Virtual Infrastructure Research Articles

Functional features of well-known means of network shielding

The work briefly reviews the history, types, and capabilities of the main types of firewalls (FW). Firewalls are an important tool for protecting network resources from various information security threats. With the development of technology and the changing nature of attacks, especially those involving artificial intelligence (IoT), firewalls have also evolved, acquiring new functions and capabilities. This work provides a short survey of the main types, and capabilities of firewall technology, providing solutions to issues of comprehensive protection of network equipment and information resources from modern security threats. Different types of firewalls are used depending on the conditions of operation and purpose of the basic information and communication system (ICS), as well as on the place of their (FW) integration into the network or virtual infrastructure of modern information systems. For integrated networks that require a high level of their security, productivity and flexibility, firewalls of the business segment of generation «Next-generation» and «Threat-focused NGFW» are definitely the best choice. Attention was drawn to the fact that mobile firewalls should in every way contribute to the maintenance of resource consensus and eliminate a possible disparity in the performance of networked mobile applications. Adaptability to mobility of current communication systems (Wi-Fi, GSM and others) determines the specificity of security threats for mobile devices and It defines their key feature. This feature is based on permanent readiness for seamless transitions (reconnections) between different networks in conditions of constant energy shortage and limited available computing resources (meaning gadgets). Highlights the main trends, prospects for the development and implementation of different types of firewalls, including the impact of artificial intelligence, machine learning, cloud technologies and the Internet of Things as well as important aspects of their (FW) scope. It is emphasized that the introduction of FW does not replace other security technologies and tools, but effectively expands the existing arsenal of countering new security threats (primarily as an instrument of proactive countermeasures and rapid response to complex network incidents). The article may be useful for students, researchers, and information security professionals who seek to expand their competencies related to the development and operation of modern means of network protection.

Distributed virtual selective-forwarding units and SDN-assisted edge computing for optimization of multi-party WebRTC videoconferencing

Network service providers (NSP) have growing interest in placing network intelligence and services at network edges by deploying software-defined network (SDN) and network function virtualization infrastructure. In multi-party WebRTC videoconferencing using scalable video coding, a selective forwarding unit (SFU) provides connectivity between peers with heterogeneous bandwidth and terminals. An important question is where in the network to place the SFU service in order to minimize end-to-end delay between all pairs of peers. Clearly, there is no single optimal place for a cloud SFU for all possible peer locations. We propose placing virtual SFUs at network edges leveraging NSP edge datacenters to optimize end-to-end delay and usage of overall network resources. The main advantage of the distributed edge-SFU framework is that each peer video stream travels the shortest path to reach other peers similar to mesh connection model, whereas each peer uploads a single stream to its edge-SFU avoiding the upload bottleneck. While the proposed distributed edge-SFU framework applies to both best-effort and managed service models, this paper proposes a premium managed, edge-integrated multi-party WebRTC service architecture with bandwidth and delay guarantees within access networks by SDN-assisted slicing of edge networks. The performance of the proposed distributed edge-SFU service architecture is demonstrated by means of experimental results.

The impact of issuing micro-credentials for a higher education institution

Higher education institutions lead in innovation application and test various technology-enhanced solutions to correspond to student and labour market needs, foster and analyse innovative scenarios, and their impact on teaching and learning processes. There is a limited number of shared good practices that discuss technologies used for the issuance of micro-credentials, and this paper aims to reveal the higher education practice of testing some virtual infrastructures for issuing micro-credentials for students attending non-formal university courses. This research experimented with and tested VLE Moodle and Europass EDC infrastructures to issue micro-credentials. It was found that both Moodle VLE and Europass EDC infrastructure can be used to issue micro-credentials. Europass EDC infrastructure is more end-user friendly, while Moodle collects data during the learning process and can automatically transfer results to the micro-credential. However, both virtual infrastructures have some drawbacks, which may be fixed in the future.

Improvement of 5G Core Network Performance using Network Slicing and Deep Reinforcement Learning

Users have increasingly been having more use cases for the network while expecting the best Quality of Service (QoS) and Quality of Experience (QoE). The Fifth Generation of mobile telecommunications technology (5G) network had promised to satisfy most of the expectations and network slicing had been introduced in 5G to be able to satisfy various use cases. However, creating slices in a real-life environment with just the resources required while having optimized QoS has been a challenge. This has necessitated more intelligence to be required in the network and machine learning (ML) has been used recently to add the intelligence and ensure zero-touch automation. This research addresses the open question of creating slices to satisfy various use cases based on their QoS requirements, managing, and orchestrating them optimally with minimal resources while allowing the isolation of services by introducing a Deep reinforcement Machine Learning (DRL) algorithm. This research first evaluates the previous work done in improving QoS in the 5G core. 5G architecture is simulated by following the ETSI NFV MANO (European Telecommunications Standards Institute for Network Function Virtualization Management and Orchestration) framework and uses Open5G in 5G core, UERANISM for RAN, Openstack for Virtual Infrastructure Manager (VIM), and Tacker for Virtual Network Function Management and orchestration (VNFMO). The research simulates network slicing at the User Plane Function (UPF) level and evaluates how it has improved QoS. The network slicing function is automated by following ETSI Closed Loop Architecture and using Deep Reinforcement Learning (DRL) by modeling the problem as a Markov Decision Problem (MDP). Throughput is the Reward for the actions of the DRL agent. Comparison is done on the impact of slicing on throughput and compares models that have not been sliced, the ones that have been sliced and combined to work together, and models with slices that have been assigned more bandwidth. Sliced networks have better throughput than the ones not sliced. If more slices are load-balanced the throughput is increased. Deep Reinforcement Learning has managed to achieve the dynamic assigning of slices to compensate for declining throughput.

Compiler-Driven FPGA Virtualization with SYNERGY

FPGAs are increasingly common in modern applications, and cloud providers now support on-demand FPGA acceleration in datacenters. Applications in datacenters run on virtual infrastructure, where consolidation, multi-tenancy, and workload migration enable economies of scale that are fundamental to the provider’s business. However, a general strategy for virtualizing FPGAs has yet to emerge. While manufacturers struggle with hardware-based approaches, we propose a compiler/runtime-based solution called Synergy . We show a compiler transformation for Verilog programs that produces code able to yield control to software at sub-clock-tick granularity according to the semantics of the original program. Synergy uses this property to efficiently support core virtualization primitives: suspend and resume, program migration, and spatial/temporal multiplexing, on hardware which is available today . We use Synergy to virtualize FPGA workloads across a cluster of Intel SoCs and Xilinx FPGAs on Amazon F1. The workloads require no modification, run within 3–4 x of unvirtualized performance, and incur a modest increase in FPGA fabric usage.

Digital Library Management using Cloud Computing

Libraries may soon be building and managing their own data centers. This model would let libraries maintain more control over the applications and data stores that contain sensitive, private information about patrons. Provisioning and maintenance of infrastructure for Web based digital library present several challenges. In this paper we discuss problems faced with digital library and development efforts to overcome that problem. Infrastructure virtualization and cloud computing are particularly attractive choices which is challenged by both growth in the size of the indexed document collection, new features and most prominently usage. With the purpose of applying Cloud Computing to university library, the paper describes the current status of user service models in university libraries. Then it proposed to improve current user service model with Cloud Computing. This paper explores some of the security issues surrounding data location, mobility and availability

Cyber5Gym: An Integrated Framework for 5G Cybersecurity Training

The rapid evolution of 5G technology, while offering substantial benefits, concurrently presents complex cybersecurity challenges. Current cybersecurity systems often fall short in addressing challenges such as the lack of realism of the 5G network, the limited scope of attack scenarios, the absence of countermeasures, the lack of reproducible, and open-sourced cybersecurity training environments. Addressing these challenges necessitates innovative cybersecurity training systems, referred to as “cyber ranges”. In response to filling these gaps, we propose the Cyber5Gym, an integrated cyber range that enhances the automation of virtualized cybersecurity training in 5G networks with cloud-based deployment. Our framework leverages open-source tools (i) Open5GS and UERANSIM for realistic emulation of 5G networks, (ii) Docker for efficient virtualization of the training infrastructure, (iii) 5Greply for emulating attack scenarios, and (iv) Shell scripts for automating complex training operations. This integration facilitates a dynamic learning environment where cybersecurity professionals can engage in real-time attack and countermeasure exercises, thus significantly improving their readiness against 5G-specific cyber threats. We evaluated it by deploying our framework on Naver Cloud with 20 trainees, each accessing an emulated 5G network and managing 100 user equipments (UEs), emulating three distinct attack scenarios (SMC-Reply, DoS, and DDoS attacks), and exercising countermeasures, to demonstrate the cybersecurity training. We assessed the effectiveness of our framework through specific metrics such as successfully establishing the 5G network for all trainees, accurate execution of attack scenarios, and their countermeasure implementation via centralized control of the master using automated shell scripts. The open-source foundation of our framework ensures replicability and adaptability, addressing a critical gap in current cybersecurity training methodologies and contributing significantly to the resilience and security of 5G infrastructures.

Integrating AI and Big Data in Virtual Infrastructures: Transforming Educational Landscapes for the Future

Integrating AI and Big Data in Virtual Infrastructures: Transforming Educational Landscapes for the Future

Instant memories of the Russian war against Ukraine – mapping the virtual Meta History: Museum of War

Abstract This paper explores how Ukrainian virtual museums of war are embedded in today's connective environment of humans, codes and algorithms. In particular, I examine the ways virtuality as a mode of memory-making is deployed by the Meta History: Museum of War to shape the mediation and remembering of the full-scale Russian war against Ukraine as it unfolds. Using digital methods and digital ethnography, this study maps the emerging assemblage of the Meta History: Museum of War to grasp how the museum is contributing to efforts to repel the Russian invasion through its artistic and material engagement with the war. By exploring the network of exhibitions and the museum's virtual infrastructure, the study illustrates how the museum generates affective instant memories in order to wield influence over events that will in turn be exhibited in the future. Consequently, it adds valuable insights into the production of virtual engagement with war.

The collective dimension of platform work

The present research aims at inquiring if a collective dimension exists and how to strengthen it in platform work. Firstly, the consistency of the characteristics of platform work with the collective dimension of labour law is verified from a theoretical point of view. Even if difficulties in building a collective dimension emerge, it is then shown that some collective initiatives, taken by self-organised and non-unionised movements but also by Trade Unions, have been occurred in working on-demand via apps, especially with reference to the food delivery sector. A different story can be told about crowdwork where the collective dimension is completely neglected, with the exception of few original experiences, supported also by Trade Unions, put in place online, due to the virtual character of the crowdwork workplace. However, these initiatives are considered not sufficient in order to build a collective dimension, as they are not enough to guarantee the communication among workers from which a collective interest can rise. For this reason, the Proposal of the European Union requesting platforms to provide crowdworkers with specific virtual infrastructures on the platforms themselves, enabling a communication among workers similar to that which takes place in the physical workplace, is pivotal to facilitate discussions and exchanges of ideas among workers, from which a collective organisation, holding a collective interest, could slowly develop.

Teachers and managers experiences of virtual learning during the COVID-19 pandemic: A qualitative study

The closure of universities and schools interrupted learning outcomes and deprived students from growth and development opportunities as well as hindering their academic progress. Indeed, the COVID-19 Pandemic changed educational mechanism from traditional method to staying at home and virtual education globally. On the other hand, the educators and student particularly in developing countries faced shortage of necessary software and hardware infrastructures. Accordingly, introduction of virtual education along with some organizational and regional obstacles as well as poor planning caused low-quality online courses. Therefore, the present study extrapolated teachers' virtual education experiences during the COVID-19 pandemic. This qualitative study conducted on Iranian teachers using the conventional content analysis method in 2022. To do this, the targeted sampling method with maximum variation continued until data saturation. Hence, a total of 17 teachers (10 women and 7 men) included in the study. Data collected through five focus group discussions on the Sky room platform and two individual in-depth interviews. Male teachers had an average age of 44.42 years, while female ones had an average age of 47.80 years. The qualitative analysis categorized 22 themes as virtual education's pros and cons. Mental, physical, and social injuries; economic problems; insufficient virtual teaching skills; lack of virtual infrastructure; lack of motivation were identified as the main disadvantages of virtual education. Virtual education benefits included familiarity with modern science and education, time management, the durability of video and course topics, and not forcing students to attend class. Removing structural barriers (like creating a good platform for practical education and stopping new restrictive policies) and individual barriers (like economic and family problems, lack of motivation, psychological pressures, and occupational stress) could possibly improve virtual education. Virtual education should be different from face-to-face teaching because it can only meet some students' needs.

Intelligent road-safety warning system based on virtual infrastructures

Intelligent road-safety warning system based on virtual infrastructures

Taxation in the Digital Age: An Examination of the Necessity, Feasibility, and Implications of Taxing Virtual Infrastructures

This research paper explores the feasibility, methods, and implications of taxing virtual infrastructures within the evolving digital landscape and economy; considering the proliferation of digital assets, online transactions, and virtual entities, the taxation of virtual infrastructures becomes imminent as an avenue for government to accumulate revenue for effective government administration. The paper examined the objectives of the study through primary data collected from 320 tax professionals and 297 IT experts to explore the impact of virtual infrastructure taxation on government revenues, the feasibility of taxation models, its effects on innovation and investment in the digital sector, and the challenges of cross-border tax strategies. Findings show that although taxation of virtual infrastructures significantly enhances government revenues, contributing to fiscal sustainability and the funding of public services and infrastructure projects, measures must be put in place to cushion the effect of such taxation on investment and innovation in the digital economy, as the taxation of virtual infrastructures were found to hamper investment and innovation significantly. Also, the implementation of modified traditional and emerging taxation models is shown to increase the feasibility of taxing virtual infrastructures, offering opportunities to enhance government revenues while fostering digital innovation. Data analysis, including Pearson correlation and linear regression methods, was employed to assess the relationships between the variables. Moreover, cross-border tax strategies are found to have negative implications for the taxation of virtual infrastructures, including profit shifting, transfer pricing, and competition among countries to attract digital firms. International cooperation and comprehensive tax reforms are suggested to address these challenges and ensure equitable tax contributions. The study underscores the significance of global collaboration in addressing cross-border taxation challenges and recommends the integration of modern tools and technologies to streamline tax processes while developing modified tax methodologies and policies that suit the digital economy.

Securing NFV/SDN IoT Using VNFs Over a Compute-Intensive Hardware Resource in NFVI

The Network Function Virtualization (NFV) and Software-Defined Networking (SDN) are network paradigms for flexibly deploying future networks while guaranteeing security service requirements. This work designs Virtual Network Functions (VNFs) through a Compute-Intensive (CI) hardware resource in Network Function Virtualization Infrastructure (NFVI). The proposed NFVI is characterized by a multi-channel cryptosystem, which can be virtualized as a plurality of VNFs, that is, crypto engines, and each crypto engine is logically dedicated to an NFV/SDN Internet of Things (IoT) device, which does not have or has limited security capability owing to resource constraints. To enhance the performance of a cryptosystem, the accelerator circuit is often deeply pipelined and unrolled. However, to fulfill the popular feedback operation modes, the throughput of the pipelined and unrolled cryptosystem that implements a block cipher, say Advanced Encryption Standard (AES), can deteriorate even lower than that without these techniques. To solve this problem, we design a pipelined and unrolled multichannel cryptosystem, which can be integrated into NFVI edge servers, with feedback operation mode for the NFV/SDN IoT. As a result, the combinational logics of a block cipher with feedback can be shared by plenty of IoT devices to enhance the hardware efficiency as well. Moreover, in addition to briefly review several AES designs, the fastest AES design is derived by shortening its critical path to only a logic gate of multiplexer or Exculsive OR (XOR) gate.

Urban infrastructure design principles for connected and autonomous vehicles: a case study of Oxford, UK

Connected and Autonomous Vehicles (CAVs) are reshaping urban systems, demanding substantial computational support. While existing research emphasizes the significance of establishing physical and virtual infrastructure to facilitate CAV integration, a comprehensive framework for designing CAV-related infrastructure principles remains largely absent. This paper introduces a holistic framework that addresses gaps in current literature by presenting principles for the design of CAV-related infrastructure. We identify diverse urban infrastructure types crucial for CAVs, each characterized by intricate considerations. Deriving from existing literature, we introduce five principles to guide investments in physical infrastructure, complemented by four principles specific to virtual infrastructure. These principles are expected to evolve with CAV development and associated technology advancements. Furthermore, we exemplify the application of these principles through a case study in Oxford, UK. In doing so, we assess urban conditions, identify representative streets, and craft CAV-related urban infrastructure tailored to distinct street characteristics. This framework stands as a valuable reference for cities worldwide as they prepare for the increasing adoption of CAVs.

A vendor-agnostic, PACS integrated, and DICOM-compatible software-server pipeline for testing segmentation algorithms within the clinical radiology workflow.

Reproducible approaches are needed to bring AI/ML for medical image analysis closer to the bedside. Investigators wishing to shadow test cross-sectional medical imaging segmentation algorithms on new studies in real-time will benefit from simple tools that integrate PACS with on-premises image processing, allowing visualization of DICOM-compatible segmentation results and volumetric data at the radiology workstation. In this work, we develop and release a simple containerized and easily deployable pipeline for shadow testing of segmentation algorithms within the clinical workflow. Our end-to-end automated pipeline has two major components- 1. A router/listener and anonymizer and an OHIF web viewer backstopped by a DCM4CHEE DICOM query/retrieve archive deployed in the virtual infrastructure of our secure hospital intranet, and 2. An on-premises single GPU workstation host for DICOM/NIfTI conversion steps, and image processing. DICOM images are visualized in OHIF along with their segmentation masks and associated volumetry measurements (in mL) using DICOM SEG and structured report (SR) elements. Since nnU-net has emerged as a widely-used out-of-the-box method for training segmentation models with state-of-the-art performance, feasibility of our pipleine is demonstrated by recording clock times for a traumatic pelvic hematoma nnU-net model. Mean total clock time from PACS send by user to completion of transfer to the DCM4CHEE query/retrieve archive was 5 min 32 s (± SD of 1 min 26 s). This compares favorably to the report turnaround times for whole-body CT exams, which often exceed 30 min, and illustrates feasibility in the clinical setting where quantitative results would be expected prior to report sign-off. Inference times accounted for most of the total clock time, ranging from 2 min 41 s to 8 min 27 s. All other virtual and on-premises host steps combined ranged from a minimum of 34 s to a maximum of 48 s. The software worked seamlessly with an existing PACS and could be used for deployment of DL models within the radiology workflow for prospective testing on newly scanned patients. Once configured, the pipeline is executed through one command using a single shell script. The code is made publicly available through an open-source license at "https://github.com/vastc/," and includes a readme file providing pipeline config instructions for host names, series filter, other parameters, and citation instructions for this work.

Tracing footprints of anti-forensics and assuring secured data transmission in the cloud using an effective ECCDH and Kalman Filter

The work “Tracing Footprints of Anti-Forensics and Ensuring Secured Data Transmission in the Cloud Using an Effective ECCDH and Kalman Filter” addresses the critical challenge of thwarting anti-forensic operations to protect data integrity in the context of cloud computing. This research digs into the complex difficulties encountered by digital forensics in multi-tenant virtual infrastructures in the context of cloud technology vulnerabilities and privacy issues inside cloud settings. The inquiry covers both technical and legal ground, including the examination of evidentiary photos and residual data. The complexity of forensic attempts is amplified by the convergence of diverse settings, the widespread use of privacy, encryption, and anti-forensic measures, and the intricate architecture of Cloud Service Providers (CSPs). Because of its decentralized nature, cloud computing exacerbates problems caused by quickly growing databases. Anti-forensic assaults are a serious concern within the realm of cloud security risks because they obfuscate attack evidence throughout the whole forensic investigation process. The research presents a novel method of combating these evasive strategies by combining ECCDH (Elliptic Curve Cryptography Diffie-Hellman) with Kalman Filters. This cutting-edge combination not only successfully identifies anti-forensic traces, but also guarantees private data transfer to the right people. The suggested approach uses the Kalman Filter in conjunction with encryption, decryption, compression, and decompression of data to identify attacked and un-attacked packets. The KDD-Cup dataset is used to conduct empirical validation of the approach. The results of the investigation corroborate the usefulness of the suggested method for enhancing cloud data transmission security and revealing potential anti-forensic actions. In particular, the attained values for accuracy, precision, recall, and F-score are as follows: 98.68, 99.06, 98.68, and 98.68. The proposed method outperforms state-of-the-art methods in terms of accuracy, recall, precision, and F-score, according to a comparison with the latter.

The Challenges of Collecting Digital Evidence Across Borders

In the modern world, the use of ICT communication technologies has become an integral part of life. ICT infrastructure is the bearer of digital traces of both legal and illegal activities performed through it. However, for something to become digital evidence, it must be obtained by law and by a person authorised by law. Namely, the virtual infrastructure, especially the Internet and the new challenges brought to us by cloud architectue due to its physical positioning outside national borders, calls into question the legality of searching and collecting digital evidence outside national borders. This paper analyses the legal basis for collecting digital evidence in cyberspace internationally, such as the Council of Europe Convention on Cybercrime, the US Cloud Act, the Australian Decryption Act and the European GDPR. Although the Court of Justice of the European Union declared invalid the decision of the European Commission (EU) 2016/1250 on the adequacy of data protection provided through the EU-US Privacy Shield, experts must not stop looking for a solution to the apparent problem. The paper intends to support decision-makers in taking clear national positions regarding the above controversial legal norms and their mutual conflict. The paper compares the legal consequences of such collection, and the acceptability of such digital evidence, and such collection may also be associated with a breach of the privacy of a legal and private entity.

A digital infrastructure perspective for accelerated rural entrepreneurship

Within the technological context associated with the Fourth Industrial Revolution (4IR) as well as the technological implications of the Covid-19 pandemic, digitalization has increased. Given the that rural entrepreneurs have traditionally lagged behind in many facets of competitiveness, the purpose of this study was to explore the question: How can digital infrastructure accelerate small business entrepreneurship at a rural community in the Eastern Cape Province? The study was based on a qualitative design related to participant observations and document analysis. Participating in a meeting between entrepreneurs, academics and Small Enterprise Development Agency (SEDA) officials and analyzing the discussion areas and behaviors of participants allowed the objectives of the study to be achieved. It was found that virtual infrastructure development excited the respondents and inspired business and developmental aspirations of participants. Participants provided that that digital infrastructure development in rural Eastern Cape would foster economic development, close the digital divide, widens small enterprise development models, ensure inclusive economic participation and create new business opportunities. It was also provided that digital infrastructure creates entrepreneurial linkages that would promote business ecosystems in rural areas and foster general economic advancement in rural areas. This study resulted in the need to recommend government to increase digital support and investment in rural areas. Keywords: Virtualization, digitalization, entrepreneurship, small business, innovation, technology

THEORETICAL AND METHODOLOGICAL APPROACHES TO IT INFRASTRUCTURE MANAGEMENT IN CONDITIONS OF DIGITALIZATION

The article proves that the formation and support of IT infrastructure developing is a key strategic factor in the effective functioning of enterprises and organizations. There are the interpretations of the concepts ‘IT infrastructure’, ‘information infrastructure’, ‘technological infrastructure’ and ‘supporting infrastructure’. It has been found that the IT infrastructure needs constant support and updating to ensure the safety and reliability of data, devices, IT services, tools, technological processes, information, and communication technologies. The components of the organization’s IT infrastructure that meet the needs and business development plan are given. It has been established that IT infrastructure components can be deployed, organized and implemented in various ways. The main tasks of the IT infrastructure and its purpose are also given. The article provides the information that the modern version of the organization’s IT infrastructure is cloud infrastructure, which is quite effective for small and medium-sized businesses with a limited budget. It was found out the virtualization of the IT infrastructure of the enterprise is provided by the virtualization of servers, applications, workstations, the use of cloud computing, optimization of the information network, interaction on demand. The areas of management that have developed from the need to maximize the value created by IT assets are characterized: ITOM, ITSM and ITAM. Important to know the role of the IT infrastructure management system because it is manifested in the proactive administration and management of technological tools, in particular: monitoring of errors and problems; patch tracking; tracing all errors back to their original sources. Moreover, it has been established that the role of IT infrastructure security is becoming more complicated as business entities move to cloud models, hybrid models, multi-cloud technologies, etc. Finally, the model of providing cloud services, with the help of which IT organizations can purchase virtualized computing resources from a third-party provider and access them via the Internet, is called infrastructure services (IaaS).