Biblio

In a cloud data center, the client requests are catered by placing the services in its servers. Such services are deployed through a sandboxing platform to ensure proper isolation among services from different users. Due to the lightweight nature, containers have become increasingly popular to support such sandboxing. However, for supporting effective and efficient data center resource usage with minimum resource footprints, improving the containers' consolidation ratio is significant for the cloud service providers. Towards this end, in this paper, we propose an exciting direction to significantly boost up the consolidation ratio of a data-center environment by effectively managing the containers' states. We observe that many cloud-based application services are event-triggered, so they remain inactive unless some external service request comes. We exploit the fact that the containers remain in an idle state when the underlying service is not active, and thus such idle containers can be checkpointed unless an external service request comes. However, the challenge here is to design an efficient mechanism such that an idle container can be resumed quickly to prevent the loss of the application's quality of service (QoS). We have implemented the system, and the evaluation is performed in Amazon Elastic Compute Cloud. The experimental results have shown that the proposed algorithm can manage the containers' states, ensuring the increase of consolidation ratio.

Mounting concerns about safety and security have resulted in an intricate ecosystem of guidelines, compliance measures, directives and policy reports for cybersecurity of all critical infrastructure. By definition, such guidelines and policies are written in linear sequential text form that makes them difficult to integrate, or to understand the policy-technology-security interactions, thus limiting their relevance for science of security. We propose to develop text-to-analytics methods and tools focusing on CPS domains such as smart grids

GSSD is an evolving knowledge networking system dedicated to sustainable development. Designed to help identify and extend innovative approaches toward sustainability—including enabling technologies, policies, and strategies—it tracks diverse aspects of challenges, problems, and emergent solutions to date. Specifically, it is a computer-assisted, organized system linking discrete actors with a knowledge producing capacity that is, (b) combined via common organizing principles, and (c) based on individual autonomy; such that (d) the value of networked knowledge is enhanced, and (e) the stock of knowledge is expanded further.

CyberIR@MIT is a dynamic, interactive ontology-based knowledge system focused on the evolving, diverse & complex interconnections of cyberspace & international relations.

Explorations in Cyber International Relations (ECIR) is a collaborative research program of Massachusetts Institute of Technology and Harvard University designed to create multi-disciplinary approaches to the emergence of cyberspace in international relations. The purpose is to support policy analysis by combining leading-edge methods in computer science and technology with international law and long-range political and economic inquiry. ECIR is based in MIT Department of Political Science, with participation from Computer Science and Artificial Intelligence Laboratory (CSAIL) and Sloan School of Management. At Harvard, ECIR is based in the Kennedy School Belfer Center for Science and International Affairs, with participation of Berkman Klein Center for Internet & Society at Harvard Law School.

Almost everyone recognizes the emergence of a new challenge in the cyber domain, namely increased threats to the security of the Internet and its various uses. Seldom does a day go by without dire reports and hair raising narratives about unauthorized intrusions, access to content, or damage to systems, or operations. And, of course, a close correlate is the loss of value. An entire industry is around threats to cyber security, prompting technological innovations and operational strategies that promise to prevent damage and destruction. This paper is a collection chapters entitled 1) "Cybersecurity – Problems, Premises, Perspectives," 2) "An Abbreviated Technical Perspective on Cybersecurity," 3) "The Conceptual Underpinning of Cyber Security Studies" 4) "Cyberspace as the Domain of Content," 5) "The Conceptual Underpinning of Cyber Security Studies," 6) "China’s Perspective on Cyber Security," 7) "Pursuing Deterrence Internationally in Cyberspace," 8) "Is Deterrence Possible in Cyber Warfare?" and 9) "A Theoretical Framework for Analyzing Interactions between Contemporary Transnational Activism and Digital Communication."

Advances in information and communication technologies – global Internet, social media, Internet of Things, and a range of related science-driven innovations and generative and emergent technologies – continue to shape a dynamic communication and information ecosystem for which there is no precedent. These advances are powerful in many ways. Foremost among these in terms of salience, ubiquity, pervasiveness, and expansion in scale and scope is the broad area of artificial intelligence. They have created a new global ecology; yet they remain opaque and must be better understood—an ecology of “knowns” that is evolving in ways that remain largely “unknown.” Especially compelling is the acceleration of Artificial Intelligence – in all its forms – with far-ranging applications shaping a new global ecosystem for which there is no precedent. This chapter presents a brief view of the most pressing challenges, articulates the logic for worldwide agreement to retain the rule of law in the international system, and presents salient features of an emergent International Accord on Artificial Intelligence. The Framework for Artificial Intelligence International Accord (AIIA) is an initial response to this critical gap in the system of international rules and regulations.

An examination of the ways cyberspace is changing both the theory and the practice of international relations. Cyberspace is widely acknowledged as a fundamental fact of daily life in today's world. Until recently, its political impact was thought to be a matter of low politics—background conditions and routine processes and decisions. Now, however, experts have begun to recognize its effect on high politics—national security, core institutions, and critical decision processes. In this book, Nazli Choucri investigates the implications of this new cyberpolitical reality for international relations theory, policy, and practice. The ubiquity, fluidity, and anonymity of cyberspace have already challenged such concepts as leverage and influence, national security and diplomacy, and borders and boundaries in the traditionally state-centric arena of international relations. Choucri grapples with fundamental questions of how we can take explicit account of cyberspace in the analysis of world politics and how we can integrate the traditional international system with its cyber venues. After establishing the theoretical and empirical terrain, Choucri examines modes of cyber conflict and cyber cooperation in international relations; the potential for the gradual convergence of cyberspace and sustainability, in both substantive and policy terms; and the emergent synergy of cyberspace and international efforts toward sustainable development. Choucri's discussion is theoretically driven and empirically grounded, drawing on recent data and analyzing the dynamics of cyberpolitics at individual, state, international, and global levels.

Nearest neighbor (NN) search is an essential operation in many applications, such as one/few-shot learning and image classification. As such, fast and low-energy hardware support for accurate NN search is highly desirable. Ternary content-addressable memories (TCAMs) have been proposed to accelerate NN search for few-shot learning tasks by implementing \$L\$∞ and Hamming distance metrics, but they cannot achieve software-comparable accuracies. This paper proposes a novel distance function that can be natively evaluated with multi-bit content-addressable memories (MCAMs) based on ferroelectric FETs (Fe-FETs) to perform a single-step, in-memory NN search. Moreover, this approach achieves accuracies comparable to floating-point precision implementations in software for NN classification and one/few-shot learning tasks. As an example, the proposed method achieves a 98.34% accuracy for a 5-way, 5-shot classification task for the Omniglot dataset (only 0.8% lower than software-based implementations) with a 3-bit MCAM. This represents a 13% accuracy improvement over state-of-the-art TCAM-based implementations at iso-energy and iso-delay. The presented distance function is resilient to the effects of FeFET device-to-device variations. Furthermore, this work experimentally demonstrates a 2-bit implementation of FeFET MCAM using AND arrays from GLOBALFOUNDRIES to further validate proof of concept.

One of the most innovative directions in the Internet is Information Centric Networks, in particular the Named Data Network. This approach should make it easier to find and retrieve the desired information on the network through name-based addressing, intranet caching and other schemes. This article presents Named Data Network modeling, results and performance evaluation of proposed caching policies for Named Data Network research, taking into account the influence of external factors on base of Zipf's law and uniform distribution.

Named Data Networking (NDN) is an emerging network architecture, which is built by keeping data as its pivotal point. The in-network cache, one of the important characteristics, makes data packets to be available from multiple locations on the Internet. Hence data access control and their enforcement mechanisms become even more critical in the NDNs. In this paper, we propose a novel encryption-based data access control scheme using Role-Based Encryption (RBE). The inheritance property of our scheme provides a natural way to achieve efficient data access control over hierarchical content. This in turn makes our scheme suitable for large scale real world content-centric applications and services such as Netflix. Further, the proposed scheme introduces an anonymous signature-based authentication mechanism to reject bogus data requests nearer to the source, thereby preventing them from entering the network. This in turn helps to mitigate better denial of service attacks. In addition, the signature mechanism supports unlinkability, which is essential to prevent leakages of individual user's access patterns. Another major feature of the proposed scheme is that it provides accountability of the Internet Service Providers (ISPs) using batch signature verification. Moreover, we have developed a transparent and secure dispute resolution and payment mechanism using smart-contract and blockchain technologies. We present a formal security analysis of our scheme to show it is provably secure against Chosen Plaintext Attacks. We also demonstrate that our scheme supports more functionalities than the existing schemes and its performance is better in terms of computation, communication and storage.

Batched network coding (BNC) is a low-complexity solution to network transmission in feedbackless multi-hop packet networks with packet loss. BNC encodes the source data into batches of packets. As a network coding scheme, the intermediate nodes perform recoding on the received packets instead of just forwarding them. Blockwise adaptive recoding (BAR) is a recoding strategy which can enhance the throughput and adapt real-time changes in the incoming channel condition. In wireless applications, in order to combat burst packet loss, interleavers can be applied for BNC in a hop-by-hop manner. In particular, a batch-stream interleaver that permutes packets across blocks can be applied with BAR to further boost the throughput. However, the previously proposed minimal communication protocol for BNC only supports permutation of packets within a block, called intrablock interleaving, and so it is not compatible with the batch-stream interleaver. In this paper, we design an intrablock interleaver for BAR that is backward compatible with the aforementioned minimal protocol, so that the throughput can be enhanced without upgrading all the existing devices.

Wireless relay network is a solution for transmitting information from a source node to a sink node far away by installing a relay in between. The broadcasting nature of wireless communication allows the sink node to receive part of the data sent by the source node. In this way, the relay does not need to receive the whole piece of data from the source node and it does not need to forward everything it received. In this paper, we consider the application of batched network coding, a practical form of random linear network coding, for a better utilization of such a network. The amount of innovative information at the relay which is not yet received by the sink node, called the innovative rank, plays a crucial role in various applications including the design of the transmission scheme and the analysis of the throughput. We present a visualization of the innovative rank which allows us to understand and derive formulae related to the innovative rank with ease.

With the advancement of VLSI technology, Tiled Chip Multicore Processors (TCMP) with packet switched Network-on-Chip (NoC) have been emerged as the backbone of the modern data intensive parallel systems. Due to tight time-to-market constraints, manufacturers are exploring the possibility of integrating several third-party Intellectual Property (IP) cores in their TCMP designs. Presence of malicious Hardware Trojan (HT) in the NoC routers can adversely affect communication between tiles leading to degradation of overall system performance. In this paper, we model an HT mounted on the input buffers of NoC routers that can alter the destination address field of selected NoC packets. We study the impact of such HTs and analyse its first and second order impacts at the core level, cache level, and NoC level both quantitatively and qualitatively. Our experimental study shows that the proposed HT can bring application to a complete halt by stalling instruction issue and can significantly impact the miss penalty of L1 caches. The impact of re-transmission techniques in the context of HT impacted packets getting discarded is also studied. We also expose the unrealistic assumptions and unacceptable latency overheads of existing mitigation techniques for packet header attacks and emphasise the need for alternative cost effective HT management techniques for the same.

This paper describes the architecture and the fundamental methodology of an anomaly detector, which by continuously monitoring Simple Network Management Protocol data and by processing it as complex-events, is able to timely recognize patterns of faults and relevant cyber-attacks. This solution has been applied in the context of smart grids, and in particular as part of a security and resilience component of the Information and Communication Technologies (ICT) Gateway, a middleware-based architecture that correlates and fuses measurement data from different sources (e.g., Inverters, Smart Meters) to provide control coordination and to enable grid observability applications. The detector has been evaluated through experiments, where we selected some representative anomalies that can occur on the ICT side of the energy distribution infrastructure: non-malicious faults (indicated by patterns in the system resources usage), as well as effects of typical cyber-attacks directed to the smart grid infrastructure. The results show that the detection is promisingly fast and efficient.

The globalized supply chain in the semiconductor industry raises several security concerns such as IC overproduction, intellectual property piracy and design tampering. Logic locking has emerged as a Design-for-Trust countermeasure to address these issues. Original logic locking proposals provide a high degree of output corruption – i.e., errors on circuit outputs – unless it is unlocked with the correct key. This is a prerequisite for making a manufactured circuit unusable without the designer’s intervention. Since the introduction of SAT-based attacks – highly efficient attacks for retrieving the correct key from an oracle and the corresponding locked design – resulting design-based countermeasures have compromised output corruption for the benefit of better resilience against such attacks. Our proposed logic locking scheme, referred to as SKG-Lock, aims to thwart SAT-based attacks while maintaining significant output corruption. The proposed provable SAT-resilience scheme is based on the novel concept of decoy key-inputs. Compared with recent related works, SKG-Lock provides higher output corruption, while having high resistance to evaluated attacks.

Due to the computing capability limitation of the Internet of things devices in the perception layer, the traditional security solutions are difficult to be used directly. How to design a new lightweight, secure and reliable protocol suitable for the Internet of Things application environment, and realize the secure transmission of information among many sensing checkpoints is an urgent problem to be solved. In this paper, we propose a decentralized lightweight authentication key protocol based on the combination of public key and trusted computing technology, which is used to establish secure communication between nodes in the perception layer. The various attacks that the protocol may suffer are analyzed, and the formal analysis method is used to verify the security of the protocol. To verify the validity of the protocol, the computation and communication cost of the protocol are compared with the existing key protocols. And the results show that the protocol achieved the promised performance.

An electronic medical record (EMR) is the digital medical data of a patient, and they are healthcare system's most valuable asset. In this paper, we introduce a decentralized network using blockchain technology and smart contracts as a solution to manage and secure medical records storing, and transactions between medical healthcare providers. Ethereum blockchain is employed to build the blockchain. Solidity object-oriented language was utilized to implement smart contracts to digitally facilitate and verify transactions across the network (creating records, access requests, permitting access, revoking access, rejecting access). This will mitigate prevailing issues of current systems and enhance their performance, since current EMRs are stored on a centralized database, which cannot guarantee data integrity and security, consequently making them susceptible to malicious attacks. Our proposed system approach is of vital importance considering that healthcare providers depend on various tests in making a decision about a patient's diagnosis, and the respective plan of treatment they will go through. These tests are not shared with other providers, while data is scattered on various systems, as a consequence of these ensuing scenarios, patients suffer of the resulting care provided. Moreover, blockchain can meliorate the motley serious challenges caused by future use of IoT devices that provide real-time data from patients. Therefore, integrating the two technologies will produce decentralized IoT based healthcare systems.

We present a novel approach for the collaborative training of neural network models in decentralized federated environments. In the iterative process a group of autonomous peers run multiple training rounds to train a common model. Thereby, participants perform all model training steps locally, such as stochastic gradient descent optimization, using their private, e.g. mission-critical, training datasets. Based on locally updated models, participants can jointly determine a common model by averaging all associated model weights without sharing the actual weight values. For this purpose we introduce a simple n-out-of-n secret sharing schema and an algorithm to calculate average values in a peer-to-peer manner. Our experimental results with deep neural networks on well-known sample datasets prove the generic applicability of the approach, with regard to model quality parameters. Since there is no need to involve a central service provider in model training, the approach can help establish trustworthy collaboration platforms for businesses with high security and data protection requirements.

Protecting privacy of the user location in Internet of Things (IoT) applications is a complex problem. Peer-to-peer (P2P) approach is one of the most popular techniques used to protect privacy in IoT applications, especially that use the location service. The P2P approach requires trust among peers in addition to serious cooperation. These requirements are still an open problem for this approach and its methods. In this paper, we propose an effective solution to this issue by creating a manager for the peers' reputation called R-TTP. Each peer has a new query. He has to evaluate the cooperated peer. Depending on the received result of that evaluation, the main peer will send multiple copies of the same query to multiple peers and then compare results. Moreover, we proposed another scenario to the manager of reputation by depending on Fog computing to enhance both performance and privacy. Relying on this work, a user can determine the most suitable of many available cooperating peers, while avoiding the problems of putting up with an inappropriate cooperating or uncommitted peer. The proposed method would significantly contribute to developing most of the privacy techniques in the location-based services. We implemented the main functions of the proposed method to confirm its effectiveness, applicability, and ease of application.

Currently, data security issues are remaining as a major concern during digital communication. A large amount of crucial data is transmitted through the communication channel. There are many cryptographic algorithms available, which are used for providing data security during communication and storage process. However, the data needs to be decrypted for performing operations, which may lead to elevation of the privilege of data. The pin or passwords used for decryption of data can be easily identified using a brute force attack. This leads to losing the confidentiality of crucial data to an unauthorized user. In the proposed system, a combination of Homomorphic and Honey encryption is used to improve data confidentiality and user authentication problems. Thus, the system provides better data security for the issues related to outsourced databases.

We propose thrombolysis using a magnetic nanoparticle microswarm with tissue plasminogen activator (tPA) under ultrasound imaging. The microswarm is generated in blood using an oscillating magnetic field and can be navigated with locomotion along both the long and short axis. By modulating the input field, the aspect ratio of the microswarm can be reversibly tuned, showing the ability to adapt to different confined environments. Simulation results indicate that both in-plane and out-of-plane fluid convection are induced around the microswarm, which can be further enhanced by tuning the aspect ratio of the microswarm. Under ultrasound imaging, the microswarm is navigated in a microchannel towards a blood clot and deformed to obtain optimal lysis. Experimental results show that the lysis rate reaches -0.1725 ± 0.0612 mm3/min in the 37°C blood environment under the influence of the microswarm-induced fluid convection and tPA. The lysis rate is enhanced 2.5-fold compared to that without the microswarm (-0.0681 ± 0.0263 mm3/min). Our method provides a new strategy to increase the efficiency of thrombolysis by applying microswarm-induced fluid convection, indicating that swarming micro/nanorobots have the potential to act as effective tools towards targeted therapy.

We study communication systems based on chaotic time-delayed feedback generator. The aim of the study is a comparative assessment of the noise immunity for the four different communication systems at the same levels of the external noise. It is shown that the principle of correlation receiver, which is used in classical communication systems, can be also used in the case where chaotic signals generated by self-oscillating systems with complex behavior are used as reference signals. Systems based on the correlation receiver principles have very high immunity to the external noise.

In proof-of-stake (PoS) blockchains, stakeholders that extend the chain are selected according to the amount of stake they own. In S&P 2019 the "Ouroboros Crypsinous" system of Kerber et al. (and concurrently Ganesh et al. in EUROCRYPT 2019) presented a mechanism that hides the identity of the stakeholder when adding blocks, hence preserving anonymity of stakeholders both during payment and mining in the Ouroboros blockchain. They focus on anonymizing the messages of the blockchain protocol, but suggest that potential identity leaks from the network-layer can be removed as well by employing anonymous broadcast channels.In this work we show that this intuition is flawed. Even ideal anonymous broadcast channels do not suffice to protect the identity of the stakeholder who proposes a block.We make the following contributions. First, we show a formal network-attack against Ouroboros Crypsinous, where the adversary can leverage network delays to distinguish who is the stakeholder that added a block on the blockchain. Second, we abstract the above attack and show that whenever the adversary has control over the network delay – within the synchrony bound – loss of anonymity is inherent for any protocol that provides liveness guarantees. We do so, by first proving that it is impossible to devise a (deterministic) state-machine replication protocol that achieves basic liveness guarantees and better than (1-2f) anonymity at the same time (where f is the fraction of corrupted parties). We then connect this result to the PoS setting by presenting the tagging and reverse tagging attack that allows an adversary, across several executions of the PoS protocol, to learn the stake of a target node, by simply delaying messages for the target. We demonstrate that our assumption on the delaying power of the adversary is realistic by describing how our attack could be mounted over the Zcash blockchain network (even when Tor is used). We conclude by suggesting approaches that can mitigate such attacks.

In emergency situations like recent Australian bushfires, it is crucial for civilians and firefighters to receive critical information such as escape routes and safe sheltering points with guarantees on information quality attributes. Mobile Ad-hoc Networks (MANETs) can provide communications in bushfire when fixed infrastructure is destroyed and not available. Current MANET solutions, however, are mostly tested under static bushfire scenario. In this work, we investigate the impact of a realistic dynamic bushfire in a dry eucalypt forest with a shrubby understory, on the performance of data delivery solutions in a MANET. Simulation results show a significant degradation in the performance of state-of-the-art MANET quality of information solution. Other than frequent source handovers and reduced user usability, packet arrival latency increases by more than double in the 1st quartile with a median drop of 74.5 % in the overall packet delivery ratio. It is therefore crucial for MANET solutions to be thoroughly evaluated under realistic dynamic bushfire scenarios.