Visible to the public Middleware Security 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

Middleware Security



Middleware facilitates distributed processing and is of significant interest to the security world with the development of cloud and mobile applications. It is important to the Science of Security community relative to resilience, policy-based governance, and composability. The articles cited here were presented or published in 2015.

Talpur, S.R.; Abdalla, S.; Kechadi, T., “Towards Middleware Security Framework for Next Generation Data Centers Connectivity,” in Science and Information Conference (SAI), 2015, vol., no., pp. 1277–1283, 28–30 July 2015. doi:10.1109/SAI.2015.7237308
Abstract: Data Center as a Service (DCaaS) facilitates to clients as an alternate outsourced physical data center, the expectations of business community to fully automate these data centers to run smoothly. Geographically Distributed Data Centers and their connectivity has major role in next generation data centers. In order to deploy the reliable connections between Distributed Data Centers, the SDN based security and logical firewalls are attractive and enviable. We present the middleware security framework for software defined data centers interconnectivity, the proposed security framework will be based on some learning processes, which will reduce the complexity and manage very large number of secure connections in real-world data centers. In this paper we will focus on two main objectives; (1) proposing simple and yet scalable techniques for security and analysis, (2) Implementing and evaluating these techniques on real-world data centers.
Keywords: cloud computing; computer centres; firewalls; middleware; security of data; software defined networking; Data Center as a Service; SDN based security; geographically distributed data centers; logical firewalls; middleware security framework; next generation data centers connectivity; outsourced physical data center; real-world data centers; software defined data centers interconnectivity; Distributed databases; Optical switches; Routing; Security; Servers; Software; DCI (Data Center Inter-connectivity); DCaaS; Distributed Firewall; OpenFlow; SDDC; SDN; Virtual Networking (ID#: 15-7747)

Dayal, A.; Tbaileh, A.; Yi Deng; Shukla, S., “Distributed VSCADA: An Integrated Heterogeneous Framework for Power System Utility Security Modeling and Simulation,” in Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES), 2015 Workshop on, vol., no., pp. 1–6, 13–13 April 2015. doi:10.1109/MSCPES.2015.7115408
Abstract: The economic machinery of the United States is reliant on complex large-scale cyber-physical systems which include electric power grids, oil and gas systems, transportation systems, etc. Protection of these systems and their control from security threats and improvement of the robustness and resilience of these systems, are important goals. Since all these systems have Supervisory Control and Data Acquisition (SCADA) in their control centers, a number of test beds have been developed at various laboratories. Usually on such test beds, people are trained to operate and protect these critical systems. In this paper, we describe a virtualized distributed test bed that we developed for modeling and simulating SCADA applications and to carry out related security research. The test bed is a virtualized by integrating various heterogeneous simulation components. This test bed can be reconfigured to simulate the SCADA of a power system, or a transportation system or any other critical systems, provided a back-end domain specific simulator for such systems are attached to it. In this paper, we describe how we created a scalable architecture capable of simulating larger infrastructures and by integrating communication models to simulate different network protocols. We also developed a series of middleware packages that integrates various simulation platforms into our test bed using the Python scripting language. To validate the usability of the test bed, we briefly describe how a power system SCADA scenario can be modeled and simulated in our test bed.
Keywords: SCADA systems; authoring languages; control engineering computing; middleware; power system security; power system simulation; Python scripting language; back-end domain specific simulator; complex large-scale cyber-physical systems; distributed VSCADA; economic machinery; heterogeneous simulation components; integrated heterogeneous framework; middleware packages; network protocols; power system utility security modeling; power system utility security simulation platform; supervisory control and data acquisition; system protection; transportation system; virtualized distributed test bed; Databases; Load modeling; Power systems; Protocols; SCADA systems; Servers; Software; Cyber Physical Systems; Cyber-Security; Distributed Systems; NetworkSimulation; SCADA (ID#: 15-7748)

Heimgaertner, F.; Hoefling, M.; Vieira, B.; Poll, E.; Menth, M., “A Security Architecture for the Publish/Subscribe C-DAX Middleware,” in Communication Workshop (ICCW), 2015 IEEE International Conference on, vol., no., pp. 2616–2621, 8–12 June 2015. doi:10.1109/ICCW.2015.7247573
Abstract: The limited scalability, reliability, and security of today’s utility communication infrastructures are main obstacles for the deployment of smart grid applications. The C-DAX project aims at providing a cyber-secure publish/subscribe middleware tailored to the needs of smart grids. C-DAX provides end-to-end security, and scalable and resilient communication among participants in a smart grid. This work presents the C-DAX security architecture, and proposes different key distribution mechanisms. Security properties are defined for control plane and data plane communication, and their underlying mechanisms are explained. The presented work is partially implemented in the C-DAX prototype and will be deployed in a field trial.
Keywords: middleware; power engineering computing; power system security; security of data; smart power grids; software architecture; C-DAX project; control plane communication; cyber-secure publish/subscribe middleware; data plane communication; end-to-end security; key distribution mechanisms; publish/subscribe C-DAX middleware; reliability; resilient communication; scalability; scalable communication; security architecture; security properties; smart grid applications; utility communication infrastructures; Authentication; Encryption; Middleware; Public key; Smart grids (ID#: 15-7749)

Kypus, L.; Vojtech, L.; Kvarda, L., “Qualitative and Security Parameters Inside Middleware Centric Heterogeneous RFID/IoT Networks, On-Tag Approach,” in Telecommunications and Signal Processing (TSP), 2015 38th International Conference on, vol., no., pp. 21–25, 9–11 July 2015. doi:10.1109/TSP.2015.7296217
Abstract: Work presented in the paper started as preliminary research, and analysis, ended as testing of radio frequency identification (RFID) middlewares. The intention was to get better insight into the architecture and functionalities with respect to its impact to overall quality of service (QoS). Main part of paper focuses on lack of QoS awareness due to missing classification of data originated from tags and from the very beginning of the delivery process. Method we used to evaluate did follow up on existing researches in area of QoS for RFID, combining them with new proposal from standard ISO 25010 regarding - Quality Requirements and Evaluation, system and software quality models. The idea is to enhance application identification area in user memory bank with encoded QoS flags and security attributes. The proof of concept of on-tag specified classes and attributes is able to manage and intentionally influence applications and data processing behavior.
Keywords: middleware; quality of service; radiofrequency identification; software quality; telecommunication computing; IoT networks; QoS awareness; middleware centric heterogeneous RFID network; on-tag approach; quality requirements; radio frequency identification middlewares; software quality models; standard ISO 25010; Ecosystems; Middleware; Protocols; Quality of service; Radiofrequency identification; Security; Standards; Application identification; IoT; QoS flags; RFID; Security attributes (ID#: 15-7750)

DongHyuk Lee; Namje Park; DooHo Choi, “Inter-Vessel Traffic Service Data Exchange Format Protocol Security Enhancement of User Authentication Scheme in Mobile VTS Middleware Platform,” in Network Operations and Management Symposium (APNOMS), 2015 17th Asia-Pacific, vol., no., pp. 527–529, 19–21 Aug. 2015. doi:10.1109/APNOMS.2015.7275405
Abstract: The IVEF protocol developed by IALA is focused on the technical implementation. But, It does not contain the description of the information encryption for IVEF protocol data protection. The vessel traffic information is high sensitive information. So a necessary part of the absolute reliability of the information client and data security. This paper suggests the authentication protocol to increase the security of the VTS systems using the main certification server and IVEF.
Keywords: cryptographic protocols; marine communication; middleware; mobile communication; IALA; IVEF protocol data protection; VTS systems; authentication protocol; data security; information client; information encryption; inter-vessel traffic service data exchange format protocol security enhancement; main certification server; mobile VTS middleware platform; vessel traffic information; Authentication; Cryptography; Integrated circuits; Protocols; Servers; Smart phones; IVEF; Protocol; VTS (ID#: 15-7751)

Ouedraogo, W.F.; Biennier, F.; Merle, P., “Optimizing Service Protection with Model Driven Security@run.time,” in Service-Oriented System Engineering (SOSE), 2015 IEEE Symposium on, vol., no., pp. 50–58, March 30 2015–April 3 2015. doi:10.1109/SOSE.2015.50
Abstract: Enterprises are more and more involved in collaborative business. This leads to open and outsourcing all or part of their information system (IS) to create collaborative processes by composing business services picked in each partner IS and to take advantage of Cloud computing. Business services outsourcing and their dynamic collaboration context can bring lost of control on IS and new security risks can occur. This leads to inconsistent protection allowing competitors to access to unauthorized information. To address this issue, systematic security service invocations may be added, without paying attention to the business context leading to costly over protection. To address this issue, an adaptive security service model deployment is required to provide a business service consistent protection by taking into account the collaboration context (business service data criticity, partners involved in the collaboration, etc.), and the cloud deployment and execution environment. In this paper, we propose an adaptive security model based on MDS@run.time, the marriage of Model Driven Security (MDS) and Models@run.time approaches, allowing to select at runtime the appropriate security components to apply. The MDS approach is used to generate security policies, which are interpreted at runtime and load appropriate security mechanisms depending on the context (which takes advantage of the Models@run.time approach) ensuring business process end to end protection. A proof of concept prototype is built on top of the OW2 FraSCAti middleware, validating our proposition efficiency. Our experiments and simulations show that MDS@run.time improves the system efficiency when the over-protection risk rate increases.
Keywords: cloud computing; groupware; information systems; middleware; outsourcing; risk management; security of data; software performance evaluation; MDS@run.time; Models@run.time; OW2 FraSCAti middleware; adaptive security service model deployment; business service consistent protection; business service data criticity; business services outsourcing; cloud deployment; collaborative business; dynamic collaboration context; execution environment; information system; model driven security@run.time; over-protection risk rate; security policy generation; security risks; service protection optimization; system efficiency improvement; Authentication; Business; Collaboration; Context; Context modeling; Middleware (ID#: 15-7752)

Silva, A.; Rosa, N., “FIrM: Functional Middleware with Support to Multi-tenancy,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 650–657, 24–27 March 2015. doi:10.1109/AINA.2015.249
Abstract: The use of middleware systems to support multi-tenancy applications in cloud computing environments can help to decrease the application costs by reducing the hardware infrastructure and the amount of software license required to run a software, and facilitating the its maintenance. However, the design and implementation of middleware systems that support multi-tenancy feature is complex due challenges such as hardware sharing, security, scalability, configuration per tenant and tenant isolation. Furthermore, developers generally implement middleware systems through general-purpose object-oriented languages without taking the benefits of using a language that allows a higher level of abstraction and concision on writing concurrent and parallel systems. In this paper, we present FIrM (Functional Middleware), a cloud computing middleware implemented in Haskell, which allows multi-tenant-aware remote procedure calls. In order to evaluate FIrM, we carry out a performance evaluation that shows the impact of the multi-tenancy mechanisms on the performance of the applications.
Keywords: cloud computing; cost reduction; functional programming; middleware; object-oriented languages; software maintenance; software performance evaluation; FIrM; Functional Middleware; Haskell; application cost reduction; cloud computing environments; configuration-per-tenant; general-purpose object-oriented languages; hardware infrastructure; hardware sharing; multitenancy applications; multitenant-aware remote procedure calls; performance evaluation; scalability; security; software license; tenant isolation; Conferences; Cloud computing; Functional programming; Middleware; Multi-tenancy (ID#: 15-7753)

Papadopoulos, G., “Challenges in the Design and Implementation of Wireless Sensor Networks: A Holistic Approach-Development and Planning Tools, Middleware, Power Efficiency, Interoperability,” in Embedded Computing (MECO), 2015 4th Mediterranean Conference on, vol., no., pp. 1–3, 14–18 June 2015. doi:10.1109/MECO.2015.7181857
Abstract: Wireless Sensor Networks (WSNs) constitute a networking area with promising impact in the environment, health, security, industrial applications and more. Each of these presents different requirements, regarding system performance and QoS, and involves a variety of mechanisms such as routing and MAC protocols, algorithms, scheduling policies, security, OS, all of which are residing over the HW, the sensors, actuators and the Radio Tx/Rx. Furthermore, they encompass special characteristics, such as constrained energy, CPU and memory resources, multi-hop communication, leading to a few steps higher the required special knowledge. Although the status of WSNs is nearing the stage of maturity and wide-spread use, the issue of their sustainability hinges upon the implementation of some features of paramount importance: Low power consumption to achieve long operational life-time for battery-powered unattended WSN nodes, joint optimization of connectivity and energy efficiency leading to best-effort utilization of constrained radios and minimum energy cost, self-calibration and self-healing to recover from failures and errors to which WSNs are prone, efficient data aggregation lessening the traffic load in constrained WSNs, programmable and reconfigurable stations allowing for long life-cycle development, system security enabling protection of data and system operation, short development time making more efficient the time-to-market process and simple installation and maintenance procedures for wider acceptance. Despite the considerable research and important advances in WSNs, large scale application of the technology is still hindered by technical, complexity and cost impediments. Ongoing R&D is addressing these shortcomings by focusing on energy harvesting, middleware, network intelligence, standardization, network reliability, adaptability and scalability. However, for efficient WSN development, deployment, testing, and maintenance, a holistic unified approach is necessary which will address the above WSN challenges by developing an integrated platform for smart environments with built-in user friendliness, practicality and efficiency. This platform will enable the user to evaluate his design by identifying critical features and application requirements, to verify by adopting design indicators and to ensure ease of development and long life cycle by incorporating flexibility, expandability and reusability. These design requirements can be accomplished to a significant extent via an integration tool that provides a multiple level framework of functionality composition and adaptation for a complex WSN environment consisting of heterogeneous platform technologies, establishing a software infrastructure which couples the different views and engineering disciplines involved in the development of such a complex system, by means of the accurate definition of all necessary rules and the design of the ‘glue-logic’ which will guarantee the correctness of composition of the various building blocks. Furthermore, to attain an enhanced efficiency, the design/development tool must facilitate consistency control as well as evaluate the selections made by the user and, based on specific criteria, provide feedback on errors concerning consistency and compatibility as well as warnings on potentially less optimal user selections. Finally, the WSN planning tool will provide answers to fundamental issues such as the number of nodes needed to meet overall system objectives, the deployment of these nodes to optimize network performance and the adjustment of network topology and sensor node placement in case of changes in data sources and network malfunctioning.
Keywords: computer network reliability; computer network security; data protection; energy conservation; energy harvesting; middleware; open systems; optimisation; quality of service; sensor placement; telecommunication network planning; telecommunication network topology; telecommunication power management; telecommunication traffic; time to market; wireless sensor networks; QoS; WSN reliability; constrained radio best-effort utilization; data aggregation; data security enabling protection; design-development tool; energy efficiency; energy harvesting; failure recovery; heterogeneous platform technology; holistic unified approach; interoperability; network intelligence; network topology adjustment; power consumption; power efficiency; sensor node placement; time-to-market process; traffic load; wireless sensor network planning tools; Electrical engineering; Embedded computing; Europe; Security; Wireless sensor networks (ID#: 15-7754)

Billure, R.; Tayur, V.M.; Mahesh, V., “Internet of Things — A Study on the Security Challenges,” in Advance Computing Conference (IACC), 2015 IEEE International, vol., no., pp. 247–252, 12–13 June 2015. doi:10.1109/IADCC.2015.7154707
Abstract: The vision of Internet of Things (IoT) is to enable devices to collaborate with each other on the Internet. Multiple devices collaborating with each other have opened up various opportunities in multitude of areas. It has presented unique set of challenges in scaling the Internet, techniques for identification of the devices, power efficient algorithms and communication protocols. Always connected devices have access to private sensitive information and any breach in them is a huge security risk. The IoT environment is composed of the hardware, software and middleware components making it a complex system to manage and secure. The objective of this paper is to present the challenges in IoT related to security, its challenges and recent developments through a comprehensive review of the literature.
Keywords: Internet of Things; data privacy; middleware; security of data; IoT; hardware component; information privacy; security risk; software component; Computers; Jamming; Lead; Middleware; Radiofrequency identification; Reliability; Security; security in IOT (ID#: 15-7755)

Singh, J.; Pasquier, T.F.J.-M.; Bacon, J.; Eyers, D., “Integrating Messaging Middleware and Information Flow Control,” in Cloud Engineering (IC2E), 2015 IEEE International Conference on, vol., no., pp. 54–59, 9–13 March 2015.  doi:10.1109/IC2E.2015.13
Abstract: Security is an ongoing challenge in cloud computing. Currently, cloud consumers have few mechanisms for managing their data within the cloud provider’s infrastructure. Information Flow Control (IFC) involves attaching labels to data, to govern its flow throughout a system. We have worked on kernel-level IFC enforcement to protect data flows within a virtual machine (VM). This paper makes the case for, and demonstrates the feasibility of an IFC-enabled messaging middleware, to enforce IFC within and across applications, containers, VMs, and hosts. We detail how such middleware can integrate with local (kernel) enforcement mechanisms, and highlight the benefits of separating data management policy from application/service-logic.
Keywords: cloud computing; data protection; middleware; security of data; virtual machines; VM; application logic; cloud consumers; cloud provider infrastructure; data flow protection; data management policy; information flow control; kernel enforcement mechanisms; kernel-level IFC enforcement; local enforcement mechanisms; messaging middleware integration; service-logic; virtual machine; Cloud computing; Context; Kernel; Runtime; Security; Servers; Information Flow Control; distributed systems; policy; security (ID#: 15-7756)

Shi-Wei Zhao; Ze-Wen Cao; Wen-Sen Liu, “OSIA: Open Source Intelligence Analysis System Based on Cloud Computing and Domestic Platform,” in Information Science and Control Engineering (ICISCE), 2015 2nd International Conference on, vol., no., pp. 371–375, 24–26 April 2015. doi:10.1109/ICISCE.2015.89
Abstract: Information safety is significant for state security, especially for intelligence service. OSIA (open source intelligence analyzing) system based on cloud computing and domestic platform is designed and implemented in this paper. For the sake of the security and utility of OSIA, all of the middleware and involved OS are compatible with domestic software. OSIA system concentrates on analyzing open source text intelligence and adopts self-designed distributed crawler system so that a closed circle is formed from intelligence acquisition to analysis process and push service. This paper also illustrates some typical applications of anti-terrorist, such as the “organizational member discovery” based on Stanford parser and cluster algorithm, the “member relation exhibition” based on paralleled PageRank algorithm and the like. The results of experiences show that the OSIA system is suitable for large scale textual intelligence analysis.
Keywords: cloud computing; data mining; grammars; middleware; parallel algorithms; public domain software; security of data; text analysis; OS; OSIA system; Stanford parser; antiterrorist; cluster algorithm; domestic platform; domestic software; information safety; intelligence acquisition; intelligence service; large scale textual intelligence analysis; member relation exhibition; middleware; open source intelligence analysis system; open source text intelligence; organizational member discovery; paralleled PageRank algorithm; push service; self-designed distributed crawler system; Algorithm design and analysis; Artificial intelligence; Crawlers; Operating systems; Security; Servers; Text mining; domestic platform; intelligence analysis system; text mining (ID#: 15-7757)

Hancock, M.B.; Varela, C.A., “Augmenting Performance for Distributed Cloud Storage,” in Cluster, Cloud and Grid Computing (CCGrid), 2015 15th IEEE/ACM International Symposium on, vol., no., pp. 1189–1192, 4–7 May 2015. doi:10.1109/CCGrid.2015.124
Abstract: The device people use to capture multimedia has changed over the years with the rise of smart phones. Smart phones are readily available, easy to use, and capture multimedia with high quality. While consumers capture all of this media, the storage requirements are not changing significantly. Therefore, people look towards cloud storage solutions. The typical consumer stores files within a single provider. They want a solution that is quick to access, reliable, and secure. Using multiple providers can reduce cost and improve overall performance. We present a middleware framework called Distributed Indexed Storage in the Cloud (DISC) to improve all aspects a user expects in a cloud provider. The process of uploading and downloading is essentially transparent to the user. The upload and download performance happens simultaneously by distributing a subset of the file across multiple cloud providers that it deems fit based on policies. Reliability is another important feature of DISC. To improve reliability, we propose a solution that replicates the same subset of the file across different providers. This is beneficial when one provider is unresponsive, the data can be pulled from another provider with the same subset. Security has great importance when dealing with consumers data. We inherently gain security when improving reliability. Since the file is distributed using subsets, not one provider has the full file. In our experiment, performance improvements are observed when delivering and retrieving files compared to the standard approach. The results are promising, saving upwards of eight seconds in processing time. With the expansion of more cloud providers, the results are expected to improve.
Keywords: cloud computing; middleware; multimedia systems; smart phones; storage management; DISC; augmenting performance; distributed cloud storage; distributed indexed storage in the cloud; middleware framework; multimedia; Bandwidth; Cloud computing; Instruction sets; Multimedia communication; Reliability; Security; Throughput; cloud services (ID#: 15-7758)

Casoni, M.; Grazia, C.A.; Klapez, M.; Patriciello, N., “Towards Emergency Networks Security with Per-Flow Queue Rate Management,” in Pervasive Computing and Communication Workshops (PerCom Workshops), 2015 IEEE International Conference on, vol., no., pp. 493–498, 23–27 March 2015. doi:10.1109/PERCOMW.2015.7134087
Abstract: When statistical multiplexing is used to provide connectivity to a number of client hosts through a high-delay link, the original TCP as well as TCP variants born to improve performance on those links often provide poor performance and sub-optimal QoS properties. To guarantee intra-protocol fairness, inter-protocol friendliness, low queues utilization and optimal throughput in mission-critical scenarios, Congestion Control Middleware Layer (C2ML) has been proposed as a tool for centralized and collaborative resource management. However, C2ML offers only very limited security guarantees. Because emergencies may be natural or man-provoked, in the latter case there may be interest to cut out legitimate users from the communication networks that support disaster recovery operations. In this paper we present Queue Rate Management (QRM), an Active Queue Management scheme able to provide protection from Resource Exhaustion Attacks in scenarios where access to the shared link is controlled by C2ML; the proposed algorithm checks whether a node is exceeding its allowed rate, and consequently decides whether to keep or drop packets coming from that node. We mathematically prove that with QRM the gateway queue size can never exceed the Bandwidth-Delay Product of the channel. Furthermore, we use the ns-3 simulator to compare QRM with CoDel and RED, showing how QRM provides better performance in terms of both throughput and QoS guarantees when employed with C2ML.
Keywords: business continuity; computer network management; computer network performance evaluation; computer network security; queueing theory; statistical multiplexing; telecommunication congestion control; transport protocols; C2ML; CoDel; QRM; RED; active queue management scheme; bandwidth-delay product; centralized resource management; collaborative resource management; congestion control middleware layer; disaster recovery operations; emergency network security; high-delay link; interprotocol friendliness; intraprotocol fairness; mission-critical scenarios; ns-3 simulator; per-flow queue rate management; queue rate management; resource exhaustion attacks; statistical multiplexing; suboptimal QoS properties; Bandwidth; Delays; Emergency services; IP networks; Logic gates; Queueing analysis; Throughput; AQM; Congestion control; Emergency Networks; Middleware; Queueing Delay; Satellite (ID#: 15-7759)

Memon, S.; Riedel, M.; Koeritz, C.; Grimshaw, A., “Interoperable Job Execution and Data Access through UNICORE and the Global Federated File System,” in Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2015 38th International Convention on, vol., no., pp. 269–274, 25–29 May 2015. doi:10.1109/MIPRO.2015.7160278
Abstract: Computing middlewares play a vital role for abstracting complexities of backend resources by providing a seamless access to heterogeneous execution management services. Scientific communities are taking advantage of such technologies to focus on science rather than dealing with technical intricacies of accessing resources. Multi-disciplinary communities often bring dynamic requirements which are not trivial to realize. Specifically, to attain massivley parallel data processing on supercomputing resources which require an access to large data sets from widely distributed and dynamic sources located across organizational boundaries. In order to support this abstract scenario, we bring a combination that integrates UNICORE middleware and the Global Federated File System. Furthermore, the paper gives architectural and implementation perspective of UNICORE extension and its interaction with Global Federated File System space through computing, data and security standards.
Keywords: file organisation; information retrieval; middleware; parallel processing; UNICORE middleware; backend resource complexity abstracting; data access; global federated file system; heterogeneous execution management services; interoperable job execution; multidisciplinary community; organizational boundary; parallel data processing; security standards; supercomputing resources; Communities; File systems; Security; Servers; Standards; Web services (ID#: 15-7760)

Scandurra, P.; Psaila, G.; Capilla, R.; Mirandola, R., “Challenges and Assessment in Migrating IT Legacy Applications to the Cloud,” in Maintenance and Evolution of Service-Oriented and Cloud-Based Environments (MESOCA), 2015 IEEE 9th International Symposium on the, vol., no., pp. 7–14, 2–2 Oct. 2015. doi:10.1109/MESOCA.2015.7328120
Abstract: The incessant trend where software engineers need to redesign legacy systems adopting a service-centric engineering approach brings new challenges for software architects and developers. Today, engineering and deploying software as a service requires specific Internet protocols, middleware and languages that often complicate the interoperability of software at all levels. Moreover, cloud computing demands stringent quality requirements, such as security, scalability, and interoperability among others, to provide services and data across networks more efficiently. As software engineers must face the problem to redesign and redeploy systems as services, we explore in this paper the challenges found during the migration of an existing system to a cloud solution and based on a set of quality requirements that includes the vendor Lock-in factor. We also present a set of assessment activities and guidelines to support migration to the Cloud by adopting SOA and Cloud modeling standards and tools.
Keywords: Business; Cloud computing; Interoperability; Scalability; Service-oriented architecture; Software as a service; Cloud computing; cloud migration; cloud modeling; interoperability; portability; service-centric engineering; service-oriented architecture; service-oriented computing; vendor Lock-in (ID#: 15-7761)

Bonino, D.; Alizo, M.T.D.; Alapetite, A.; Gilbert, T.; Axling, M.; Udsen, H.; Soto, J.A.C.; Spirito, M., “ALMANAC: Internet of Things for Smart Cities,” in Future Internet of Things and Cloud (FiCloud), 2015 3rd International Conference on, vol., no., pp. 309–316, 24–26 Aug. 2015. doi:10.1109/FiCloud.2015.32
Abstract: Smart cities advocate future environments where sensor pervasiveness, data delivery and exchange, and information mash-up enable better support of every aspect of (social) life in human settlements. As this vision matures, evolves and is shaped against several application scenarios, and adoption perspectives, a common need for scalable, pervasive, flexible and replicable infrastructures emerges. Such a need is currently fostering new design efforts to grant performance, reuse and interoperability while avoiding knowledge silos typical of early efforts on similar top is, e.g. Automation in buildings and homes. This paper introduces a federated smart city platform (SCP) developed in the context of the ALMANAC FP7 EU project and discusses lessons learned during the first experimental application of the platform to a smart waste management scenario in a medium-sized, European city. The ALMANAC SCP aims to integrate Internet of Things (IoT), capillary networks and metro access networks to offer smart services to the citizens, and thus enable Smart City processes. The key element of the SCP is a middleware supporting semantic interoperability of heterogeneous resources, devices, services and data management. The platform is built upon a dynamic federation of private and public networks, while supporting end-to-end security and privacy. Furthermore, it also enables the integration of services that, although being natively external to the platform itself, allow enriching the set of data and information used by the Smart City applications supported.
Keywords: Internet of Things; data privacy; middleware; open systems; smart cities; waste management; ALMANAC FP7 EU project; European city; Internet of Things; capillary networks; data management; end-to-end privacy; end-to-end security; heterogeneous devices; heterogeneous resources; heterogeneous services; metro access networks; middleware; private networks; public networks; semantic interoperability; sensor pervasiveness; smart city platform; smart waste management scenario; Cities and towns; Context; Data integration; Metadata; Semantics; Smart cities; federation; internet of things; platform; smart city (ID#: 15-7762)

Hoefling, M.; Heimgaertner, F.; Menth, M.; Katsaros, K.V.; Romano, P.; Zanni, L.; Kamel, G., “Enabling Resilient Smart Grid Communication over the Information-centric C-DAX Middleware,” in Networked Systems (NetSys), 2015 International Conference and Workshops on, vol., no., pp. 1–8, 9–12 March 2015. doi:10.1109/NetSys.2015.7089080
Abstract: Limited scalability, reliability, and security of todays utility communication infrastructures are main obstacles to the deployment of smart grid applications. The C-DAX project aims at providing and investigating a communication middleware for smart grids to address these problems, applying the information-centric networking and publish/subscribe paradigm. We briefly describe the C-DAX architecture, and extend it with a flexible resilience concept, based on resilient data forwarding and data redundancy. Different levels of resilience support are defined, and their underlying mechanisms are described. Experiments show fast and reliable performance of the resilience mechanism.
Keywords: middleware; power engineering computing; smart power grids; communication middleware; data redundancy; flexible resilience concept; information-centric C-DAX middleware; information-centric networking; publish/subscribe paradigm; resilient data forwarding; resilient smart grid communication; smart grids; utility communication infrastructures; Delays; Monitoring; Reliability; Resilience; Security; Subscriptions; Synchronization (ID#: 15-7763)

Bruno José Olivieri de Souza; Endler, M., “Coordinating Movement Within Swarms of UAVs Through Mobile Networks,” in Pervasive Computing and Communication Workshops (PerCom Workshops), 2015 IEEE International Conference on, vol., no., pp. 154–159, 23–27 March 2015. doi:10.1109/PERCOMW.2015.7134011
Abstract: Unmanned Aerial Vehicles (UAV) have several uses in civilians and military applications, such as search and rescue missions, cartography and terrain exploration, industrial plant control, surveillance, public security, firefight, and others. Swarms of UAVs may further increase the effectiveness of these tasks, since they enable larger coverage, more accurate or redundant sensed data, fault tolerance, etc. Swarms of aerial robots require real-time coordination, which is just a specific case of M2M collaboration. But one of the biggest challenges of UAV swarming is that this real-time coordination has to happen in a wide-area setting where it is expensive, or even impossible, to set up a dedicated wireless infrastructure for this purpose. Instead, one has to resort to conventional 3G/4G wireless networks, where communication latencies are in the range of 50-150 ms. In this paper we tackle the problem of UAV swarm formation and maintenance in areas covered by such mobile network, and propose a bandwidth-efficient multi-robot coordination algorithm for these settings. The coordination algorithm was implemented on the top of our mobile middleware SDDL, uses its group-cast communication capability, and was tested with simulated UAVs.
Keywords: 3G mobile communication; 4G mobile communication; autonomous aerial vehicles; control engineering computing; middleware; mobile computing; multi-robot systems; 3G-4G wireless networks; M2M collaboration; SDDL; UAV swarming; aerial robots; bandwidth-efficient multirobot coordination algorithm; cartography; civilians; communication latencies; dedicated wireless infrastructure; fault tolerance; firefight; group-cast communication capability; industrial plant control; military applications; mobile middleware; mobile networks; movement coordination; public security; redundant sensed data; search and rescue missions; surveillance; terrain exploration; unmanned aerial vehicles; wide-area setting; Collaboration; Middleware; Mobile communication; Mobile computing; Monitoring; Protocols; Smart phones; UAVs; machine-to-machine collaboration; mobile networks; movement coordination; pervasive system; swarms of mobile robots (ID#: 15-7764)

Indalecio, G.; Gómez-Folgar, F.; García-Loureiro, A.J., “Comparison of State-of-the-Art Distributed Computing Frameworks with the GWM,” in Electron Devices (CDE), 2015 10th Spanish Conference on, vol., no., pp. 1–4, 11–13 Feb. 2015. doi:10.1109/CDE.2015.7087480
Abstract: We have analysed the landscape of heterogeneous computing solutions in order to understand and explain the position of our application, the General Workload Manager, in that landscape. We have classified several applications in the following groups: Grid middleware, Grid powered applications, Cloud computing, and modern lightweight solutions. We have successfully analysed the characteristics of those groups and found similar characteristics in our application, which allows for a better comprehension of both the landscape of existing solutions and the General Workload Manager.
Keywords: cloud computing; grid computing; middleware; resource allocation; distributed computing framework; general workload manager; grid middleware; grid powered application; Cloud computing; Computational modeling; Computers; Electron devices; Libraries; Security (ID#: 15-7765)

Jarmakiewicz, J.; Podlasek, T., “Design and Implementation of Multilevel Security Subsystem Based on XACML and WEB Services,” in Military Communications and Information Systems (ICMCIS), 2015 International Conference on, vol., no., pp. 1–8, 18–19 May 2015. doi:10.1109/ICMCIS.2015.7158686
Abstract: Controlled sharing of confidential information in military environment, especially as a part of joint and coalition forces, is an important mean to achieve the network-centricity goals. During last few years a technology for building the Service-Oriented Architecture has been developed. The Service-Oriented Architecture maps the concept of distributed service-oriented processing. It is a good application framework for integration of heterogeneous military systems. However, these systems could process the confidential data divided onto hierarchical classification levels. We can rise up the question: can Service-Oriented Architecture serve as a middleware layer to integrate such systems? The paper presents selected cases of information systems cooperation in systems federation. We developed the functional mechanisms according to XACML architecture and we proposed necessary attributes for users and data, what enabled to control information exchange and to authorize users to access sensitive information resources. The developed MLS implementations were tested in terms of interoperability in the consortium and domestic test environment. In June 2012, both the implementations services were successfully tested in an international test environment during testing of interoperability with foreign partners (Germany) and NC3A agency in the NATO Secret network during CWIX 2012 exercises.
Keywords: Web services; XML; authorisation; information systems; open systems; program testing; service-oriented architecture; NATO Secret network; SOA; Web services; XACML architecture; eXtensible Access Control Markup Language; information exchange; information systems cooperation; interoperability testing; multilevel security subsystem; service-oriented architecture; systems federation; Authentication; Databases; Sensitivity; Servers; Service-oriented architecture; C4I Systems; Common Operating Picture; Information sharing; Multi Level Security; SOA; WEB Services; XACML (ID#: 15-7766)

Lu Songtao; Qi Ming, “The Sender Controlled Security Model for Message Service,” in Autonomous Decentralized Systems (ISADS), 2015 IEEE Twelfth International Symposium on, vol., no., pp. 187–191, 25–27 March 2015. doi:10.1109/ISADS.2015.46
Abstract: Publish/subscribe pattern is a reliable way of message service. Compared with Store-and-forward mode and Web Service request/response mode, the way of asynchronous message delivery is better in flexibility and scalability. The message is pushed by message server to the subscriber so that the message consumer can get message without request. Access control is managed by the message server in the traditional message service model, but it is not suitable in complex SWIM (System Wide Information Management). SWIM is a very complex and huge system, the message sender and the message server are probably not controlled by a same department, so it is difficult to guarantee the fairness and security of the access control in the message service. In order to improve the credibility of information security transmission between different departments, the message service security model based on the sender control is proposed in this paper according to taking JMS publish/subscribe model as an example.
Keywords: authorisation; information management; message passing; middleware; JMS publish/subscribe model; SWIM; access control; asynchronous message delivery; information security transmission; message server; message service security model; sender controlled security model; system wide information management; Access control; Authentication; Encryption; Message service; Servers; XML; SWIM; message sender access control; message service; publish subscribe (ID#: 15-7767)

Allan Delon Barbosa Araújo; Paulo Caetano da Silva, “PERSEC — Middleware for Multiple Encryption in Web Services,” in Information Technology - New Generations (ITNG), 2015 12th International Conference on, vol., no., pp. 609–614, 13–15 April 2015. doi:10.1109/ITNG.2015.101
Abstract: Web services represent a way to share data and shall be treated as a solution for interoperability between heterogeneous systems. However, by having a public infrastructure, subject to attacks, security issues have become indispensable and challenging. To ensure the security of these applications, some safety specifications are generally used, such as the XML signature, XML encryption and WS-Security specifications. However, the application of these specifications may degrade the performance of these systems, especially the specification responsible for encryption, the XML encryption. This study besides investigating the causes of this problem, propose a solution designed to reduce the impact of this degradation, through the combined use of different cryptographic algorithms to encrypt SOAP messages.
Keywords: Web services; cryptography; middleware; open systems; PERSEC; SOAP message encryption; WS-security specification; Web services; XML encryption; XML signature; cryptographic algorithms; heterogeneous systems; interoperability; public infrastructure; safety specifications; Encryption; Safety; Simple object access protocol; XML; SOAP; XML schema; XML security specifications; cryptographic algorithms; performance (ID#: 15-7768)

Bhatnagar, R.; Patel, J., “Scady: A Scalable & Dynamic Toolkit for Enhanced Performance in Grid Computing,” in Pervasive Computing (ICPC), 2015 International Conference on, vol., no., pp. 1–5, 8–10 Jan. 2015. doi:10.1109/PERVASIVE.2015.7087085
Abstract: Grid computing has resulted in faster execution of applications. Day by day the requirement for execution speed of applications is increasing. To achieve this, suitable middleware is needed and to be configured requirement specific. An application can be executed faster only when there is no node failure or network failure. Moreover, at run time, if a node fails, there should be some alternative arrangement to reconfigure other node to complete the task which was supposed to be done by the failed node. Thus, a middleware is needed that can be configured according to the requirements of the application. Such a middleware would help in increasing the performance of the application. In most of the middleware available presently, dynamic configuration is not facilitated. This has become one of the reasons for the failure of adoption or implementation of Grid in many organizations. This paper analyzes the present GUI Grid - Alchemi with its components and challenges. It also proposes a toolkit-Scady which solves the challenges of Alchemi and provides higher performance. Two experiments are done and their result analysis shows the performance of the proposed toolkit.
Keywords: graphical user interfaces; grid computing; middleware; performance evaluation; Alchemi; GUI grid; Scady; dynamic toolkit; enhanced grid computing performance; network failure; scalable toolkit; Computers; Graphical user interfaces; Grid computing; High performance computing; Middleware; Peer-to-peer computing; Security; Executors; Managers; Node failure; Reallocation; Session (ID#: 15-7769)

Catuogno, L.; Turchi, S., “The Dark Side of the Interconnection: Security and Privacy in the Web of Things,” in Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2015 9th International Conference on, vol., no., pp. 205–212, 8–10 July 2015. doi:10.1109/IMIS.2015.86
Abstract: The Web of Things (WoT) promises to dramatically boost the potentiality of interconnecting smart and physical devices over the Internet as it not only enhances ergonomics and productivity of the Internet of Things (IoT), but it also introduces new capabilities for device interoperation and data aggregation and analysis. These advances pose the challenge of preserving data security and privacy (S&P), as well as the reliability of the overall infrastructure. Deploying existing S&P solutions and technologies in the WoT is not straightforward because of its potential vastness, its intrinsic inhomogeneity and the wide variety of involved entities and interests. In such scenario, every choice comes from a non-trivial trade-off among different aspects including security, availability and legal issues. In this paper, we investigate the nature of this trade-off, pointing out the different kinds of S&P issues and surveying some of the available solutions. In addition, we discuss the major issues raised while securing an existing WoT infrastructure.
Keywords: Internet of Things; data analysis; data privacy; security of data; telecommunication network reliability; IoT; S&P; Web of Things; WoT; data aggregation; data security and privacy; device interoperation; Access control; Intelligent sensors; Internet of things; Middleware; Privacy; Security; Web of Things (ID#: 15-7770)

Kodym, O.; Benes, F.; Svub, J., “EPC Application Framework in the Context of Internet of Things,” in Carpathian Control Conference (ICCC), 2015 16th International, vol., no., pp. 214–219, 27–30 May 2015. doi:10.1109/CarpathianCC.2015.7145076
Abstract: Internet of Things philosophy implementation in conditions of the existing communication networks requires new types of services and interoperability. Once of the desired innovations is communication between existing IP world and the new generation network. Not just networks of smart devices that may not always have IP connectivity, but also other RFID-labeled objects and sensors. Fulfilling the need for high-quality applications for further more specific parameters of these objects internet of things, as may be location, serial number, distinctive and unique characters/connections, can add a proper extension of the existing network and system infrastructure with new information and naming service. Their purpose is not only to assign a unique identifier to the object, but also allow users to new services use other information associated with the selected object. The technology that enables the data processing, filtering and storage is defined in the Electronic Product Code Application Framework (EPCAF) as RFID middleware and EPCIS. One of the implementations of these standards is the Open Source solution Fosstrak. We experimented with Fosstrak system that was developed on Massachusetts Institute of Technology (MIT) by an academic initiative but nowadays we are going to prove its benefits in the context of business environment. The project is aimed also on connection and linking between systems of the EPCIS class made by the ONS systems.
Keywords: IP networks; Internet of Things; filtering theory; middleware; open systems; product codes; radiofrequency identification; storage management; EPC application framework; EPCAF; EPCIS class; Fosstrak system; IP connectivity; IP world; MIT; Massachusetts Institute of Technology; ONS system; RFID middleware; RFID-labeled object; academic initiative; business environment; communication network; data processing; electronic product code application framework; filtering; high-quality application; information service; interoperability; naming service; new generation network; open source solution Fosstrak; smart device; storage; system infrastructure; Artificial neural networks; Interoperability; Product codes; Standards; Technological innovation; Testing; Fosstrak; IPv6; IoT (Internet of Things); ONS (Object name services); RFID security (ID#: 15-7771)

Maia, M.E.F.; Andrade, R.M.C., “System Support for Self-Adaptive Cyber-Physical Systems,” in Distributed Computing in Sensor Systems (DCOSS), 2015 International Conference on, vol., no., pp. 214–215, 10–12 June 2015. doi:10.1109/DCOSS.2015.33
Abstract: As the number of interacting devices and the complexity of cyber-physical systems increases, self-adaptation is a natural solution to address challenges faced by software developers. To provide a systematic and unified solution to support the development and execution of cyber-physical systems, this doctoral thesis proposes the creation of an environment that offers mechanisms to facilitate the technology-independent communication and uncoupled interoperable coordination between interacting entities of the system, as well as the flexible and adaptable execution of the functionalities specified for each application. The outcome is a set of modules to help developers to face the challenges of cyber-physical systems.
Keywords: security of data; adaptable execution; doctoral thesis; flexible execution; interacting devices; self-adaptive cyber-physical systems; software developers; system support; technology-independent communication; uncoupled interoperable coordination; Actuators; Computer architecture; Context; Medical services; Middleware; Cyber-Physical Systems; Middleware; Self-Adaptation (ID#: 15-7772)

Luzuriaga, J.E.; Perez, M.; Boronat, P.; Cano, J.C.; Calafate, C.; Manzoni, P., “A Comparative Evaluation of AMQP and MQTT Protocols over Unstable and Mobile Networks,” in Consumer Communications and Networking Conference (CCNC), 2015 12th Annual IEEE, vol., no., pp. 931–936, 9–12 Jan. 2015. doi:10.1109/CCNC.2015.7158101
Abstract: Message oriented middleware (MOM) refers to the software infrastructure supporting sending and receiving messages between distributed systems. AMQP and MQTT are the two most relevant protocols in this context. They are extensively used for exchanging messages since they provide an abstraction of the different participating system entities, alleviating their coordination and simplifying the communication programming details. These protocols, however, have not been thoroughly tested in the context of mobile or dynamic networks like vehicular networks. In this paper we present an experimental evaluation of both protocols in such scenarios, characterizing their behavior in terms of message loss, latency, jitter and saturation boundary values. Based on the results obtained, we provide criteria of applicability of these protocols, and we assess their performance and viability. This evaluation is of interest for the upcoming applications of MOM, especially to systems related to the Internet of Things.
Keywords: Internet of Things; jitter; middleware; mobile radio; protocols; queueing theory; radiotelemetry; AMQP protocol; MOM; MQTT protocol; advanced message queuing protocol; distributed system; message oriented middleware; message queuing telemetry transport; mobile network; saturation boundary value; Jitter; Method of moments; Mobile communication; Mobile computing; Production; Protocols; Security (ID#: 15-7773)

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.