Costa, additional, Both, Cristiano Bonato, additional, Gaspary, Luciano Paschoal, additional, Granville, Lisandro Zambenedetti, additional, Bartolini, Claudio, additional, Sahai, Akhil, additional, Trastour, David, additional, and Saikoski, Katia, additional

Published
2008
Full Text
View/download PDF

119. Security-aware optimal resource allocation for virtual network embedding.

Author

Bays, Leonardo Richter, Oliveira, Rodrigo Ruas, Buriol, Luciana Salete, Barcellos, Marinho Pilla, and Gaspary, Luciano Paschoal

Abstract

Network virtualization enables the creation of multiple instances of virtual networks on top of a single physical infrastructure. Given its wide applicability, this technique has attracted a lot of interest both from academic researchers and major companies within the segment of computer networks. Although recent efforts (motivated mainly by the search for mechanisms to evaluate Future Internet proposals) have contributed substantially to materialize this concept, none of them has attempted to combine efficient resource allocation with fulfillment of security requirements (e.g., confidentiality). It is important to note that, in the context of virtual networks, the protection of shared network infrastructures constitutes a fundamental condition to enable its use in large scale. To address this problem, in this paper we propose a virtual network embedding model that satisfies security requirements and, at the same time, optimizes physical resource usage. The results obtained demonstrate that the model is able to correctly and optimally map virtual networks to a physical substrate, minimizing bandwidth costs for infrastructure providers. [ABSTRACT FROM PUBLISHER]

Published
2012

120. Planning in the large: Efficient generation of IT change plans on large infrastructures.

Author

Hagen, Sebastian, Cordeiro, Weverton Luis da Costa, Gaspary, Luciano Paschoal, Granville, Lisandro Zambenedetti, Seibold, Michael, and Kemper, Alfons

Abstract

Change Management, a core process of the Information Technology Infrastructure Library (ITIL), is concerned with the management of changes to networks and services to minimize costly disruptions on the business. As part of Change Management, IT changes need to be planned. Previous approaches to automatically generate IT change plans struggle, in terms of scalability, to properly deal with large Configuration Management Databases (CMDBs). To enable IT change planning in the large, in this paper we discuss and analyze optimizations for refinement-based IT change planning over object-oriented CMDBs. Our optimizations reduce the runtime complexity of several key operations part of refinement-based IT change planning algorithms. A sensitivity analysis shows that our optimizations outperform SHOP2 - the winner of a previous comparison among IT change planners - in terms of runtime complexity for several important characteristics of IT changes and CMDBs. A cloud deployment case study of a Three-tier application and a virtual network configuration case study demonstrate the feasibility of our approach and confirm the results from the sensitivity analysis: IT change planning has evolved from planning in the small to planning in the large. [ABSTRACT FROM PUBLISHER]

Published
2012

121. Characterizing dissemination of illegal copies of content through monitoring of BitTorrent networks.

Author

Schmidt, Adler Hoff, Antunes, Rodolfo Stoffel, Barcellos, Marinho Pilla, and Gaspary, Luciano Paschoal

Abstract

BitTorrent networks are nowadays the most employed method of Peer-to-Peer (P2P) file sharing in the Internet. Recent monitoring reports reveal that content copies being shared are mostly illegal and movies are the most popular media type. Research efforts carried out to understand the dynamics of content production and sharing in BT networks have been unable to provide precise information regarding the dissemination of illegal copies. In this paper we perform an extensive experimental study in order to characterize the behavior of producers, publishers and providers of copyright-infringing files. The study is based on four months of traces obtained by monitoring swarms sharing movies via one of the most popular BT public communities. Traces were obtained with an extension of a BitTorrent “universe” observation architecture, which allowed the collection of a database with information about more than 40,000 torrents, 900 trackers and 1.3 million IPs. Our analysis not only shows that a small group of active users is responsible for the majority of disseminated illegal copies, as well as unravels existing relationships among these actors. [ABSTRACT FROM PUBLISHER]

Published
2012
Full Text
View/download PDF

125. A WSDM-Based Architecture for Global Usage Characterization of Grid Computing Infrastructures.

Author

State, Radu, Meer, Sven, O'Sullivan, Declan, Pfeifer, Tom, Ludwig, Glauco Antonio, Gaspary, Luciano Paschoal, Cavalheiro, Gerson Geraldo Homrich, and Cirne, Walfredo

Abstract

Current solutions to characterize grid computing usage are limited in three important aspects. First, they do not provide a global, uniform view of the use of infrastructures comprised of heterogeneous grid middleware. Second, they do not allow the specification of policies to publicize the collected information. Third, they do not generate statistics about the applications that are executed on the grid. To fill this gap, we propose an architecture based on the Web Services Distributed Management standard and on access control policies to characterize global usage of grid computing infrastructures, even when such grids are formed by heterogeneous middleware packages. We introduce this architecture and present preliminary results obtained with a prototype. [ABSTRACT FROM AUTHOR]

Published
2006
Full Text
View/download PDF

126. DÓRIS — Pedagogical Agent in Intelligent Tutoring Systems.

Author

Goos, Gerhard, Hartmanis, Juris, van Leeuwen, Jan, Cerri, Stefano A., Gouardères, Guy, Paraguaçu, Fàbio, dos Santos, Cássia Trojahn, Frozza, Rejane, Dhamer, Alessandra, and Gaspary, Luciano Paschoal

Abstract

Intelligent Tutoring Systems are characterised for incorporating Artificial Intelligence techniques into their design and development, acting as assistants in the teaching-learning process. Currently, Intelligent Agents concepts have been applied to these systems as a way to improve them. DÓRIS is a pedagogical follow-up agent for Intelligent Tutoring Systems developed to perform tasks such as the following: follow students' interaction with the intelligent tutor system, collect the information required for the modelling of students' profile used to customise the environment assist and guide students during the construction of their learning. This paper reports the characteristics and functionality of this agent. [ABSTRACT FROM AUTHOR]

Published
2002
Full Text
View/download PDF

128. Design of Distributed Multimedia Applications (DAMD).

Author

Goos, Gerhard, Hartmanis, Juris, van Leeuwen, Jan, Hutter, Dieter, Stephan, Werner, Traverso, Paolo, Ullmann, Markus, de Souza, Wanderley Lopes, Sampaio, Paulo Nazareno Maia, Almeida, Maria Janilce B., Gaspary, Luciano Paschoal, Granville, Lisandro Zambenedetti, Farines, Jean-Marie, Scheffel, Roberto Milton, Willrich, Roberto, de Camargo, Murilo S., and Domingos, Marcelo

Abstract

Design of Distributed Multimedia Applications (DAMD) is a multi-institutional co-operative project aiming the development of a methodology, based on the Formal Description Technique (FDT) Enhancements to Language of Temporal Ordering Specification (E-LOTOS) and supported by a set of appropriate tools, for the specification, validation, implementation, and testing of distributed multimedia applications. This paper presents the main results of this project. [ABSTRACT FROM AUTHOR]

Published
1999
Full Text
View/download PDF

129. A conservative strategy to protect P2P file sharing systems from pollution attacks.

Author

Barcellos, Marinho Pilla, Gaspary, Luciano Paschoal, da Costa Cordeiro, Weverton Luis, and Antunes, Rodolfo Stoffel

Subjects
PEER-to-peer architecture (Computer networks), PEER-to-peer file sharing, COMPUTER security, INFORMATION services, SELECTIVE dissemination of information, INTERNET, PROBLEM solving, SIMULATION methods & models
Abstract

Despite being currently one of the main Internet applications, P2P file sharing has been hampered by content pollution attacks. To tackle this problem, we introduce a novel pollution control strategy that consists in adjusting the rate in which content is disseminated, according to content version reputation. The proposed strategy is modeled and evaluated using simplifying assumptions. Then, inspired by classic distributed designs, we propose a pollution control mechanism that implements such a strategy. The mechanism is evaluated in terms of the delays imposed on non-polluted version dissemination, the effectiveness of reducing dissemination when the version is polluted, and the negative impact that collusion attacks can impose on the reputation system upon which our mechanism is built. Simulation results looking at scenarios with several hundred peers indicate that the pollution control mechanism can effectively reduce pollution without substantially affecting the dissemination of non-polluted content. Copyright © 2010 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published
2011
Full Text
View/download PDF

130. MUSE — An interactive networked multimedia applications specification environment with E-LOTOS translator.

Author

Goos, Gerhard, Hartmanis, Juris, Leeuwen, Jan, Pernici, Barbara, Thanos, Costantino, Gaspary, Luciano Paschoal, and Almeida, Maria Janilce B.

Abstract

This work presents MUSE, a graphical environment for modeling interactive networked multimedia applications. Through an advanced graphic interface and a new highlevel authoring model, it is possible to create complex systems in a fast and intuitive way. The authoring model proposed in this work and adopted by the environment deals with media objects distributed in a computer network, allowing the definition of acceptable presentation delay thresholds and alternative media objects. Due to the large expressiveness of the model, however, specifications with logical and temporal inconsistencies may be generated. For this reason, the tool also provides E-LOTOS specifications, which may be used to analyze and verify the temporal requirements defined by the author. [ABSTRACT FROM AUTHOR]

Published
1998
Full Text
View/download PDF

131. A SNMP-Based Platform for Distributed Stateful Intrusion Detection in Enterprise Networks.

Author

Gaspary, Luciano Paschoal, Sanchez, Ricardo Nabinger, Antunes, Diego Wentz, and Meneghetti, Edgar

Subjects
COMPUTER networks, COMPUTER network security, MANAGEMENT information systems, COMPUTER network protocols, DATA transmission systems
Abstract

In recent years, intrusion detection systems (IDSs) use has increased into detect security breaches in both systems and networks. However, widespread IDS usage has been hindered by several challenges, including: 1) time-consuming configuration and analysis; 2) integration difficulties with existing network management infrastructure; and 3) the inability to add new attack signatures in a well-understood, yet expressive high-level notation. This paper presents the ID-Trace Management Platform, an extension of the simple network management protocol infrastructure based on the Internet Engineering Task Force (IETF) script management information base (Script MIB) to support distributed stateful intrusion detection in enterprise networks. It provides mechanisms allowing a management station to delegate security-related tasks to mid-level managers (MLMs) that, in turn, interact with monitoring and action agents to execute these tasks. Protocol trace specification language specifications are used by the MLMs to program monitoring agents that sniff packets on the network comparing their signatures to those of known attack signatures. With the information gathered from the monitoring process, the MLMs may execute procedures via the action agents (Java, Tcl, or Perl scripts), enabling the automation of several security tasks (including reactive and proactive tasks). The platform also provides notification mechanisms (traps) so that MLMs can report the occurrence of major events to the management station. [ABSTRACT FROM AUTHOR]

Published
2005
Full Text
View/download PDF

132. A2A: An Architecture for Autonomic Management Coordination

Author

Konstantinou, Alexander V., Yemini, Yechiam, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bartolini, Claudio, editor, and Gaspary, Luciano Paschoal, editor

Published
2009
Full Text
View/download PDF

133. Improving IT Change Management Processes with Automated Risk Assessment

Author

Araujo Wickboldt, Juliano, Armando Bianchin, Luís, Castagna Lunardi, Roben, Girardi Andreis, Fabrício, da Costa Cordeiro, Weverton Luis, Bonato Both, Cristiano, Zambenedetti Granville, Lisandro, Paschoal Gaspary, Luciano, Trastour, David, Bartolini, Claudio, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bartolini, Claudio, editor, and Gaspary, Luciano Paschoal, editor

Published
2009
Full Text
View/download PDF

134. Hidden Markov Model Modeling of SSH Brute-Force Attacks

Author

Sperotto, Anna, Sadre, Ramin, de Boer, Pieter-Tjerk, Pras, Aiko, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bartolini, Claudio, editor, and Gaspary, Luciano Paschoal, editor

Published
2009
Full Text
View/download PDF

135. Network Virtualization in Future Home Environments

Author

Berl, Andreas, Weidlich, Roman, Schrank, Michael, Hlavacs, Helmut, de Meer, Hermann, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bartolini, Claudio, editor, and Gaspary, Luciano Paschoal, editor

Published
2009
Full Text
View/download PDF

136. Towards Robust IT Service Portfolio Management

Author

Trastour, David, Christodoulou, Athena, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bartolini, Claudio, editor, and Gaspary, Luciano Paschoal, editor

Published
2009
Full Text
View/download PDF

137. ChangeAdvisor: A Solution to Support Alignment of IT Change Design with Business Objectives/Constraints

Author

Castagna Lunardi, Roben, da Costa Cordeiro, Weverton Luis, Girardi Andreis, Fabrício, Araujo Wickboldt, Juliano, Bonato Both, Cristiano, Paschoal Gaspary, Luciano, Zambenedetti Granville, Lisandro, Trastour, David, Bartolini, Claudio, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bartolini, Claudio, editor, and Gaspary, Luciano Paschoal, editor

Published
2009
Full Text
View/download PDF

138. Consistency of States of Management Data in P2P-Based Autonomic Network Management

Author

Campos Nobre, Jéferson, Zambenedetti Granville, Lisandro, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bartolini, Claudio, editor, and Gaspary, Luciano Paschoal, editor

Published
2009
Full Text
View/download PDF

139. Workload Management in Dynamic IT Service Delivery Organizations

Author

Diao, Yixin, Heching, Aliza, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bartolini, Claudio, editor, and Gaspary, Luciano Paschoal, editor

Published
2009
Full Text
View/download PDF

140. Self-optimizing Hybrid Routing in Publish/Subscribe Systems

Author

Schröter, Arnd, Graff, Daniel, Mühl, Gero, Richling, Jan, Parzyjegla, Helge, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bartolini, Claudio, editor, and Gaspary, Luciano Paschoal, editor

Published
2009
Full Text
View/download PDF

141. A Performance-Based Methodology to Improve Grid Exploitation

Author

Clematis, A., Corana, A., D’Agostino, D., Galizia, A., Quarati, A., Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bartolini, Claudio, editor, and Gaspary, Luciano Paschoal, editor

Published
2009
Full Text
View/download PDF

142. Monitoring Multiple Concurrent Service Level Parameters with Multidimensional Trees

Author

Kiefer, Andreas, Duarte, Elias P., Jr., Murta, Cristina D., Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bartolini, Claudio, editor, and Gaspary, Luciano Paschoal, editor

Published
2009
Full Text
View/download PDF

143. One Is Not Enough: A Hybrid Approach for IT Change Planning

Author

Hagen, Sebastian, Edwards, Nigel, Wilcock, Lawrence, Kirschnick, Johannes, Rolia, Jerry, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bartolini, Claudio, editor, and Gaspary, Luciano Paschoal, editor

Published
2009
Full Text
View/download PDF

144. Design of a Stream-Based IP Flow Record Query Language

Author

Marinov, Vladislav, Schönwälder, Jürgen, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bartolini, Claudio, editor, and Gaspary, Luciano Paschoal, editor

Published
2009
Full Text
View/download PDF

145. Design and Implementation of a Distributed Platform for Sharing IP Flow Records

Author

Morariu, Cristian, Racz, Peter, Stiller, Burkhard, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bartolini, Claudio, editor, and Gaspary, Luciano Paschoal, editor

Published
2009
Full Text
View/download PDF

146. Rumo a uma solução geral para detecção de ataques cibernéticos baseada em planos de dados programáveis

Author

Ilha, Alexandre da Silveira and Gaspary, Luciano Paschoal

Subjects
Mitigação, Detection, Ataques cibernéticos, Mitigation, Programmable data planes, Entropy analysis, DDoS attacks, Zeek, P4, Intrusão [Detecção], Redes : Computadores [Seguranca], Network Intrusion Detection Systems, Advanced persistent threats
Abstract

Distributed Denial-of-Service (DDoS) e Advanced Persistent Threats (APTs) são categorias de ataques cibernéticos cada vez mais proeminentes e graves, que causam danos e perdas relevantes a organizações conectadas à Internet. Os ataques DDoS podem comprometer a disponibilidade de links e serviços altamente resilientes. APTs furtivos potencialmente levam a ativos de informação comprometidos e a riscos à incolumidade pública. As defesas existentes exigem interação frequente entre os planos de encaminhamento e controle, dificultando a obtenção de um equilíbrio satisfatório entre precisão, uso de recursos e atraso na resposta da defesa. Além disso, a proteção contra APTs depende de Sistemas de Detecção de Intrusão de Rede (NIDS), cujos recursos de inspeção de tráfego enfrentam problemas de escalabilidade relacionados à necessidade de copiar dados (de pacotes) de dispositivos de encaminhamento para a memória principal de computadores de uso geral. Recentemente, Planos de Dados Programáveis (PDPs) de alto desempenho permitiram o desenvolvimento de uma nova geração de mecanismos para analisar e gerenciar tráfego em taxa de linha. Nesta dissertação, investiga-se o potencial dos PDPs como base para soluções de segurança cibernética. Este trabalho tem duas iterações. Na primeira iteração, propõe-se o EUCLID, um novo mecanismo de detecção e mitigação de ataques DDoS em tempo real que pode ser executado inteiramente em um dispositivo de encaminhamento P4. A avaliação experimental mostra que a solução tem potencial para atender a requisitos de desempenho cada vez mais rigorosos em redes de alto volume. Na segunda iteração, busca se uma abordagem geral para detecção de ataques cibernéticos usando PDPs. Apresenta-se o RNA, uma estrutura inovadora para descarregar operações relacionadas ao NIDS de CPUs de uso geral para PDPs de alto desempenho. O RNA usa os mecanismos de um switch programável para analisar o tráfego, resumir informações sobre ele e enviar esses resumos para um componente baseado em host, que, por sua vez, traduz esses resumos em eventos que o NIDS pode manipular. Usando o switch P4 BMv2 e o Zeek Network Security Monitor como plataformas, construímos uma implementação de prova de conceito da estrutura proposta. Através de uma série de exemplos e estudos de caso, demonstra-se a viabilidade deste projeto e sua integração com o Zeek. Mostra-se que: (i) é possível automatizar a configuração da sessão de monitoramento, (ii) é possível descarregar a inspeção leve de pacotes para o PDP, (iii) o RNA pode encaminhar alarmes EUCLID para o Zeek e (iv) pode-se filtrar o tráfego para Zeek no PDP. Também conclui-se a partir desses exemplos e estudos que é possível adicionar gradualmente ao plano de dados o suporte a mais protocolos e adaptar a estrutura para identificar eventos de rede de nível superior. À medida que os recursos do RNA crescem, reduz-se a necessidade de o Zeek fazer sozinho toda a análise de pacotes com uso intensivo de CPU. Distributed Denial-of-Service (DDoS) and Advanced Persistent Threat (APT) are increas ingly prominent and severe cyberattack categories that cause relevant damages and losses to Internet-connected organizations. DDoS attacks can compromise the availability of otherwise highly-resilient links and services. Stealthy APTs potentially lead to compro mised information assets and public safety hazards. Existing defenses require frequent interaction between forwarding and control planes, making it difficult to reach a satisfac tory trade-off between accuracy, resource usage, and defense response delay. Moreover, protection against APTs relies on Network Intrusion Detection Systems (NIDS), whose traffic inspection capabilities face scalability concerns related to the need to copy packet data from forwarding devices to the main memory of general-purpose computers. Recently, high-performance Programmable Data Planes (PDPs) enabled the development of a new generation of mechanisms to analyze and manage traffic at line rate. In this thesis, we investigate the potential of PDPs as a foundation for cybersecurity solutions. Our work has two iterations. In the first iteration, we propose EUCLID, a novel real-time DDoS attack detection and mitigation mechanism that can be executed entirely in a P4 forwarding device. Our experimental evaluation shows that our P4-based design has the potential to meet increasingly strict performance requirements in high-volume networks. In the second iteration, we pursue a general approach for cyberattack detection using PDPs. We introduce RNA, an innovative framework to offload NIDS-related operations from general-purpose CPUs to high-performance PDPs. RNA uses the mechanisms of a programmable switch to analyze traffic, summarize information about it, and send these summaries to a host-based component, which, in turn, translates these summaries into events the NIDS can handle. Using the BMv2 P4 switch and the Zeek Network Security Monitor as platforms, we built a proof-of-concept implementation of our framework. Through a series of examples and case studies, we demonstrated the feasibility of our design and its integration with Zeek. We showed that: (i) we can automate monitoring session setup, (ii) it is possible to offload lightweight packet inspection to the PDP, (iii) RNA can forward EUCLID alarms to Zeek, and (iv) we can filter traffic for Zeek in the PDP. We also concluded from these examples and studies that we can gradually add data plane support for more protocols and adapt our framework to identify higher-level network events. As RNA capabilities grow, we reduce the need for Zeek to do all the CPU-intensive packet analysis by itself.

Published
2022

147. Explorando planos de dados programáveis para detecção e mitigação de ataques DDoS baseadas em pushback de tráfego

Author

González, Libardo Andrey Quintero, Gaspary, Luciano Paschoal, and Schaeffer Filho, Alberto Egon

Subjects
Mitigação, SDN, Push back, Ataques cibernéticos, Programmable Data Plane, Entropy, Planos de dados programáveis, P4, Aprendizado de máquina, DDoS Attack
Abstract

Infraestrutura de rede e servidores são alvos de diversos tipos de ataques diariamente. Um dos tipos mais comuns e devastadores são os ataques distribuídos de negação de serviço (DDoS - Distributed Denial of Service), que visam esgotar recursos e impactar diretamente na disponi bilidade dos serviços. Embora o problema tenha sido investigado há pelo menos duas décadas, as propostas falham em detectar e mitigar rapidamente os ataques DDoS em andamento, ao mesmo tempo em que são precisos e empurram os ataques o mais longe possível da vítima (economizando recursos de rede). O surgimento de planos de dados programáveis permite novas soluções de segurança com potencial para resolver essas deficiências. Como primeiro esforço de pesquisa, nesta dissertação, apresentamos o BUNGEE, um mecanismo de pushback colaborativo em rede para mitigação de ataques DDoS que é executado inteiramente no plano de dados. Esse mecanismo é capaz de, localmente em um determinado switch, identificar en dereços IP suspeitos (através do uso de análise contínua de entropia IP) e propagá-los para outros switches. Os diferentes switches que estão cientes dos suspeitos impõem uma estra tégia de pushback para repelir ataques potenciais. Como evolução do BUNGEE, propomos o BUNGEE-ML, uma abordagem inovadora e híbrida que combina o rápido processamento do plano de dados e a alta capacidade e inteligência do plano de controle para mitigação de DDoS. O BUNGEE-ML monitora continuamente o tráfego no plano de dados para detectar anomalias na rede e fornece modelos de aprendizado de máquina (executando no plano de controle) com entradas para realizar uma análise de tráfego aprofundada. Nós nos referimos a isso como coo peração vertical. Além disso, nossa abordagem empurra progressivamente o tráfego malicioso para mais longe da vítima por meio da coordenação de mitigação horizontal entre os disposi tivos de encaminhamento. Nossa avaliação de um protótipo construído em P4 demonstra que o BUNGEE-ML é altamente preciso na identificação e mitigação de fontes de ataque devido à cooperação vertical e tem um baixo consumo de recursos. Além disso, nossa estratégia de pushback economiza largura de banda da rede, mitigando o tráfego não legítimo mais próximo de suas fontes. Network infrastructure and servers are targets of different types of attacks daily. One of the most common and devastating types is Distributed Denial of Service (DDoS) attacks, which aim at exhausting resources and directly impacting the availability of services. Although the problem has been investigated for at least two decades, proposals fall short in quickly detecting and mitigating ongoing DDoS attacks while being accurate and pushing the attacks as far as possible from the victim (saving network resources). The emergence of programmable data planes enables novel security solutions with the potential to solve these shortcomings. As a first research effort, in this dissertation, we present BUNGEE, an in-network, collaborative pushback mechanism for DDoS attack mitigation that runs entirely in the data plane. This mechanism is able to, locally at a given switch, identify suspect IP addresses (through the use of continuous IP entropy analysis) and propagate them to other switches. The different switches that are made aware of the suspects enforce a pushback strategy for repelling potential attacks. As an evolu tion of BUNGEE, we propose BUNGEE-ML, an innovative, hybrid approach that combines the fast processing of the data plane and the high capacity and the intelligence of the control plane for DDoS mitigation. BUNGEE-ML continuously monitors traffic at the data plane to detect network anomalies and supplies machine learning models (running in the control plane) with inputs to perform in-depth traffic analysis. We refer to this as vertical cooperation. Addition ally, our approach progressively pushes malicious traffic farther away from the victim through horizontal mitigation coordination between forwarding devices. Our evaluation of a P4-built prototype demonstrates that BUNGEE-ML is highly accurate in identifying and mitigating at tack sources due to the vertical cooperation and has a low resource footprint. Furthermore, our pushback strategy saves network bandwidth by mitigating non-legitimate traffic closer to its sources.

Published
2022

148. Avançando o monitoramento e operação de redes com telemetry In-band e programabilidade do plano de dados

Author

Marques, Jonatas Adilson and Gaspary, Luciano Paschoal

Subjects
Monitoramento de rede, Data Plane Programmability, In-band Network Telemetry, Rede definida por software, P4, Comunicacao : Dados [Rede], Network Monitoring, Software-Defined Networking
Abstract

As redes de comunicação modernas operam sob altas expectativas de desempenho e resiliência (por exemplo, latência, largura de banda, disponibilidade), isto principalmente devido à contínua proliferação de aplicações não elásticas altamente distribuídas. Nesse contexto, monitorar de perto o estado, o comportamento e o desempenho dos dispositivos de rede e seus tráfegos, bem como solucionar rapidamente os problemas à medida que estes surgem, são essenciais para a operação das infraestruturas de rede. Infelizmente, as ferramentas e técnicas existentes são limitados no nível de detalhes oferecido, na rapidez de suas reações e na capacidade de manter a sobrecarga de monitoramento baixa o sufi ciente para não afetar a operação da rede. A Programabilidade do Plano de Dados (do inglês Data Plane Programmability – DPP) juntamente com a Telemetria de Redes no modo In-band (In-band Network Telemetry – INT), respaldadas pelos recentes avanços em Software-Defined Networking, surgem neste contexto como plataformas promissoras para atender a essas demandas de monitoramento. A INT permite alcançar níveis de pre cisão e granularidade de monitoramento sem precedentes, mas pode levar à degradação do desempenho significante se aplicada indiscriminadamente a todos os pacotes e fluxos em uma rede. Uma alternativa para evitar esse problema é orquestrar tarefas de teleme tria e usar apenas uma parte do tráfego para monitorar a rede via INT. O problema geral consiste, então, em atribuir subconjuntos de tráfego para realizar INT e fornecer cober tura total de monitoramento, minimizando o overhead. Para atingir este objetivo, como primeiro passo nesta tese, apresentamos e formalizamos o problema In-band Network Te lemetry Orchestration (INTO), provamos que ele é NP-Completo e propomos heurísticas polinomiais em tempo de computação para resolvê-lo. Em nossa avaliação usando topo logias de redes de larga escala reais, observamos que as heurísticas produzem soluções próximas ao ótimo para qualquer rede em menos de um segundo. Observamos também que as redes podem ser cobertas atribuindo um número linear de fluxos em relação ao número de interfaces dos dispositivos e, por fim, que é possível minimizar a carga de tele metria para uma interface por fluxo para a maioria das redes. Continuando nosso trabalho, investigamos ainda mais os recursos disponíveis na DPP e projetamos o INTSIGHT, um sistema para detecção e diagnóstico altamente precisos de violações de SLO. A principal contribuição do INTSIGHT é, com base na telemetria in-band, introduzir o cálculo de mé tricas de rede ao longo do caminho dos pacotes e a exportação seletiva de informações para o plano de controle. Mostramos a eficácia do INTSIGHT por meio de dois casos de uso. Nossa avaliação usando redes reais também mostra que INTSIGHT gera até duas ordens de magnitude menos tráfego de monitoramento do que abordagens do estado da arte. Além disso, seus requisitos de processamento e memória são baixos e, portanto, compatíveis com as plataformas programáveis existentes. Como etapa final desta tese, mudamos nosso foco para a reação rápida e propomos o FELIX, um sistema para recupe ração de falhas que redireciona o tráfego afetado em escalas de tempo de plano de dados enquanto ainda usa os caminhos mais curtos dentre os disponíveis. Nossa avaliação mos tra que nossa abordagem pode se recuperar de falhas até quatro ordens de magnitude mais rapidamente do que as abordagens SDN existentes. Modern communication networks operate under high expectations on performance and resilience (e.g., latency, bandwidth, availability) mainly due to the continuous prolifera tion of non-elastic highly-distributed applications. In this context, closely monitoring the state, behavior, and performance of networking devices and their traffic as well as quickly troubleshooting problems as they arise is essential for the operation of network infras tructures. Unfortunately, existing tools and techniques fall short at providing the required level of detail, enabling quick reactions, and keeping monitoring overhead from affecting the network operation. Data Plane Programmability (DPP) along with In-band Network Telemetry (INT), backed by the recent advances in Software-Defined Networking, emerge in this context as promising platforms to meet these monitoring demands. INT enables unprecedented monitoring accuracy and precision, but may lead to performance degrada tion if applied indiscriminately to all packet flows in a network. One alternative to avoid this issue is to orchestrate telemetry tasks and use only a portion of traffic to monitor the network via INT. The general problem consists, then, in assigning subsets of traffic to carry out INT and provide full monitoring coverage while minimizing the overhead. To achieve this goal, as a first step in this thesis, we introduce and formalize the In-band Network Telemetry Orchestration (INTO) problem, prove that it is NP-Complete, and propose polynomial computing time heuristics to solve it. In our evaluation using real wide-area network topologies, we observe that the heuristics produce solutions close to optimal to any network in under one second We also observe that networks can be cov ered assigning a linear number of flows in relation to the number of device interfaces and, finally, that it is possible to minimize telemetry load to one interface per flow for most networks. Continuing our work, we investigate DPP capabilities further and design INTSIGHT, a system for highly accurate and fine-grained detection and diagnosis of SLO violations. The main contribution of INTSIGHT is, building upon in-band telemetry, in troducing path-wise computation of network metrics and selective generation of reports. We show the effectiveness of INTSIGHT by way of two use cases. Our evaluation using real networks also shows that INTSIGHT generates up to two orders of magnitude less monitoring traffic than state-of-the-art approaches. Furthermore, its processing and mem ory requirements are low and therefore compatible with currently existing programmable platforms. As a final step in this thesis, we shift our focus to quick reaction and propose FELIX, a system for failure recovery that reroutes around failures at data-plane timescales while still using the shortest available paths. Our evaluation shows that our approach can recover from failures up to four orders of magnitude faster than existing SDN approaches while making sensible use of data-plane resources. Finally, with the design of FELIX, we introduce the Strategy-Tactic paradigm to enable data-plane timescale reactions with control-plane decisions based on a global understanding of the network to general net work operation tasks. We argue the generality of this paradigm by discussing the main challenges involved in modeling a promising use case.

Published
2022

149. Um middleware Peer-to-Peer descentralizado para a computação de workflows

Author

Siqueira, Thiago Senador de, Madeira, Edmundo Roberto Mauro, 1958, Gaspary, Luciano Paschoal, Anido, Ricardo de Oliveira, Universidade Estadual de Campinas. Instituto de Computação, Programa de Pós-Graduação em Ciência da Computação, and UNIVERSIDADE ESTADUAL DE CAMPINAS

Subjects
Middleware, Peer-to-peer architecture (Computer networks), Sistemas distribuídos, Distributed computation, Arquitetura peer-to-peer (Redes de computadores), Distributed systems, Computação distribuída
Abstract

Orientador: Edmundo Roberto Mauro Madeira Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação Resumo: A computação sobre P2P tem surgido como uma solução alternativa e complementaràs grades computacionais. O uso da tecnologia P2P é capaz de prover a flexibilização e descentralização dos processos de execução e gerenciamento de workflows nas grades computacionais. Neste trabalho é apresentado um middleware P2P completamente descentralizado para a computação de workflows. O middleware coleta o poder de processamento compartilhado pelos peers para possibilitar a execução de workflows, modelados como DAGs, compostos por um conjunto de tarefas dependentes. Através do processo distribuído de escalonamento de tarefas e do mecanismo de tolerância a faltas baseado em leasing, o middleware atinge um nível alto de paralelismo na execução e eficiência na recuperação de execuções em ocorrência de faltas. O middleware é implementado em Java, juntamente com RMI e a biblioteca JXTA. Os resultados experimentais obtidos mostram a eficiência do middleware na execução distribuída dos workflows assim como a recuperação rápida de execução em cenários com faltas Abstract: P2P Computing has been raised as an alternative and complementary solution to Grid Computing. The use of P2P technology is able to provide a flexible and decentralized execution and management of Grid workflows. In this work we present a completely decentralized P2P middleware for workflow computing. The middleware collects the shared processing power of the peers in order to execute workflows, modeled as DAG structures, composed of a set of dependent tasks. Through a distributed scheduling algorithm and a leasing-based fault tolerance mechanism, the middleware achieves high execution parallelism and efficient execution recovery in failure occurrences. The middleware is implemented in Java, through RMI and the JXTA library. The obtained experimental results show the efficiency of the middleware in the distributed execution of workflows as well as the fast execution recovery Mestrado Ciência da Computação Mestre em Ciência da Computação

Published
2021

150. Mapeamento de redes virtuais em substratos de rede

Author

Alkmim, Gustavo Prado, 1986, Fonseca, Nelson Luis Saldanha da, 1961, Madeira, Edmundo Roberto Mauro, Gaspary, Luciano Paschoal, Universidade Estadual de Campinas. Instituto de Computação, Programa de Pós-Graduação em Ciência da Computação, and UNIVERSIDADE ESTADUAL DE CAMPINAS

Subjects
Internet, Redes de computadores, Linear programming, Network virtualization, Programação linear, Virtualização de redes, Computer networks
Abstract

Orientador: Nelson Luis Saldanha da Fonseca Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação Resumo: A virtualização de redes é uma tecnologia promissora para ser utilizada como base na Internet do futuro, pois permite a introdução de novas funcionalidades nos elementos da rede a baixo custo. Uma das questões em virtualização de redes é como realizar o mapeamento eficiente de redes virtuais em substratos de redes, que é um problema de mapeamento é NP-Difícil. As soluções existentes na literatura ignoram várias características essenciais para ambientes reais a fim de que o problema possa ser resolvido em um intervalo de tempo razoável. Na presente dissertação, propõem-se oito algoritmos baseados em programação linear inteira 0-1 para resolver o problema de mapeamento que consideram diversas características realistas que não são incluídas em outras modelagens existentes. Seis dos algoritmos minimizam a largura de banda alocada e dois dos algoritmos minimizam o consumo de energia no substrato. Os algoritmos aproximativos propostos são capazes de determinar o mapeamento de redes virtuais em substratos de grande porte em poucos segundos e de encontrar soluções com qualidade, o que possibilita a adoção dos mesmos em mecanismos de controle de admissão em tempo real Abstract: Network virtualization is a promising technology to be employed in the future Internet, since it allows the introduction of new functionalities in network elements at low cost. One of the open questions in network virtualization is how to perform an efficient mapping of virtual networks in the substrate, which is NP-Hard problem. Existing solutions in the literature ignore several characteristics of real-world environments in order to solve the problem in a reasonable time frame. This paper introduces eight algorithms to solve the mapping problem that are based on 0-1 integer linear programming. One of the main contribution is the consideration of realistic assumptions to the problem that are not considered by others in the literature. Six algorithms minimize the allocated bandwidth and the two others minimize the power consumption in the substrate. The proposed approximative algorithms can map virtual networks in large substrates in few seconds and they find accurate solutions, which make them adequate to be employed in real-time admission control Mestrado Ciência da Computação Mestre em Ciência da Computação

Published
2021

Catalog

Books, media, physical & digital resources
See catalog results