Search Results (23)

Field-programmable gate arrays (FPGAs) are widely used in cloud servers as an acceleration solution for compute-intensive tasks. Cloud FPGAs are typically multi-tenant, enabling resource sharing among multiple users but are vulnerable to power side-channel analysis (SCA) attacks due to their programmability and runtime dynamic reconfigurability. It is well-known that the clock frequencies of the circuits on multi-tenant FPGAs affect power consumption, but their impact on remote correlation power analysis (CPA) attacks has largely been ignored in the literature. This work systematically evaluates how clock frequency variations influence the effectiveness of remote CPA attacks on multi-tenant FPGAs. We develop a theoretical model to quantify this impact and validate our findings through the CPA attacks on processors running AES-128 and SM4 cryptographic algorithms. Our results demonstrate that the runtime clock frequency significantly affects the performance of remote CPA attacks. Our work provides valuable insights into the security implications of frequency scaling in multi-tenant FPGAs and offers guidance on selecting clock frequencies to mitigate power side-channel risks. Full article

Smart city/IoT frameworks are becoming more complex for the needs regarding multi-tenancy, data streams, real-time event-driven processing, data, and visual analytics. The infrastructures also need to support multiple organizations and optimizations in terms of data, processes/services, and tools cross-exploited by multiple applications and developers. In this paper, we addressed these needs to provide platform operators and developers effective models and tools to: (i) identify the causes of problems and dysfunctions at their inception; (ii) identify references to data, processes, and APIs to add/develop new scenarios in the infrastructure, minimizing effort; (iii) monitor resources and the work performed by developers to exploit the complex multi-application platform. To this end, we developed a semantic unified knowledge model, UKM, and a number of tools for its implementation and exploitation. The UKM, with its inferences, allows to browse and extract information from complex relationships among entities. The proposed solution has been designed, implemented, and validated in the context of the open source Snap4City.org platform and applied in many geographical areas with 18 organizations, 40 cities, thousands of operators and developers, and free trials to keep platform complexity under control, as in the interconnected scenarios of the Herit-Data Interreg Project, which is a lighthouse project of the European Commission. Full article

The increasing complexity of modern networks and their evolving needs demand flexible, high-performance packet processing solutions. The P4 language excels in specifying packet processing in software-defined networks (SDNs). Field-programmable gate arrays (FPGAs) are ideal for P4-based packet parsers due to their reconfigurability and ability to handle data transmitted at high speed. This paper introduces three FPGA-based P4-programmable packet parsing architectural designs that translate P4 specifications into adaptable hardware implementations called base, overlay, and pipeline, each optimized for different packet parsing performance. As modern network infrastructures evolve, the need for multi-tenant environments becomes increasingly critical. Multi-tenancy allows multiple independent users or organizations to share the same physical network resources while maintaining isolation and customized configurations. The rise of 5G and cloud computing has accelerated the demand for network slicing and virtualization technologies, enabling efficient resource allocation and management for multiple tenants. By leveraging P4-programmable packet parsers on FPGAs, our framework addresses these challenges by providing flexible and scalable solutions for multi-tenant network environments. The base parser offers a simple design for essential packet parsing, using minimal resources for high-speed processing. The overlay parser extends the base design for parallel processing, supporting various bus sizes and throughputs. The pipeline parser boosts throughput by segmenting parsing into multiple stages. The efficiency of the proposed approaches is evaluated through detailed resource consumption metrics measured on an Alveo U280 board, demonstrating throughputs of 15.2 Gb/s for the base design, 15.2 Gb/s to 64.42 Gb/s for the overlay design, and up to 282 Gb/s for the pipelined design. These results demonstrate a range of high performances across varying throughput requirements. The proposed approach utilizes a system that ensures low latency and high throughput that yields streaming packet parsers directly from P4 programs, supporting parsing graphs with up to seven transitioning nodes and four connections between nodes. The functionality of the parsers was tested on enterprise networks, a firewall, and a 5G Access Gateway Function graph. Full article

The Internet of Things (IoT) consists of millions of devices deployed over hundreds of thousands of different networks, providing an ever-expanding resource to improve our understanding of and interactions with the physical world. Global service discovery is key to realizing the opportunities of the IoT, spanning disparate networks and technologies to enable the sharing, discovery, and utilisation of services and data outside of the context in which they are deployed. In this paper, we present Decentralised Service Registries (DSRs), a novel trustworthy decentralised approach to global IoT service discovery and interaction, building on DSF-IoT to allow users to simply create and share public and private service registries, to register and query for relevant services, and to access both current and historical data published by the services they discover. In DSR, services are registered and discovered using signed objects that are cryptographically associated with the registry service, linked into a signature chain, and stored and queried for using a novel verifiable DHT overlay. In contrast to existing centralised and decentralised approaches, DSRs decouple registries from supporting infrastructure, provide privacy and multi-tenancy, and support the verification of registry entries and history, service information, and published data to mitigate risks of service impersonation or the alteration of data. This decentralised approach is demonstrated through the creation and use of a DSR to register and search for real-world IoT devices and their data as well as qualified using a scalable cluster-based testbench for the high-fidelity emulation of peer-to-peer applications. DSRs are evaluated against existing approaches, demonstrating the novelty and utility of DSR to address key IoT challenges and enable the sharing, discovery, and use of IoT services. Full article

This paper describes the development activity that has been carried out for a living laboratory for the city of Cagliari aimed at functioning as a learning center for local SMEs willing to improve their skills in IoT and create applications that will be integrated in an open innovation ecosystem. The many users belonging to the various SMEs involved in the project required an ICT laboratory with a platform that could manage them and provide a multi-tenant environment for the development of IoT applications. The architecture also had to be scalable and interoperable, and the resulting platform had to collect many kinds of data from sensors or other data sources, elaborate them, and show georeferenced information on a 3D satellite interactive view along with statistics on side panels. This work was based on a platform already developed by CRS4 for a previous project. Preserving the concept of the decision-making tool for Smart Cities, almost every component was redesigned, and, in this paper, we describe the new solutions that have been implemented. Starting from the former structure, further features were added in a novel way in order to offer an enhanced framework that can deal with the activities of the laboratory, exploiting the scalability of the open-source systems involved, their robustness and flexibility, and leveraging domain standards. In this article, the main challenges involved in the development of the platform are described, as well as the solutions that have been implemented so far. Full article

In recent years, cloud computing has attracted extensive attention from industry and academia due to its convenience and ubiquity. As a new Internet-based IT service model, cloud computing has brought revolutionary changes to traditional computing and storage services. More and more individual users and enterprises are willing to deploy their own data and applications on the cloud platform, but the accompanying security issues have also become an obstacle to the development of cloud computing. Multi-tenancy and virtualization technologies are the main reasons why cloud computing faces many security problems. Through the virtualization of storage resources, multi-tenant data are generally stored as shared physical storage resources. To distinguish the data of different tenants, labels are generally used to distinguish them. However, this simple label cannot resist the attack of a potential malicious tenant, and data still has the risk of leakage. Based on this, this paper proposed a data partitioning method in a multi-tenant scenario to prevent privacy leakage of user data. We demonstrate the use of the proposed approach in protecting patient data in medical records in health informatics. Experiments show that the proposed algorithm can partition the attributes more fine-grained and effectively protect the sensitive information in the data. Full article

Cloud computing (CC) plays a significant role in revolutionizing the information and communication technology (ICT) industry, allowing flexible delivery of new services and computing resources at a fraction of the costs for end-users than traditional computing. Unfortunately, many potential cyber threats impact CC-deployed services due to the exploitation of CC’s characteristics, such as resource sharing, elasticity, and multi-tenancy. This survey provides a comprehensive discussion on security issues and challenges facing CC for cloud service providers and their users. Furthermore, this survey proposes a new taxonomy for classifying CC attacks, distributed denial of service (DDoS) attacks, and DDoS attack detection approaches on CC. It also provides a qualitative comparison with the existing surveys. Finally, this survey aims to serve as a guide and reference for other researchers working on new DDoS attack detection approaches within the CC environment. Full article

As a software delivery model, Software as a Service (SaaS) has attracted considerable attention from software providers and users. Most traditional companies are shifting their businesses to an SaaS model. SaaS development is a very complicated process and its success depends on architectural design and development. A Manufacturing Execution System (MES) was used at the expense of licensing fees for features not used in the On-Premise environment, although the features used vary depending on the manufacturing environment. In an SaaS environment, MES is applied with a function-specific container approach through a Microservice Architecture (MSA) to select and employ only the necessary functions. Furthermore, as the number of customers of virtualized applications increases in SaaS-based services, complexity and operating costs increase; thus, Multi-tenancy Architecture (MTA) technology, which serves all customers through a single instance of the application is crucial. Thus, in this study, we investigate the MTA approach and propose a suitable MTA for the manufacturing execution system. Real-time response is crucial to achieving a cyber-physical system of digital manufacturing in SaaS-based MES. Furthermore, SaaS-based big data analytics and decision-making cannot meet the needs of numerous applications in real-time sensitive workplaces. In this study, we propose an SaaS-based MSA/MTA model for real-time control of Internet of Things (IoT) Edge in digital manufacturing (SaaMES), an architecture of SaaS-based MES with MSA and MTA to meet vulnerable workplaces and real-time responses in Cloud environments. The analysis is used by applying the Autoencoder and Generic Adversarial Networks analysis model to IoT Edge for the connection between the Cloud environment and work site to enable real-time response and decision-making through communication using OPC-UA and small-scale analysis. Full article

Authentication, authorization, and data access control are playing major roles in data security and privacy. The proposed model integrated the multi-factor authentication–authorization process with dependable and non-dependable factors and parameters based on providing security for tenants through a hybrid approach of fully homomorphic encryption methodology: the enhanced homomorphic cryptosystem (EHC) and the Brakersky–Gentry–Vaikuntanathan (BGV) scheme. This research was composed of four major elements: the fully homomorphic encryption blended schemes, EHC and BGV; secure token and key implications based on dependable and don-dependable factors; an algorithm for generating the tokens and the suitable keys, depending on the user’s role; and the execution of experimental test cases by using the EHC algorithm for key and token generation, based on dependable and non-dependable parameters and time periods. The proposed approach was tested with 152 end-users by integrating six multi-tenants, five head tenants, and two enterprise levels; and achieved a 92 percent success rate. The research integrated 32-bit plain text in the proposed hybrid approach by taking into consideration the encryption time, decryption time, and key generation time of data transmission via cloud servers. The proposed blended model was efficient in preventing data from ciphertext attacks and achieved a high success rate for transmitting data between the multi-tenants, based on the user-role-user type of enterprise cloud servers. Full article

This article reveals an adequate comprehension of basic defense, security challenges, and attack vectors in deploying multi-network slicing. Network slicing is a revolutionary concept of providing mobile network on-demand and expanding mobile networking business and services to a new era. The new business paradigm and service opportunities are encouraging vertical industries to join and develop their own mobile network capabilities for enhanced performances that are coherent with their applications. However, a number of security concerns are also raised in this new era. In this article, we focus on the deployment of multi-network slicing with multi-tenancy. We identify the security concerns and discuss the defense approaches such as network slice isolation and insulation in a multi-layer network slicing security model. Furthermore, we identify the importance to appropriately select the network slice isolation points and propose a generic framework to optimize the isolation policy regarding the implementation cost while guaranteeing the security and performance requirements. Full article

Fifth Generation (5G) is expected to meet stringent performance network requisites of the Industry 4.0. Moreover, its built-in network slicing capabilities allow for the support of the traffic heterogeneity in Industry 4.0 over the same physical network infrastructure. However, 5G network slicing capabilities might not be enough in terms of degree of isolation for many private 5G networks use cases, such as multi-tenancy in Industry 4.0. In this vein, infrastructure network slicing, which refers to the use of dedicated and well isolated resources for each network slice at every network domain, fits the necessities of those use cases. In this article, we evaluate the effectiveness of infrastructure slicing to provide isolation among production lines (PLs) in an industrial private 5G network. To that end, we develop a queuing theory-based model to estimate the end-to-end (E2E) mean packet delay of the infrastructure slices. Then, we use this model to compare the E2E mean delay for two configurations, i.e., dedicated infrastructure slices with segregated resources for each PL against the use of a single shared infrastructure slice to serve the performance-sensitive traffic from PLs. Also we evaluate the use of Time-Sensitive Networking (TSN) against bare Ethernet to provide layer 2 connectivity among the 5G system components. We use a complete and realistic setup based on experimental and simulation data of the scenario considered. Our results support the effectiveness of infrastructure slicing to provide isolation in performance among the different slices. Then, using dedicated slices with segregated resources for each PL might reduce the number of the production downtimes and associated costs as the malfunctioning of a PL will not affect the network performance perceived by the performance-sensitive traffic from other PLs. Last, our results show that, besides the improvement in performance, TSN technology truly provides full isolation in the transport network compared to standard Ethernet thanks to traffic prioritization, traffic regulation, and bandwidth reservation capabilities. Full article

Forest management at the landscape level is a requirement for reducing wildfire hazard. In contexts where non-industrial private forest ownership prevails, the collaboration among multiple owners has been proposed as the way forward to reach consistent fuel management at that level. The current literature has been focused on identifying the factors that lead to collaboration among owners. In this study we explored other ways to reach landscape-level management in addition to the collaborative way, such as those that may be promoted through land renting or selling. Different contexts and owner types may require different solutions. Thus, we explicitly asked which alternative would be chosen by a given forest owner, from the following set: keeping individual management, entering a multi-owner collaborative arrangement where they delegate management, renting to a pulp company; or selling the land. In a context of small-scale ownership and high recurrence of wildfires in Portugal, a face-to-face survey was carried out to a sample of landowners. Our results suggest that there is not an a priori generalized unwillingness of owners to delegate management, rent or sell the land and thus they seem prone to align themselves with policy strategies to promote management at the landscape level. Multinomial logit regression modelling allowed us to explain and predict owners’ choices among the aforementioned set of alternative management options. We found that choosing multi-ownership collaboration, as opposed to keeping current individual management, is associated with passive management under harsher conditions, by non-residents without bonding capital. The identified factors of owners’ choices show the limited scope of tenancy and land-market mechanisms to promote landscape-level management. The best policy option was found to depend on the owner profiles prevailing in the target area. This suggests that studying the existing context and owner types is required to design effective policies. Full article

Cloud computing is currently becoming a well-known buzzword in which business titans, such as Microsoft, Amazon, and Google, among others, are at the forefront in developing and providing sophisticated cloud computing systems to their users in a cost-effective manner. Security is the biggest concern for cloud computing and is a major obstacle to users adopting cloud computing systems. Maintaining the security of cloud computing is important, especially for the infrastructure. Several research works have been conducted in the cloud infrastructure security area; however, some gaps have not been completely addressed, while new challenges continue to arise. This paper presents a comprehensive survey of the security issues at different cloud infrastructure levels (e.g., application, network, host, and data). It investigates the most prominent issues that may affect the cloud computing business model with regard to infrastructure. It further discusses the current solutions proposed in the literature to mitigate the different security issues at each level. To assist in solving the issues, the challenges that are still unsolved are summarized. Based on the exploration of the current challenges, some cloud features such as flexibility, elasticity and the multi-tenancy are found to pose new challenges at each infrastructure level. More specifically, the multi-tenancy is found to have the most impact at all infrastructure levels, as it can lead to several security problems such as unavailability, abuse, data loss and privacy breach. This survey concludes by giving some recommendations for future research. Full article

This article presents the results of research on the effect of the customer’s gender on the tenure choice (ownership or tenancy) on the housing market. In the study, an attempt has been made to investigate whether there is a significant role of women in making decisions in this market. The survey was conducted among residents of two cities—Olsztyn (Poland) and Vilnius (Lithuania). The obtained answers were subjected to a multi-dimensional categorical and quantitative analysis. The results showed, among others, that women generally have greater decision-making autonomy in residential issues than men, with Lithuanian women doing this much more often than Polish women. However, it should be noted that the dominant decision-making model in the housing market is the model of joint decisions taken by men and women. The results of the conducted analysis broaden the existing knowledge of the functioning of the housing market and may support the implementation of the pro-social and pro-sustainable spatial development policy of the given territorial unit. The results may also contribute to more sustainable development of enterprises in the housing construction sector. This is an important issue in a climate of intense competition between “providers” of flats and the gradual introduction of the idea of competition between them and the social environment. Full article

Modern datacenters are reinforcing the computational power and energy efficiency by assimilating field programmable gate arrays (FPGAs). The sustainability of this large-scale integration depends on enabling multi-tenant FPGAs. This requisite amplifies the importance of communication architecture and virtualization method with the required features in order to meet the high-end objective. Consequently, in the last decade, academia and industry proposed several virtualization techniques and hardware architectures for addressing resource management, scheduling, adoptability, segregation, scalability, performance-overhead, availability, programmability, time-to-market, security, and mainly, multitenancy. This paper provides an extensive survey covering three important aspects—discussion on non-standard terms used in existing literature, network-on-chip evaluation choices as a mean to explore the communication architecture, and virtualization methods under latest classification. The purpose is to emphasize the importance of choosing appropriate communication architecture, virtualization technique and standard language to evolve the multi-tenant FPGAs in datacenters. None of the previous surveys encapsulated these aspects in one writing. Open problems are indicated for scientific community as well. Full article