Change search
Refine search result
1 - 23 of 23
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Abdelraheem, Mohammed Ahmed
    et al.
    RISE, Swedish ICT, SICS, Security Lab.
    Gehrmann, Christian
    RISE, Swedish ICT, SICS, Security Lab.
    Lindström, Malin
    Blekinge Institute of Technology, Sweden.
    Nordahl, Christian
    Blekinge Institute of Technology, Sweden.
    Executing Boolean Queries on an Encrypted Bitmap Index2016In: CCSW 2016: Proceedings of the 2016 ACM on Cloud Computing Security Workshop, 2016, p. 11-22Conference paper (Refereed)
    Abstract [en]

    We propose a simple and efficient searchable symmetric encryption scheme based on a Bitmap index that evaluates Boolean queries. Our scheme provides a practical solution in settings where communications and computations are very constrained as it offers a suitable trade-off between privacy and performance.

  • 2.
    Aragon, Santiago
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS. Technische Universität Darmstadt, Germany.
    Tiloca, Marco
    RISE - Research Institutes of Sweden, ICT, SICS.
    Maass, Max
    Technische Universität Darmstadt, Germany.
    Hollick, Matthias
    Technische Universität Darmstadt, Germany.
    Raza, Shahid
    RISE - Research Institutes of Sweden, ICT, SICS.
    ACE of Spades in the IoT Security Game: A Flexible IPsec Security Profile for Access Control2018Conference paper (Refereed)
    Abstract [en]

    The Authentication and Authorization for ConstrainedEnvironments (ACE) framework provides fine-grainedaccess control in the Internet of Things, where devices areresource-constrained and with limited connectivity. The ACEframework defines separate profiles to specify how exactlyentities interact and what security and communication protocolsto use. This paper presents the novel ACE IPsec profile, whichspecifies how a client establishes a secure IPsec channel witha resource server, contextually using the ACE framework toenforce authorized access to remote resources. The profilemakes it possible to establish IPsec Security Associations, eitherthrough their direct provisioning or through the standardIKEv2 protocol. We provide the first Open Source implementationof the ACE IPsec profile for the Contiki OS and testit on the resource-constrained Zolertia Firefly platform. Ourexperimental performance evaluation confirms that the IPsecprofile and its operating modes are affordable and deployablealso on constrained IoT platforms.

  • 3. Boano, Carlo Alberto
    et al.
    Duquennoy, Simon
    Forster, Anna
    Gnawali, Omprakash
    Jacob, Romain
    Kim, Hyung-Sin
    Landsiedel, Olaf
    Marfievici, Ramona
    Picco, Gian Pietro
    Vilajosana, Xavier
    Watteyne, Thomas
    Zimmerling, Marco
    IoTBench: Towards a Benchmark for Low-power Wireless Networking2018Conference paper (Refereed)
    Abstract [en]

    Unlike other fields of computing and communications, low-power wireless networking is plagued by one major issue: the absence of a well-defined, agreed-upon yardstick to compare the performance of systems, namely, a benchmark. We argue that this situation may eventually represent a hampering factor for a technology expected to be key in the Internet of Things (IoT) and Cyber-physical Systems (CPS). This paper describes a recent initiative to remedy this situation, seeking to enlarge the participation from the community.

  • 4.
    Bosse, Sebastian
    et al.
    Fraunhofer, Germany.
    Brunnstrom, Kjell
    RISE - Research Institutes of Sweden, ICT, Acreo. Mid Sweden University, Sweden.
    Arndt, Sebastian
    NTNU Norwegian University of Science and Technology, Norway.
    Martini, Maria G.
    Kingston University, UK.
    Ramzan, Naeem
    University of the West of Scotland, UK.
    Engelke, Ulrich
    CSIRO, Australia.
    A common framework for the evaluation of psychophysiological visualquality assessment2019In: Quality and User Experience, ISSN 2366-0139, E-ISSN 2366-0147, Vol. 4, no 3Article in journal (Refereed)
    Abstract [en]

    The assessment of perceived quality based on psychophysiological methods recently gained attraction as it potentiallyovercomes certain flaws of psychophysical approaches. Although studies report promising results, it is not possible toarrive at decisive and comparable conclusions that recommend the use of one or another method for a specific applicationor research question. The video quality expert group started a project on psychophysiological quality assessment to studythese novel approaches and to develop a test plan that enables more systematic research. This test plan comprises of a specificallydesigned set of quality annotated video sequences, suggestions for psychophysiological methods to be studied inquality assessment, and recommendations for the documentation and publications of test results. The test plan is presentedin this article.

  • 5.
    Brunnström, Kjell
    et al.
    Mid Sweden University, Sweden.
    Sjöström, Mårten
    Mid Sweden University, Sweden.
    Muhammad, Imran
    HIAB AB, Sweden;Mid Sweden University, Sweden.
    Magnus, Pettersson
    HIAB AB, Sweden.
    Johanson, Mathias
    Alkit Communications AB, Sweden.
    Quality of Experience for a Virtual Reality simulator2018In: Human Vision and Electronic Imaging 2018 / [ed] Rogowitz, B.;Pappas, T.;De Ridder H., The Society for Imaging Science and Technology, 2018Conference paper (Refereed)
    Abstract [en]

    In this study, we investigate a VR simulator of a forestry crane used for loading logs onto a truck, mainly looking at Quality of Experience (QoE) aspects that may be relevant for task completion, but also whether there are any discomfort related symptoms experienced during task execution. The QoE test has been designed to capture both the general subjective experience of using the simulator and to study task completion rate. Moreover, a specific focus has been to study the effects of latency on the subjective experience, with regards both to delays in the crane control interface as well as lag in the visual scene rendering in the head mounted display (HMD). Two larger formal subjective studies have been performed: one with the VR-system as it is and one where we have added controlled delay to the display update and to the joystick signals. The baseline study shows that most people are more or less happy with the VR-system and that it does not have strong effects on any symptoms as listed in the Simulator Sickness Questionnaire (SSQ). In the delay study we found significant effects on Comfort Quality and Immersion Quality for higher Display delay (30 ms), but very small impact of joystick delay. Furthermore, the Display delay had strong influence on the symptoms in the SSQ, and causing test subjects to decide not to continue with the complete experiments. We found that this was especially connected to the longer added Display delays (≥ 20 ms).

  • 6.
    Cristofori, Valentina
    et al.
    DTU Technical University of Denmark, Denmark.
    Da Ros, Francesco
    DTU Technical University of Denmark, Denmark.
    Ozolins, Oskars
    RISE - Research Institutes of Sweden, ICT, Acreo.
    Chaibi, Mohamed Essghair
    University of Rennes 1, France.
    Bramerie, Laurent
    University of Rennes 1, France.
    Ding, Yunhong
    DTU Technical University of Denmark, Denmark.
    Pang, Xiaodan
    RISE - Research Institutes of Sweden, ICT, Acreo.
    Shen, Alexandre
    III-V Lab, France.
    Gallet, Antonin
    III-V Lab, France.
    Duan, Guanghua
    III-V Lab, France.
    Hassan, Karim
    CEA, France.
    Olivier, Segolene Gol Ne
    CEA, France.
    Popov, Sergei Yu
    KTH Royal Institute of Technology, Sweden.
    Jacobsen, Gunnar
    RISE - Research Institutes of Sweden, ICT, Acreo.
    Oxenlöwe, Leif Katsuo
    DTU Technical University of Denmark, Denmark.
    Peucheret, Christophe
    University of Rennes 1, France.
    25-Gb/s transmission over 2.5-km SSMF by silicon MRR enhanced 1.55-μm III-V/SOI DML2017In: 30th Annual Conference of the IEEE Photonics Society, IPC 2017, Institute of Electrical and Electronics Engineers Inc. , 2017, p. 357-360Conference paper (Refereed)
    Abstract [en]

    The use of a micro-ring resonator (MRR) to enhance the modulation extinction ratio and dispersion tolerance of a directly modulated laser (DML) is experimentally investigated with a bit rate of 25 Gb/s as proposed for the next generation data center communications. The investigated system combines a 11-GHz 1.55-m directly modulated hybrid III-V/SOI DFB laser realized by bonding III-V materials (InGaAlAs) on a silicon-on-insulator (SOI) wafer and a silicon MRR also fabricated on SOI. Such a transmitter enables error-free transmission (BER< 10 -9 )at 25 Gb/s data rate over 2.5-km SSMF without dispersion compensation nor forward error correction (FEC). As both laser and MRR are fabricated on the SOI platform, they could be combined into a single device with enhanced performance, thus providing a cost-effective transmitter for short reach applications.

  • 7.
    Dima, Elijs
    et al.
    Mid Sweden University, Sweden.
    Brunnstrom, Kjell
    RISE - Research Institutes of Sweden, ICT, Acreo. Mid Sweden University, Sweden.
    Sjöström, Mårten
    Mid Sweden University, Sweden.
    Andersson, Mattias
    Mid Sweden University, Sweden.
    Edlund, Joakim
    Mid Sweden University, Sweden.
    Johanson, Mathias
    Alkit Communications AB, Sweden.
    Qureshi, Tahir
    HIAB AB, Sweden.
    View Position Impact on QoE in an Immersive Telepresence System for Remote Operation2019In: 2019 Eleventh International Conference on Quality of Multimedia Experience (QoMEX), Berlin, Germany: IEEE , 2019Conference paper (Refereed)
    Abstract [en]

    In this paper, we investigate how different viewingpositions affect a user’s Quality of Experience (QoE) and performancein an immersive telepresence system. A QoE experimenthas been conducted with 27 participants to assess the generalsubjective experience and the performance of remotely operatinga toy excavator. Two view positions have been tested, an overheadand a ground-level view, respectively, which encourage relianceon stereoscopic depth cues to different extents for accurate operation.Results demonstrate a significant difference between groundand overhead views: the ground view increased the perceiveddifficulty of the task, whereas the overhead view increased theperceived accomplishment as well as the objective performanceof the task. The perceived helpfulness of the overhead view wasalso significant according to the participants.

  • 8.
    Dubois, Catherine
    et al.
    Ecole Nationale Supérieure d'Informatique pour l'Industrie et l'Entreprise, France.
    Grinchtein, Olga
    Ericsson AB, Sweden.
    Pearson, Justin
    Uppsala University, Sweden.
    Carlsson, Mats
    RISE - Research Institutes of Sweden, ICT, SICS.
    Exploring Properties of a Telecommunication Protocol with Message Delay Using Interactive Theorem Prover2018In: International Conference on Software Engineering and Formal Methods / [ed] Einar Broch Johnsen and Ina Schaefer, 2018, p. 239-253Conference paper (Refereed)
    Abstract [en]

    An important task of testing a telecommunication protocol consists in analysing logs. The goal of log analysis is to check that the timing and the content of transmitted messages comply with specification. In order to perform such checks, protocols can be described using a constraint modelling language. In this paper we focus on a complex protocol where some messages can be delayed. Simply introducing variables for possible delays for all messages in the constraint model can drastically increase the complexity of the problem. However, some delays can be calculated, but this calculation is difficult to do by hand and to justify. We present an industrial application of the Coq proof assistant to prove a property of a 4G protocol and validate a constraint model. By using interactive theorem proving we derived constraints for message delays of the protocol and found missing constraints in the initial model.

  • 9.
    Folkesson, Peter
    et al.
    RISE - Research Institutes of Sweden, Safety and Transport, Electronics.
    Ayatolahi, Fatemeh
    Chalmers University of Technology, Sweden.
    Sangchoolie, Behrooz
    Chalmers University of Technology, Sweden.
    Vinter, Jonny
    RISE - Research Institutes of Sweden, Safety and Transport, Electronics.
    Islam, Mafijul
    Volvo AB, Sweden.
    Karlsson, Johan
    Chalmers University of Technology, Sweden.
    Back-to-Back Fault Injection Testing in Model-Based Development2015In: Computer Safety, Reliability, and Security / [ed] Floor Koornneef, Coen van Gulijk, 2015, Vol. 9337, p. 135-148Conference paper (Refereed)
    Abstract [en]

    Today, embedded systems across industrial domains (e.g., avionics,automotive) are representatives of software-intensive systems with increasingreliance on software and growing complexity. It has become critically importantto verify software in a time, resource and cost effective manner. Furthermore,industrial domains are striving to comply with the requirements of relevantsafety standards. This paper proposes a novel workflow along with tool supportto evaluate robustness of software in model-based development environment,assuming different abstraction levels of representing software. We then showthe effectiveness of our technique, on a brake-by-wire application, byperforming back-to-back fault injection testing between two differentabstraction levels using MODIFI for the Simulink model and GOOFI-2 for thegenerated code running on the target microcontroller. Our proposed method andtool support facilitates not only verifying software during early phases of thedevelopment lifecycle but also fulfilling back-to-back testing requirements of ISO 26262 [1] when using model-based development.

  • 10.
    Ivanova, Valentina
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Lambrix, Patrick
    Linköping University, Sweden.
    Lohmann, Steffen
    Fraunhofer IAIS, Germany.
    Pesquita, Cátia
    University of Lisbon, Portugal.
    Voila 2018 visualization and interaction for ontologies and linked data2018In: CEUR Workshop Proceedings, CEUR-WS , 2018, p. 1-12Conference paper (Refereed)
  • 11.
    Kucher, Kostiantyn
    et al.
    Linnaeus University, Sweden.
    Paradis, Carita
    Lund University, Sweden.
    Sahlgren, Magnus
    RISE - Research Institutes of Sweden, ICT, SICS.
    Kerren, Andreas
    Linnaeus University, Sweden.
    Active learning and visual analytics for stance classification with ALVA2017In: Academic Journal of Research in Business and Accounting, ISSN 2160-6455, E-ISSN 1084-6654, Vol. 7, no 3, article id 14Article in journal (Refereed)
    Abstract [en]

    The automatic detection and classification of stance (e.g., certainty or agreement) in text data using natural language processing and machine-learning methods creates an opportunity to gain insight into the speakers' attitudes toward their own and other people's utterances. However, identifying stance in text presents many challenges related to training data collection and classifier training. To facilitate the entire process of training a stance classifier, we propose a visual analytics approach, called ALVA, for text data annotation and visualization. ALVA's interplay with the stance classifier follows an active learning strategy to select suitable candidate utterances for manual annotaion. Our approach supports annotation process management and provides the annotators with a clean user interface for labeling utterances with multiple stance categories. ALVA also contains a visualization method to help analysts of the annotation and training process gain a better understanding of the categories used by the annotators. The visualization uses a novel visual representation, called CatCombos, which groups individual annotation items by the combination of stance categories. Additionally, our system makes a visualization of a vector space model available that is itself based on utterances. ALVA is already being used by our domain experts in linguistics and computational linguistics to improve the understanding of stance phenomena and to build a st  ance classifier for applications such as social media monitoring.

  • 12.
    Nemati, Hamed
    et al.
    KTH Royal Institute of Technology, Sweden.
    Dam, Mads
    KTH Royal Institute of Technology, Sweden.
    Guanciale, Roberto
    KTH Royal Institute of Technology, Sweden.
    Do, Viktor
    RISE, Swedish ICT, SICS.
    Vahidi, Arash
    RISE, Swedish ICT, SICS.
    Trustworthy Memory Isolation of Linux on Embedded Devices2015In: Trust and Trustworthy Computing / [ed] Mauro Conti, Matthias Schunter, Ioannis Askoxylakis, 2015, Vol. 9229, p. 125-142Conference paper (Refereed)
    Abstract [en]

    The isolation of security critical components from an untrusted OS allows to both protect applications and to harden the OS itself, for instance by run-time monitoring. Virtualization of the memory subsystem is a key component to provide such isolation. We present the design, implementation and verification of a virtualization platform for the ARMv7-A processor family. Our design is based on direct paging, an MMU virtualization mechanism previously introduced by Xen for the x86 architecture, and used later with minor variants by the Secure Virtual Architecture, SVA. We show that the direct paging mechanism can be implemented using a compact design, suitable for formal verification down to a low level of abstraction, without penalizing system performance. The verification is performed using the HOL4 theorem prover and uses a detailed model of the ARMv7-A ISA, including the MMU. We prove memory isolation of the hosted components along with information flow security for an abstract top level model of the virtualization mechanism. The abstract model is refined down to a HOL4 transition system closely resembling a C implementation. The virtualization mechanism is demonstrated on real hardware via a hypervisor capable of hosting Linux as an untrusted guest.

  • 13.
    Paladi, Nicolae
    RISE - Research Institutes of Sweden. Lund University.
    Protecting OpenFlow Flow Tables with Intel SGX2019Conference paper (Other academic)
    Abstract [en]

    OpenFlow flow tables in Open vSwitch contain valuable information about installed flows, priorities, packet actions and routing policies. Their importance is emphasized when collocated tenants compete for the limited entries available to install flow rules. From a security point of view, OpenFlow flow tables are a valuable asset that requires both confidentiality and integrity guarantees. However, commodity software switch implementations - such as Open vSwitch - do not implement protection mechanisms capable to prevent attackers from either obtaining information about the installed flows or modifying the contents of flow tables. In this work, we adopt a radical approach to enabling OpenFlow flow table protection through decomposition. Based on a careful analysis of the architecture and implementation of Open vSwitch, we identify core assets requiring security guarantees, design an approach to isolating OpenFlow flow tables, and implement a prototype using Open vSwitch and Software Guard Extensions enclaves.

  • 14.
    Paladi, Nicolae
    RISE - Research Institutes of Sweden, ICT, SICS. Lund University, Sweden.
    Trust but verify: trust establishment mechanisms in infrastructure clouds2017Doctoral thesis, monograph (Other academic)
    Abstract [en]

    In the cloud computing service model, users consume computation resources provided through the Internet, often without any awareness of the cloud service provider that owns and operates the supporting hardware infrastructure. This marks an important change compared to earlier models of computation, for example when such supporting hardware infrastructure was under the control of the user. Given the ever increasing importance of computing, the shift to cloud computing raises several challenging issues, which include protecting the computation and ancillary resources such as network communication and the stored or produced data.While the potential risks for data isolation and confidentiality in cloud infrastructure are somewhat known, they are obscured by the convenience of the service model and claimed trustworthiness of cloud service providers, backed by reputation and contractual agreements. Ongoing research on cloud infrastructure has the potential to strengthen the security guarantees of computation, data and communication for users of cloud computing. This thesis is part of such research efforts, focusing on assessing the trustworthiness of components of the cloud network infrastructure and cloud computing infrastructure and controlling access to data and network resources and addresses select aspects of cloud computing security.The contributions of the thesis include mechanisms to verify or enforce security in cloud infrastructure. Such mechanisms have the potential to both help cloud service providers strengthen the security of their deployments and empower users to obtain guarantees regarding security aspects of service level agreements. By leveraging functionality of components such as the Trusted Platform Module, the thesis presents mechanisms to provide user guarantees regarding integrity of the computing environment and geographic location of plaintext data, as well as to allow users maintain control over the cryptographic keys for integrity and confidentiality protection of data stored in remote infrastructure. Furthermore, the thesis leverages recent innovations for platform security such as Software Guard Extensions to introduce mechanisms to verify the integrity of the network infrastructure in the Software-Defined Networking model. A final contribution of the thesis is an access control mechanism for access control of resources in the Software-Defined Networking model. 

  • 15.
    Paladi, Nicolae
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Karlsson, Linus
    Lund University, Sweden.
    Elbashir, Khalid
    KTH Royal Institute of Technology, Sweden.
    Trust Anchors in Software Defined Networks2018In: Computer Security: 23rd European Symposium on Research in Computer Security, ESORICS 2018 Barcelona, Spain, September 3–7, 2018, Proceedings, Part II / [ed] Javier Lopez · Jianying Zhou Miguel Soriano, Springer, 2018, Vol. 11099, p. 485-594Conference paper (Refereed)
    Abstract [en]

    Advances in software virtualization and network processing lead to increasing network softwarization. Software network elements running on commodity platforms replace or complement hardware com- ponents in cloud and mobile network infrastructure. However, such com- modity platforms have a large attack surface and often lack granular control and tight integration of the underlying hardware and software stack. Often, software network elements are either themselves vulnerable to software attacks or can be compromised through the bloated trusted computing base. To address this, we protect the core security assets of network elements - authentication credentials and cryptographic context - by provisioning them to and maintaining them exclusively in isolated execution environments. We complement this with a secure and scalable mechanism to enroll network elements into software defined networks. Our evaluation results show a negligible impact on run-time performance and only a moderate performance impact at the deployment stage.

  • 16.
    Paladi, Nicolae
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Michalas, Antonis
    Tampere University of Technology, Finland.
    Dan, Hai-Van
    University of Westminster, UK.
    Towards secure cloud orchestration for multi-cloud deployments2018In: Proceedings of the 5th Workshop on CrossCloud Infrastructures & Platforms, Porto, 2018, article id 4Conference paper (Refereed)
    Abstract [en]

    Cloud orchestration frameworks are commonly used to deploy and operate cloud infrastructure. Their role spans both vertically (deployment on infrastructure, platform, application and microservice levels) and horizontally (deployments from many distinct cloud resource providers). However, despite the central role of orchestration, the popular orchestration frameworks lack mechanisms to provide security guarantees for cloud operators. In this work, we analyze the security landscape of cloud orchestration frameworks for multi-cloud infrastructure. We identify a set of attack scenarios, define security enforcement enablers and propose an architecture for a security-enabled cloud orchestration framework for multi-cloud application deployments.

  • 17.
    Paladi, Nicolae
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Michalas, Antonis
    Tampere University of Technology, Finland.
    Hai-Van, Dang
    University of Westminster, UK.
    Towards Secure Cloud Orchestration for Multi-Cloud Deployments2018In: EuroSys'18 companion proceedings, 2018Conference paper (Refereed)
    Abstract [en]

    Cloud orchestration frameworks are commonly used to deploy and operate cloud infrastructure. Their role spans both vertically (deployment on infrastructure, platform, application and microservice levels) and horizontally (deployments from many distinct cloud resource providers). However, despite the central role of orchestration, the popular orchestration frameworks lack mechanisms to provide security guarantees for cloud operators. In this work, we analyze the security landscape of cloud orchestration frameworks for multicloud infrastructure. We identify a set of attack scenarios, define security enforcement enablers and propose an architecture for a security-enabled cloud orchestration framework for multi-cloud application deployments.

  • 18.
    Sjölund, Johannes
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS. Luleå University of Technology, Sweden.
    Mattias, Vesterlund
    RISE - Research Institutes of Sweden, ICT, SICS.
    Nicolas, Delbosc
    Dassault Systemes Madrid, Spain.
    Khan, Amirul
    University of Leeds, UK.
    Summers, Jon
    RISE - Research Institutes of Sweden, ICT, SICS. University of Leeds, UK.
    Validated thermal air management simulations ofdata centers using remote graphics processing units2018Conference paper (Refereed)
    Abstract [en]

    Simulation tools for thermal management of datacenters help to improve layout of new builds or analyse thermalproblems in existing data centers. The development of LBMon remote GPUs as an approach for such simulations is discussedmaking use of VirtualGL and prioritised multi-threadedimplementations of an existing LBM code. The simulation isconfigured to model an existing and highly monitored test datacenter. Steady-state root mean square averages of measured andsimulated temperatures are compared showing good agreement.The full capability of this simulation approach is demonstratedwhen comparing rack temperatures against a time varyingworkload, which employs time-dependent boundary conditions.

  • 19.
    Tiloca, Marco
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Dini, Gianluca
    University of Pisa, Italy.
    Racciatti, Francesco
    University of Pisa, Italy.
    Stagkopoulou, Alexandra
    RISE - Research Institutes of Sweden, ICT, SICS.
    SEA++: A Framework for Evaluating the Impact of Security Attacks in OMNeT++/INET2019In: Recent Advances in Network Simulation: The OMNeT++ Environment and its Ecosystem / [ed] A. Virdis and M. Kirsche, Springer International Publishing , 2019, p. 253-278Chapter in book (Other academic)
    Abstract [en]

    This chapter presents SEA++, a simulation framework that extends OMNeT++ and the INET Framework for evaluating the impact of security attacks on networks and applications in a flexible and user-friendly way. To this end, SEA++ relies on two fundamental building blocks. First, the user describes the attacks to be evaluated by using a high-level Attack Specification Language (ASL). In particular, only the final effects of such attacks are described, rather than their actual performance. Second, the Attack Simulation Engine (ASE) takes these high-level descriptions as input and accordingly injects attack events at runtime, by means of additional software modules that seamlessly and transparently operate with the other INET modules. This allows the user to quantitatively assess the impact of cyber/physical attacks in simulated network scenarios, and hence rank them according to their severity as a support to risk assessment and selection of countermeasures. As a further advantage, the user is not required to alter any software module or application, or to implement any adversary model for the actual execution of security attacks. Finally, this chapter also includes a step-by-step explicative example showing how to set up and use SEA++ for describing attacks and assessing their impact.

  • 20.
    Tiloca, Marco
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Dini, Gianluca
    University of Pisa, Italy.
    Rizki, Kiki
    RISE - Research Institutes of Sweden, ICT, SICS.
    Raza, Shahid
    RISE - Research Institutes of Sweden, ICT, SICS.
    Group rekeying based on member join history2019In: International Journal of Information Security, ISSN 1615-5262, E-ISSN 1615-5270Article in journal (Refereed)
    Abstract [en]

    This paper presents GREP, a novel group rekeying scheme that leverages the history of join events in order to achieve efficiency and high scalability. GREP rekeys thegroup with only two broadcast messages, hence displaying an overhead which is small, constant and independent of the group size. Also, GREP efficiently recovers the group from collusion attack with no recourse to total member reinitialization. Even in the very unlikely worst case, collusion recovery displays a smooth impact on performance that gradually increases with the attack severity. We implemented GREP for the Contiki OS and tested it on different resource-constrained platforms. Our analytical and experimental evaluation confirm that GREP is efficient, highly scalable and deployable also on constrained nodes. The paper extends a previous version of this work, especially through additional security analysis, treatise of probabilities for worst case collusion, and experimental evaluation of performance.

  • 21.
    Tiloca, Marco
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Höglund, Rikard
    RISE - Research Institutes of Sweden, ICT, SICS.
    Al Atiiq, Syafiq
    KTH Royal Institute of Technology, Sweden.
    SARDOS: Self-Adaptive Reaction against Denial of Service in the Internet of Things2018Conference paper (Refereed)
    Abstract [en]

    Denial of Service (DoS) is a common and severe security issue in computer networks. Typical DoS attacks overload servers with bogus requests, induce them to worthlessly commit resources, and even make them unable to serve legitimate clients. This is especially relevant in Internet of Things scenarios, where servers are particularly exposed and often equipped with limited resources. Although most countermeasures focus on detection and mitigation, they do not react to dynamically adapt victims' behavior, while at the same time preserving service availability. This paper presents SARDOS, a reactive security service that leverages detection mechanisms from different communication layers, and adaptively changes the operative behavior of victim servers while preserving service availability. We experimentally evaluated SARDOS with a prototype implementation running on an underclocked Raspberry Pi server. Our results show that, when running SARDOS, a server under attack displays considerably lower memory and CPU usage, while still ensuring (best-effort) fulfillment of legitimate requests.

  • 22.
    Verginadis, Yiannis
    et al.
    ICCS Institute of Communications and Computer Systems, Sweden.
    Patiniotakis, Ioannis
    ICCS Institute of Communications and Computer Systems, Sweden.
    Gouvas, Panagiotis
    Ubitech Ltd, Greece.
    Mantzouratos, Spyros
    Ubitech Ltd, Greece.
    Veloudis, Simeon
    University of Sheffield, Greece.
    Schork, Sebastian Thomas
    University of Sheffield, Greece.
    Seitz, Ludwig
    RISE - Research Institutes of Sweden, ICT, SICS.
    Paraskakis, Iraklis
    University of Sheffield, Greece.
    Mentzas, Gregoris
    National Technical Universtiy of Athens, Greece.
    Context-aware Policy Enforcement for PaaS-enabled Access Control2019In: IEEE Transactions on Cloud ComputingArticle in journal (Refereed)
    Abstract [en]

    It is generally conceded that, due to security and privacy concerns, enterprises and users are reluctant to embracethe cloud computing paradigm and hence benefit from the cost reductions and the increased flexibility or business agility that thisparadigm brings about. These concerns stem mainly from the significantly-expanded attack surfaces that result from theheterogeneous nature of cloud services and the dynamicity inherent in cloud environments. In order to alleviate these concerns,effective and flexible access control approaches are required to consider the contextual parameters that characterise data accessrequests in the cloud. In this respect, this work presents PaaSword: a novel holistic access control framework—essentially a PaaSoffering—that extends the popular XACML standard with semantic reasoning capabilities that support the federation of effectivecontext-aware access control policies and their infusion into cloud applications with minimal manual intervention and effort. Todetermine the performance of our solution, a comparative evaluation test is presented and discussed, against a well-knownreference implementation of the XACML standard, namely the open source WSO2 Balana engine.

  • 23.
    Zhabelova, Gulnara
    et al.
    Luleå University of Technology, Sweden.
    Vesterlund, Mattias
    RISE - Research Institutes of Sweden, ICT, SICS.
    Eschmann, Sascha
    National Institute of Applied Sciences, France.
    Vyatkin, Valeriy
    Luleå University of Technology, Sweden; Aalto University, Finland.
    Flieller, Damien
    National Institute of Applied Sciences, France.
    Towards an Open Model for Data Center Research: from CPU to Cooling Tower2018Conference paper (Refereed)
    Abstract [en]

    Data centers are important players in the energy infrastructure. Aiming at addressing environmental challenges, large data centers such as Facebook, Google, Yahoo, etc., are increasing share of green power in their daily energy consumption. Such trends drive research into new directions, e.g. sustainable data centers. The research often relies on expressive models that provides sufficient details however practical to re-use and expand. There is a lack of available data center models that capture dynamics of the facility from the CPU to the cooling tower. It is a challenge to develop a model that allows to describe complete data center of any scale including its connection to the grid. This paper proposes such a model building on existing work. The challenge was to put the pieces of data center together and describe dynamics of each element so that interdependencies between components and parameters are captured correctly and in sufficient details. The proposed model was used in the project “Data center microgrid integration” and proven to be adequate and important to support such study.

1 - 23 of 23
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.35.7