Catálogo de publicaciones - libros

In Grid service, resource management is important to support capability for good quality and efficiency for the computing and storage service. In order to provide this resource management which has low complexity, high performance and high throughput with guaranteeing QoS, the well defined network resource management architecture and scheme have to be considered. Thus, we propose the integrated grid resource management architecture based on QoS-constraint policy and we derive cost-sensitivity policy enforcement procedure which can be applied to this architecture in Grid network. Finally, the results show that the proposed scheme outperforms the conventional scheme in the network performance such as a blocking rate of resource request messages and the operation cost.

For the efficient development of Operation Support Systems (OSSs), we propose a requirement definition method to help specifiers create high quality specifications easily and quickly. A feature of the method is that it uses requirement definition patterns based on common knowledge. The patterns provide solutions to problems in the definition process and help specifiers. We construct requirement definition patterns for Element / Network Management Systems, such as a pattern with effectiveness to unify sequence diagrams related to system behavior. The method also includes a mechanism to help anyone to use the patterns easily that is characterized in using roles in sequence diagrams. To verify the effectiveness of our proposal, we use two case studies to show that our method has reduced the time needed to create specifications, and has improved their quality.

Distributed fault management and event notification are essential in Inter-AS Traffic Engineering (TE). In this paper we design and implement distributed fault management for WBEM based inter-AS TE. We designed DMTF Managed Object Format (MOF) based Managed Object (MO) for fault management. Using the Event Model in standard Common Information Model (CIM) in DMTF WBEM we implemented fault indication and SNMP trap handling mechanisms in indication and SNMP providers accordingly on OpenPegasus [1]. We extended existing providers with new SNMP provider which is not supported by OpenPegasus WBEM, and SNMP manager functionalities. The detailed design and implementation of SNMP, indication, instance and other C++ based providers on OpenPegasus WBEM for inter-AS TE are explained.

Web Services and Service-Oriented Architecture (SOA) has been playing an important role as a middleware for interoperable transactions such as Business-to-Business and Enterprise Application Integration. Popular Web Services frameworks, such as Apache Axis, did not consider the Quality of Service (QoS), though these aspects are high demands in practice. In this paper, we present a framework supporting QoS built on the top of Axis. The framework is transparent with developers on both client and server side, and supports QoS including performance, accessibility, reliability, and security for SOA-based transactions. The design and implementation of our framework provide an easily integrated and flexibly extended approach to SOA-based applications. The key features and implementation methodology are described, with scenarios provided as usage examples of the framework.

IETF’s NETCONF WG has taken efforts in standardizing configuration management protocol, which allows high interoperability of configuration management. In addition to interoperability, high performance is also required in configuration management, but many researches have often discarded the performance aspect of it. In order to fill that void, this paper proposes methods to improve performance with layers of NETCONF. It demonstrates and compares the performance evaluations to verify the efficiency of the proposed methods. This evaluation can be used as a guideline to effectively implement NETCONF. Moreover, it also demonstrates the process of performance evaluation of configuration management.

Setting up an IDS architecture on ad-hoc network is hard because it is not easy to find suitable locations to setup IDS’s. One way is to divide the network into a set of clusters and put IDS on each cluster head. However traditional clustering techniques for ad-hoc network have been developed for routing purpose, and they tend to produce duplicate nodes or fragmented clusters as a result of utilizing maximum connectivity for routing. Most of recent clustering algorithm for IDS are also based on them and show similar problems. In this paper, we suggest to divide the network first into zones which are supersets of clusters and to control the clustering process globally within each zone to produce more efficient clusters in terms of connectivity and load balance. The algorithm is explained in detail and shows about 32% less load concentration in cluster heads than traditional techniques.

In any (D)DoS attack, invaders may use incorrect or spoofed IP addresses in the attacking packets and thus disguise the factual origin of the attacks. Due to the stateless nature of the internet, it is an intricate problem to determine the source of these spoofed IP packets. This is where; we need the IP traceback mechanism i.e. identifying the true source of an IP datagram in internet. While many IP traceback techniques have been proposed, but most of the previous studies focus and offer solutions for DDoS attacks done on IPv4 environment. Significant differences exist between the IPv4 and IPv6 Networks for instance, absence of option in basic IPv6 header. Thus, the mechanisms of IP Traceback for IPv4 networks may not be applied to IPv6 networks. In this paper, we extended our previous work i.e. PPM for IPv6 and removed its drawback by using Policy Based IP Traceback (PBIT) mechanism. We also discussed problems related to previously proposed IPv4 traceback schemes and practical subtleties in implementing traceback techniques for IPv6 networks.

Recently the concept of personal PKI was introduced to describe a public key infrastructure specifically designed to support the distribution of public keys in a personal area network. However, traditional public key signature schemes and certificate status management schemes used in the personal PKI concept cause formidable overheads to components in the personal area network since mobile devices constituting the personal area network have limited computational and communication capabilities. In this paper we propose an efficient authentication protocol that eliminates the traditional public key operations on mobile devices without any assistance of a signature server. Moreover, the proposed protocol provides a simplified procedure for certificate status management to alleviate communication and computational costs on mobile devices in the personal area network.

Conditional Access System (CAS) performs entitlement management to make only legitimate subscribers watch pay-services. Generally, CAS uses passive entitlement management to fulfill that entitlement control, and various schemes are existed for that. Among them, Tu introduced two schemes in [1], which are the simple scheme and complete scheme of four levels hierarchy. The advantage of the simple scheme of four levels hierarchy is a small key generation and encryption load for a CAS, but it is not good for the dynamic entitlement management. On the other hand, the complete scheme of four levels hierarchy is good for the dynamic entitlement management, but key generation and encryption load for CAS is considerable when it is compared to the simple scheme. In this circumstance, we proposed a novel scheme, which is an active entitlement key management. The proposed scheme not only performs the dynamic entitlement management very efficiently, but also generates and encrypts keys with a small load for CAS, which is just the same as the load of the simple scheme.

Recently, most of information systems such as customer management systems have been worked via networks. Encoding characters in databases or files is essential to prevent from leaking or stealing important information such as customer information. These systems, however, need the highest security level as well as higher performance. We propose a new method to improve performance without sacrificing security level. The key idea is encrypting only important information and using double common-key encryption with two types of keys, i.e. static keys and dynamic keys in order to shorten encrypting time and to secure systems. Our experiments revealed that high performance was realized at the same security level as a traditional way.