Manager Architecture Research Articles

A Trust Establishment and Key Management Architecture for Hospital-at-Home

The landscape of healthcare is experiencing a digitalization shift, transferring many medical activities to the patients’ homes, a phenomenon commonly referred to as Hospital-at-Home. While Internet of Things (IoT) devices facilitate the building of such systems, there is a need for powerful middleware that encapsulates device-to-device communication, and enables the construction of user-friendly, secure, and robust Hospital-at-Home systems. A key challenge for such middleware is to build a trustworthy and lightweight key management system allowing different devices in the system to exchange messages securely. In this paper we present a simple, easily manageable and scalable such architecture which, in addition, supports long term data protection using post-quantum cryptographic primitives. Our proposed solution utilizes a Merkle tree to enable the IoT devices to establish trust between each other automatically, even in the absence of Internet connection. We have implemented the architecture and present performance figures as well as a security analysis of our approach.

Scaling a Declarative Cluster Manager Architecture with Query Optimization Techniques

Cluster managers play a crucial role in data centers by distributing workloads among infrastructure resources. Declarative Cluster Management (DCM) is a new cluster management architecture that enables users to express placement policies declaratively using SQL-like queries. This paper presents our experiences in scaling this architecture from moderate-sized enterprise clusters (102- 103nodes) to hyperscale clusters (104nodes) via query optimization techniques. First, we formally specify the syntax and semantics of DCM's declarative language, C-SQL, a SQL variant used to express constraint optimization problems. We showcase how constraints on the desired state of the cluster system can be succinctly represented as C-SQL programs, and how query optimization techniques like incremental view maintenance and predicate pushdown can enhance the execution of C-SQL programs. We evaluate the effectiveness of our optimizations through a case study of building Kubernetes schedulers using C-SQL. Our optimizations demonstrated an almost 3000× speed up in database latency and reduced the size of optimization problems by as much as 1/300 of the original, without affecting the quality of the scheduling solutions.

Increased Basal Ganglia Modulatory Effective Connectivity Observed in Resting-State fMRI in Individuals With Parkinson's Disease.

Alterations to interactions between networked brain regions underlie cognitive impairment in many neurodegenerative diseases, providing an important physiological link between brain structure and cognitive function. Previous attempts to characterize the effects of Parkinson’s disease (PD) on network functioning using resting-state functional magnetic resonance imaging (rs-fMRI), however, have yielded inconsistent and contradictory results. Potential problems with prior work arise in the specifics of how the area targeted by the diseases (the basal ganglia) interacts with other brain regions. Specifically, current computational models point to the fact that the basal ganglia contributions should be captured with modulatory (i.e., second-order) rather than direct (i.e., first-order) functional connectivity measures. Following this hypothesis, a principled but manageable large-scale brain architecture, the Common Model of Cognition, was used to identify differences in basal ganglia connectivity in PD by analyzing resting-state fMRI data from 111 participants (70 patients with PD; 41 healthy controls) using Dynamic Causal Modeling (DCM). Specifically, the functional connectivity of the basal ganglia was modeled as two second-level, modulatory connections that control projections from sensory cortices to the prefrontal cortex, and from the hippocampus and medial temporal lobe to the prefrontal cortex. We then examined group differences between patients with PD and healthy controls in estimated modulatory effective connectivity in these connections. The Modulatory variant of the Common Model of Cognition outperformed the Direct model across all subjects. It was also found that these second-level modulatory connections had higher estimates of effective connectivity in the PD group compared to the control group, and that differences in effective connectivity were observed for all direct connections between the PD and control groups.We make the case that accounting for modulatory effective connectivity better captures the effects of PD on network functioning and influences the interpretation of the directionality of the between-group results. Limitations include that the PD group was scanned on dopaminergic medication, results were derived from a reasonable but small number of individuals and the ratio of PD to healthy control participants was relatively unbalanced. Future research will examine if the observed effect holds for individuals with PD scanned off their typical dopaminergic medications.

Ensemble Deep Learning Models for Mitigating DDoS Attack in Software-Defined Network

Software-defined network (SDN) is an enabling technology that meets the demand of dynamic, adaptable, and manageable networking architecture for the future. In contrast to the traditional networks that are based on a distributed control plane, the control plane of SDN is based on a centralized architecture. As a result, SDNs are susceptible to critical cyber attacks that exploit the single point of failure. A distributed denial of service (DDoS) attack is one of the most crucial and risky attacks, targeting the SDN controller and disrupting its services. Several researchers have proposed signature-based DDoS mitigation and detection techniques that rely on manually configuring the policies. As the massive traffic from heterogeneous networks increases, conventional solutions are ineffective due to the lack of automation and human interference. This necessitates producing a detection solution, more effective than traditional ones, to ensure SDN security, resiliency, and availability. This paper addresses this problem by proposing a deep learning (DL)-based ensemble solution for efficient DDoS attack detection in SDN. Four hybrid models are presented by adopting three ensemble techniques and different DL architectures, namely convolutional neural network, long short-term memory, and gated recurrent unit, to improve the SDN traffic classification. The experimentation was conducted on the benchmark flow-based dataset CICIDS2017. High detection accuracy (99.77%) with a small number of flow-based features was achieved by our ensemble model, as our experimental results will demonstrate. The proposed solution was evaluated by several standard assessment matrices and by comparing against other state-of-the-art algorithms from the network security literature.

Machine Learning Approach Equipped with Neighbourhood Component Analysis for DDoS Attack Detection in Software-Defined Networking

The Software-Defined Network (SDN) is a new network paradigm that promises more dynamic and efficiently manageable network architecture for new-generation networks. With its programmable central controller approach, network operators can easily manage and control the whole network. However, at the same time, due to its centralized structure, it is the target of many attack vectors. Distributed Denial of Service (DDoS) attacks are the most effective attack vector to the SDN. The purpose of this study is to classify the SDN traffic as normal or attack traffic using machine learning algorithms equipped with Neighbourhood Component Analysis (NCA). We handle a public “DDoS attack SDN Dataset” including a total of 23 features. The dataset consists of Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP) normal and attack traffics. The dataset, including more than 100 thousand recordings, has statistical features such as byte_count, duration_sec, packet rate, and packet per flow, except for features that define source and target machines. We use the NCA algorithm to reveal the most relevant features by feature selection and perform an effective classification. After preprocessing and feature selection stages, the obtained dataset was classified by k-Nearest Neighbor (kNN), Decision Tree (DT), Artificial Neural Network (ANN), and Support Vector Machine (SVM) algorithms. The experimental results show that DT has a better accuracy rate than the other algorithms with 100% classification achievement.

On Performance and Scalability of Cost-Effective SNMP Managers for Large-Scale Polling

As networks grow larger in size and complexity, their monitoring is becoming an increasing challenge because of the required polling performance and also due to heterogeneity of devices. As it turns out, SNMP (Simple Network Management Protocol) is by far the most popular monitoring protocol. However, due to the increase in the number of network devices, it becomes necessary to employ multiple SNMP managers, which is not cost-effective due to the hardware requirements. Additionally, the different proprietary SNMP implementations require custom configuration very often, as new devices are being incorporated into the network. Therefore, current SNMP managers not only require capabilities for large-scale monitoring but also a high degree of flexibility and programmability. In response, we propose an SNMP manager architecture with a flexible multi-threaded architecture, which effectively reduces the hardware resources necessary to poll the increasing number of SNMP agents. In addition, it features a scripting component to deal with the different data representations caused by proprietary implementations. Our experience has shown that SNMP agents can have high variability in their response times. Actually, our findings show a strong correlation between high response times and CPU load. As a solution, we propose and analyze novel adaptive polling algorithms that decrease the load on agents' CPUs while keeping the desired polling rate for fast agents. Finally, we present several real-world use cases where we show the benefits of the polling algorithms and the scripting component, by means of extensive measurement campaigns.

Distributed system of virtual machines for self-organized networks

Introduction: Active data, being fragments of executable code transmitted between the nodes of an active network, are an effectivemechanism for the operation of software-reconfigurable distributed systems. Previously, in the works devoted to active data, not enoughattention was paid to the implementation of the runtime environment (the processor) for the executable code of active data, as well asto the issues of building hypervisors and load balancing in distributed systems. Purpose: Developing principles for the construction of virtual machines with active data, providing the reconfigurability of the target devices and network flexibility in general. Evaluatingthe possibility of using the existing approaches to load balancing for networks with active data. Methods: Our study uses the principlesof software-defined system development, the conception of active data, theoretical foundations and technology of virtualization.Results: Is has been proposed to use a distributed system of virtual machines as an active data execution environment, based on theobject-oriented approach to creating distributed applications. Each node of such a distributed system of virtual machines can act aseither a control or slave node during the object interaction. Based on the developed approach, we proposed to solve the problem ofbuilding a network of repeaters using active data, considering an unmanned aerial vehicle as an element of an active info-communicationnetwork which supports the active data technology. Since a distributed system of virtual machines enables asymmetric distribution ofdecentralized network nodes, a method has been developed for a distributed system whose nodes are unmanned aerial vehicles and acontrol node, to control the asymmetry value by creating objects of various decomposition levels. Practical relevance: The proposedmethods provide a way to control the resource consumption of the nodes of a distributed software-reconfigurable network and theamount of network data transmitted. For dynamic management of the load on the network nodes, a resource manager architecture anda resource allocation algorithm are developed.

A High-Speed, Scalable, and Programmable Traffic Manager Architecture for Flow-Based Networking

In this paper, we present a programmable and scalable traffic manager (TM) architecture, targeting requirements of high-speed networking devices, especially in the software-defined networking context. This TM is intended to ease the deployability of new architectures through field-programmable gate array (FPGA) platforms and to make the data plane programmable and scalable. Flow-based networking allows treating traffic in terms of flows rather than as a simple aggregation of individual packets, which simplifies scheduling and bandwidth allocation for each flow. Programmability brings agility, flexibility, and rapid adaptation to changes, allowing to meet network requirements in real-time. Traffic management with fast queuing and reduced latency plays an important role to support the upcoming 5G cellular communication technology. The proposed TM architecture is coded in C++ and is synthesized with the Vivado High-Level Synthesis tool. This TM is capable of supporting links operating beyond 40 Gb/s, on the ZC706 board and XCVU440-FLGB2377-3-E FPGA device from Xilinx, while achieving 80 Gb/s and 100 Gb/s throughput, respectively. The resulting placed and routed design was tested on the ZC706 board with its embedded ARM processor controlling table updates.

A scalable and manageable IoT architecture based on transparent computing

With the explosion of connected devices, the Internet-of-Things (IoT) is expected to be the fundamental infrastructure of the information society and receives a wide variety of applications in different scenarios. However, the fast-growing IoT technology is still facing many challenges posed by large-scale heterogeneous IoT devices. To address these challenges we propose a transparent computing based IoT architecture to build scalable and manageable IoT applications. The proposed architecture consists of five layers, i.e., end-user layer, edge network layer, core network layer, service&storage layer, and management layer. It can provide centralized management of various resources like operating systems, services and data for IoT applications, and enable on-demand services to be executed on heterogeneous IoT devices. We also build a prototype system to evaluate the performance of the proposed architecture in terms of the delay and energy consumption in remote service updating. The experimental results demonstrate that it can provide efficient management of various resources and achieve on-demand service provisioning for IoT devices.

Safe cooperating cyber-physical systems using wireless communication: The SafeCOP approach

This paper presents an overview of the ECSEL project entitled “Safe Cooperating Cyber-Physical Systems using Wireless Communication” (SafeCOP), which runs during the period 2016–2019. SafeCOP targets safety-related Cooperating Cyber-Physical Systems (CO-CPS) characterised by use of wireless communication, multiple stakeholders, dynamic system definitions (openness), and unpredictable operating environments. SafeCOP will provide an approach to the safety assurance of CO-CPS, enabling thus their certification and development. The project will define a runtime manager architecture for runtime detection of abnormal behaviour, triggering if needed a safe degraded mode. SafeCOP will also develop methods and tools, which will be used to produce safety assurance evidence needed to certify cooperative functions. SafeCOP will extend current wireless technologies to ensure safe and secure cooperation, and also contribute to new standards and regulations, by providing certification authorities and standardization committees with the scientifically validated solutions needed to craft effective standards extended to also address cooperation and system-of-systems issues. The project has 28 partners from 6 European countries, and a budget of about 11 million Euros corresponding to about 1,300 person-months.

TERAFLUX: Harnessing dataflow in next generation teradevices

The improvements in semiconductor technologies are gradually enabling extreme-scale systems such as teradevices (i.e., chips composed by 1000 billion of transistors), most likely by 2020. Three major challenges have been identified: programmability, manageable architecture design, and reliability. TERAFLUX is a Future and Emerging Technology (FET) large-scale project funded by the European Union, which addresses such challenges at once by leveraging the dataflow principles. This paper presents an overview of the research carried out by the TERAFLUX partners and some preliminary results. Our platform comprises 1000+ general purpose cores per chip in order to properly explore the above challenges. An architectural template has been proposed and applications have been ported to the platform. Programming models, compilation tools, and reliability techniques have been developed. The evaluation is carried out by leveraging on modifications of the HP-Labs COTSon simulator.

Flexible Architecture for Internet of Things Utilizing an Local Manager

This paper presents an flexible architecture for Internet of things utilizing a local manager with the goal to solve many issues. The solution is described from both the system architecture and example applications. The component design and the communication between these components are introduced. The Local Manager architecture is composed of a gateway, Message Broker, Message Relay Bridge and several small applications (Apps) with different purposes. The Local Manager can be used as a platform for future integration of things into cloud services via the Internet.

A case for centrally controlled wireless sensor networks

In this article we present the Intelligent, Manageable, Power-Efficient and Reliable Internetworking Architecture (IMPERIA), a centrally managed architecture for large-scale wireless sensor networks (WSNs). We discuss the advantages of a centralized management over distributed approaches and derive our design by rigorously minimizing the amount of state information on individual sensor nodes and all sources of message collision during network operations. The result is a clustered multi-hop TDMA protocol that globally synchronizes the network and collects data at ultra-low power consumption.We present the end-to-end architecture and detail the algorithms we developed for (a) efficient network topology discovery and link quality estimation, (b) combined routing and clustering for pre-defined basestations, and (c) the scheduling of the medium access for multi-cluster and multi-channel data collection.IMPERIA has been implemented on TinyOS and IBM’s Mote Runner and successfully deployed in applications for vibration sensing as well as datacenter energy management. This article summarizes the performance results from simulations, laboratory experiments, and deployment measurements that support our design decisions.

A modular package manager architecture

ContextThe success of modern software distributions in the Free and Open Source world can be explained, among other factors, by the availability of a large collection of software packages and the possibility to easily install and remove those components using state-of-the-art package managers. However, package managers are often built using a monolithic architecture and hard-wired and ad-hoc dependency solvers implementing some customized heuristics. ObjectiveWe aim at laying the foundation for improving on existing package managers. Package managers should be complete, that is find a solution whenever there exists one, and allow the user to specify complex criteria that define how to pick the best solution according to the user’s preferences. MethodIn this paper we propose a modular architecture relying on precise interface formalisms that allows the system administrator to choose from a variety of dependency solvers and backends. ResultsWe have built a working prototype–called MPM–following the design advocated in this paper, and we show how it largely outperforms a variety of current package managers. ConclusionWe argue that a modular architecture, allowing for delegating the task of constraint solving to external solvers, is the path that leads to the next generation of package managers that will deliver better results, offer more expressive preference languages, and be easily adaptable to new platforms.

HiMang: Highly manageable network and service architecture for new generation

The Internet is a very successful modern technology and is considered to be one of the most important means of communication. Despite that success, fundamental architectural and business limitations exist in the Internet's design. Among these limitations, we focus on a specific issue, the lack of manageability, in this paper. Although it is generally understood that management is a significant and important part of network and service design, it has not been considered as an integral part in their design phase. We address this problem with our future Internet management architecture called highly manageable network and service architecture for new generation (HiMang), which is a novel architecture that aims at integrating management capabilities into network and service design. HiMang is highly manageable in the sense that it is autonomous, scalable, robust, and evolutionary while reducing the complexity of network management. Unlike any other management framework, HiMang provides management support for the revolutionary networks of the future while maintaining backward compatibility for existing networks.

Contention reduction and service differentiation in OBS networks

Optical burst switching (OBS) has been proposed to be a competitive switching technology for wavelength division networks (WDM) networks. In this switching technique, single burst loss due to contention influences loss of multiple data. Thus, burst loss ratio (BLR) is the main deciding factor for determining the performance of an OBS network. Also, inefficient data channel scheduling algorithm causes burst loss in OBS. In addition to this, the same service to all model of the current Internet is inadequate for the diverse quality of service expectations of Internet applications and users. In this paper, an efficient technique is proposed in which data burst is assembled from several Internet protocol (IP) packets in such a manner that the number of IP packets is changed according to the traffic load. In the proposed scheme, the burst is segmented because the segment located at the end of the contended burst has a greater chance of surviving contention (as the dropped segments are those at the beginning of the contending burst). Thus, the most important (or higher priority) information is enveloped in the last segmented. Further to prevent resource wastage due to over admitting of bursts, the proposed scheme is extended by admission control test for an output link without a fiber delay line (FDL) buffer. Also, modified latest available unscheduled channel with void filling (LAUC-VF) scheduling algorithm utilizing MPLS has been used to provide a scalable and manageable architecture for service differentiation (DiffServ) in IP networks. Simulation results demonstrate that the proposed technique has reduced burst loss rate and better quality of service (QoS) performance in comparison to existing techniques.

UpStream

UpStream is a framework for load management over data streams with update semantics. It provides a novel storage manager architecture that can be plugged into data stream processing engines for serving streaming applications that require low-staleness results over real-time continuous queries. We propose to demonstrate the key aspects of the UpStream architecture as well as its performance using two different application scenarios: One that models a continuously updating financial market dashboard, and another one that is based on an intelligent transportation system for monitoring moving vehicles on a road traffic network. The demonstration will illustrate how UpStream can provide low-staleness query results for these applications under highly overloaded situations, by using a number of update scheduling and storage management techniques. This will be done through a number of interactive visual monitoring tools for the application interface as well as for monitoring the run-time operation of the UpStream system itself.

A Workload Manager Architecture for the Monitoring of Drivers’ Cognitive Impairment

This paper presents the architecture of a software system able to assess the cognitive effort of a driver by monitoring the interaction between the driver and the steering wheel; this system is called WL Manager (WLM). The advantage of a Workload Manager System based on the steering dynamic is that of being not invasive in comparison to other workload measures, in particular physiological (heart rate, eye movements, etc…) which are considered by the literature more reliable than the other indirect measures. Furthermore, the dynamic of the steering wheel can be read from the onboard electronic units available for innovative steering systems like Steer-By-Wire devices (i.e. a steering wheel fully electronically controlled and without mechanical link with the front wheel); then, the implementation of a WLM system on a real car is a realizable project.

MSPnet: Manageable SIP P2P media distribution system

The letter proposes a three-layer manageable media distribution network system architecture called MSPnet, which is based on Session Initiation Protocol[1] and Peer to Peer (SIP P2P) technology. MSPnet performs application-level structured DHT routing and resource location among domains and unstructured ones in domain. Except for media distribution, it can be used to support a variety of P2P applications, including video broadcasting, video on demand, VoIP, etc. MSPnet is composed of three layers, namely, the signal control layer, the management layer, and the media transportation layer. The MSPnet prototype consists of the SIP server, the management server, the media server, and the node User Agent (UA). Results from a prototype experiment in a large-scale Internet environment show that MSPnet is feasible, scalable and manageable.

Transaction management for m-commerce at a mobile terminal

Although there has been a lot of discussion of “transactions” in mobile e-commerce (m-commerce), little attention has been paid for distributed transactional properties of the computations facilitating m-commerce. In this paper we first present a requirement analysis for m-commerce transactions, a graph-based transaction model, and a Transaction Manager (TM) architecture for a wireless application that protects m-commerce workflows against communication link, application, or terminal crash. The application interface, modules and log structure, as well as a pilot implementation of this TM for the location-based application are presented. We further discuss other alternatives to design such a TM that together can be called “Ontological Transaction Monitor”, which assumes also monitoring constraints related to security and privacy.