Catálogo de publicaciones - revistas

<jats:p>Computer network protocols define the rules in which two entities communicate over a network of unique hosts. Many protocol specifications are unknown, unavailable, or minimally documented, which prevents thorough analysis of the protocol for security purposes. For example, modern botnets often use undocumented and unique application-layer communication protocols to maintain command and control over numerous distributed hosts. Inferring the specification of closed protocols has numerous advantages, such as intelligent deep packet inspection, enhanced intrusion detection system algorithms for communications, and integration with legacy software packages. The multitude of closed protocols coupled with existing time-intensive reverse engineering methodologies has spawned investigation into automated approaches for reverse engineering of closed protocols. This article summarizes and organizes previously presented automatic protocol reverse engineering tools by approach. Approaches that focus on reverse engineering the finite state machine of a target protocol are separated from those that focus on reverse engineering the protocol format.</jats:p>

<jats:p>Cloud computing make it possible to flexibly procure, scale, and release computational resources on demand in response to workload changes. Stakeholders in business and academia are increasingly exploring cloud deployment options for their critical applications. One open problem is that service level agreements (SLAs) in the cloud ecosystem are yet to mature to a state where critical applications can be reliably deployed in clouds. This article systematically surveys the landscape of SLA-based cloud research to understand the state of the art and identify open problems. The survey is particularly aimed at the resource allocation phase of the SLA life cycle while highlighting implications on other phases. Results indicate that (i) minimal number of SLA parameters are accounted for in most studies; (ii) heuristics, policies, and optimisation are the most commonly used techniques for resource allocation; and (iii) the monitor-analysis-plan-execute (MAPE) architecture style is predominant in autonomic cloud systems. The results contribute to the fundamentals of engineering cloud SLA and their autonomic management, motivating further research and industrial-oriented solutions.</jats:p>

<jats:p>Various reputation systems have been proposed for a broad range of distributed applications, such as peer-to-peer, ad-hoc, and multiagent systems. Their evaluation has been mostly based on proprietary methods due to the lack of widely acceptable evaluation measures and methodologies. Differentiating factors in various evaluation approaches include the evaluation metrics, the consideration of the dynamic behavior of peers, the use of social networks, or the study of resilience to specific threat scenarios. The lack of a generally accepted common evaluation framework hinders the objective evaluation and comparison of different reputation systems. Aiming at narrowing the gap in the research area of objective evaluation of reputation systems, in this article, we study the various approaches to evaluating and comparing reputation systems, present them in a taxonomy, and analyze their strengths and limitations, with special focus on works suggesting a Common Evaluation Framework (CEF). We identify the challenges for a widely accepted CEF that enables testing and benchmarking of reputation systems, and we present the required properties for such a CEF; we also present an analysis of current CEF-related works in the context of the identified properties and our related proposals.</jats:p>

<jats:p>Human activity recognition in ambient intelligent environments like homes, offices, and classrooms has been the center of a lot of research for many years now. The aim is to recognize the sequence of actions by a specific person using sensor readings. Most of the research has been devoted to activity recognition of single occupants in the environment. However, living environments are usually inhabited by more than one person and possibly with pets. Hence, human activity recognition in the context of multioccupancy is more general, but also more challenging. The difficulty comes from mainly two aspects: resident identification, known as data association, and diversity of human activities. The present survey article provides an overview of existing approaches and current practices for activity recognition in multioccupant smart homes. It presents the latest developments and highlights the open issues in this field.</jats:p>

<jats:p>Several Peer-to-Peer (P2P) protocols and applications have been developed to allow file distribution/sharing, video and music streaming, and data and information dissemination. These P2P systems are regularly used by a large number of users, both in desktop and mobile environments, and they generate a remarkable portion of the overall Internet traffic. However, many common P2P protocols and applications were designed neglecting the energy problem. In fact, they often require always-on devices in order to work properly, thus producing significant energy waste. The problem is even more relevant in the mobile context, since the battery lifetime of mobile devices is limited. Therefore, energy efficiency in P2P systems is a highly debated topic in the literature. New P2P approaches—more energy efficient than traditional client/server solutions—have been proposed. In addition, several improvements to existing P2P protocols have been introduced to reduce their energy consumption. In this article, we present a general taxonomy to classify state-of-the-art approaches to the energy problem in P2P systems and applications. Then, we survey the main solutions available in the literature, focusing on three relevant classes of P2P systems and applications:<jats:italic>file sharing/distribution</jats:italic>,<jats:italic>content streaming,</jats:italic>and<jats:italic>epidemics</jats:italic>. Furthermore, we outline open issues and provide future research guidelines for each class of P2P systems.</jats:p>

<jats:p>This article examines in great detail the most relevant security and privacy issues affecting the protocols used by contactless chips integrated in ePassports, and presents all relevant literature together with some new attacks and insights that could help in improving future standards and the next generations of ePassports.</jats:p>

<jats:p>Virtualization technology enables Cloud providers to efficiently use their computing services and resources. Even if the benefits in terms of performance, maintenance, and cost are evident, however, virtualization has also been exploited by attackers to devise new ways to compromise a system. To address these problems, research security solutions have evolved considerably over the years to cope with new attacks and threat models. In this work, we review the protection strategies proposed in the literature and show how some of the solutions have been invalidated by new attacks, or threat models, that were previously not considered. The goal is to show the evolution of the threats, and of the related security and trust assumptions, in virtualized systems that have given rise to complex threat models and the corresponding sophistication of protection strategies to deal with such attacks. We also categorize threat models, security and trust assumptions, and attacks against a virtualized system at the different layers—in particular, hardware, virtualization, OS, and application.</jats:p>

<jats:p>To meet the needs of a diverse range of workloads, asymmetric multicore processors (AMPs) have been proposed, which feature cores of different microarchitecture or ISAs. However, given the diversity inherent in their design and application scenarios, several challenges need to be addressed to effectively architect AMPs and leverage their potential in optimizing both sequential and parallel performance. Several recent techniques address these challenges. In this article, we present a survey of architectural and system-level techniques proposed for designing and managing AMPs. By classifying the techniques on several key characteristics, we underscore their similarities and differences. We clarify the terminology used in this research field and identify challenges that are worthy of future investigation. We hope that more than just synthesizing the existing work on AMPs, the contribution of this survey will be to spark novel ideas for architecting future AMPs that can make a definite impact on the landscape of next-generation computing systems.</jats:p>

<jats:p> <jats:italic>Social engineering</jats:italic> is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Commonly observed examples include obfuscated URLs, phishing emails, drive-by downloads, spoofed websites and scareware to name a few. This article presents a taxonomy of semantic attacks, as well as a survey of applicable defences. By contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix, we identify the areas where further research can be particularly beneficial. </jats:p>

<jats:p>Over the last decades, modeling of user mobility has become increasingly important in mobile networking research and development. This has led to the adoption of modeling techniques from other disciplines such as kinetic theory or urban planning. Yet these techniques generate movement behavior that is often perceived as not “realistic” for humans or provides only a macroscopic view on mobility. More recent approaches infer mobility models from real traces provided by positioning technologies or by the marks the mobile users leave in the wireless network. However, there is no common framework for assessing and comparing mobility models.</jats:p> <jats:p>In an attempt to provide a solid foundation for realistic mobility modeling in mobile networking research, we take an engineering approach and thoroughly discuss the required steps of model creation and validation. In this context, we survey how and to what extent existing mobility modeling approaches implement the proposed steps. This also summarizes helpful information for readers who do not want to develop a new model, but rather intend to choose among existing ones.</jats:p>