Ernesto Damiani

Semantic Knowledge Management: An Ontology-based Framework

The massive quantity of data, information, and knowledge available in digital form on the web or within the organizational knowledge base requires a more effective way to control it. The Semantic Web and its growing complexity demands a resource for the understanding of proper tools for management. Semantic Knowledge Management: An Ontology-Based Framework addresses the Semantic Web from an operative point of view using theoretical approaches, methodologies, and software applications as innovative solutions to true knowledge management. This advanced title provides readers with critical steps and tools for developing a semantic based knowledge management system.

Toward Model-Based Big Data-as-a-Service: The TOREADOR Approach

The full potential of Big Data Analytics (BDA) can be unleashed only by overcoming hurdles like the high architectural complexity and lack of transparency of Big Data toolkits, as well as the high cost and lack of legal clearance of data collection, access and processing procedures. We first discuss the notion of Big Data Analytics-as-a-Service (BDAaaS) to help potential users of BDA in overcoming such hurdles. We then present TOREADOR, a first approach to BDAaaS.

A Modern Solution for Identifying, Monitoring, and Selecting Configurations for SSL/TLS Deployment

Some of the well-known vulnerabilities like DROWN, POODLE, and Heartbleed affect a subset of all possible configurations of protocols and cipher-suites in SSL/TLS protocol. Recently, new vulnerabilities are also frequently discovered and could be used to mount attacks on systems whose configurations are not updated in time or were misconfigured from the start. Thus, we provide an overview of the landscape of vulnerabilities relating to SSL/TLS protocol versions with estimated risk levels. Selecting the best configuration for a given use-case is a time-consuming task and testing a given configuration of a server for all known vulnerabilities is also difficult. Thus, there is a great motivation to create a new tool that abstracts the tedious parts of this process. Our new software solution can automatically scan and rate the configuration of servers and help in selecting suitable ones. The goal is to simplify testing and evaluation of server-side configurations of SSL/TLS and ciphersuites for the community and thus the software is released as an open source.

Summarization-Guided Greedy Optimization of Machine Learning Model

Immense amounts of unstructured data account for up to 90% of all human generated data, yet the attempts to extract significant value from it with Machine Learning (ML) and Big Data (BD) technologies yield limited successes. We propose a generic approach to deep data summarization and subsequent automated ML design optimization to extract maximum predictive value from big data. Knowledge summarization is a central component of the proposed methodology and we argue that coupled with strictly linear modeling complexity, hierarchical decomposition and optimized model design may define a backbone of the new platform for automated and scalable construction of robust ML models. We consider ML build process as data journeys through the layers of modeling that consistently follow the same patterns of data summarization and transformation at the subsequent layers of abstraction. In such framework we argue that the robust construction of the ML model can be achieved through hierarchical greedy optimization of the links between connected ML model components. We demonstrate several case studies of deep data summarization and automated ML model design on text, numerical time series and images data. We point out that application awareness allows to deepen data summarizations while maintaining or improving its predictive value.

A Scattering Technique for Protecting Cryptographic Keys in the Cloud

Cloud computing has become a widely used computing paradigm providing on-demand computing and storage capabilities based on pay-as-you-go model. Recently, many organizations, especially in the field of big data, have been adopting the cloud model to perform data analytics through leasing powerful Virtual Machines (VMs). VMs can be attractive targets to attackers as well as untrusted cloud providers who aim to get unauthorized access to the business critical-data. The obvious security solution is to perform data analytics on encrypted data through the use of cryptographic keys as that of the Advanced Encryption Standard (AES). However, it is very easy to obtain AES cryptographic keys from the VMs Random Access Memory (RAM). In this paper, we present a novel key-scattering (KS) approach to protect the cryptographic keys while encrypting/decrypting data. Our solution is highly portable and interoperable. Thus, it could be integrated within todays existing cloud architecture without the need for further modifications. The feasibility of the approach has been proven by implementing a functioning prototype. The evaluation results show that our approach is substantially more resilient to brute force attacks and key extraction tools than the standard AES algorithm, with acceptable execution time.

Open Source Systems : Adoption and Impact : Proceedings of the 11th IFIP WG 2.13 International Conference, OSS 2015, Florence, Italy, May 16-17, 2015

This paper is based on personal experiences in building a venturecapital backed Open Source company, starting in 2005. WSO2 is now a company with hundreds of customers including major brands like eBay, Boeing, Fidelity, Trimble, UBS, and many others. For example, eBay’s systems running WSO2’s servers handle more than 6 billion requests per day. In that time there has been a significant shift in the business models, approaches, funding and valuations of Open Source Software companies. 1 Choosing a Business Model The first challenge of creating a company around Open Source is choosing a business model. There are multiple options. You can create a company that mainly does support for an existing project, which is fundamentally a Professional Services company. This reduces the valuation of your company1, but is quicker and more cost-effective to get started. However, most companies aspire to be Product companies. Ten years ago the most popular approach for this was to use the GPL license and to offer companies a more “business-friendly” proprietary license to those who would pay. This model was used by MySQL. Since then a more popular model has emerged often called “Open Core”. In this model there are two versions of the product: a “community edition” that is licensed as Open Source, and an extended version that is proprietary. WSO2 actually did not choose any of these options: we chose to use the Apache License and only have a single version, which is completely Open Source without using the GPL license, and WSO2 maintains this approach to the present day. This approach does leave the possibility that people will use the full enterprise-class product without paying. But in return it simplifies the model: when working with a community; accepting fixes; and encouraging true partnerships with customers who become more willing to contribute to the codebase. It also creates a model where the success of the company is based on contented customers, not on license terms. 2 Changes in Open Source World In the ten years since we started WSO2, there has been a large shift in the perception of Open Source. It is both better understood and less hyped. There is much more casual 1 Industry standard valuations of Professional Services companies are roughly 2 – 3x revenue, whereas “Product” companies or companies with recurring revenue usually attract a valuation of 10x revenue.