Paulo Simões

JAMES: A Platform of Mobile Agents for the Management of Telecommunication Networks

This paper presents an overview of JAMES, a Java-based platform of mobile agents that is mainly oriented for the management of data and telecommunication networks. This platform has been developed on behalf of a Eureka Project (Σ!1921) and the project partners are Siemens SA, University of Coimbra and Siemens AG. We describe the main architecture of the platform giving more emphasis to the most important features. To show the effectiveness of some of the techniques that have been implemented we will present some performance results that compare the JAMES platform with the Aglets Workbench. The main target of our platform is network management and telecommunication applications. In this line, we have done a Java-based implementation of SNMP that has been integrated within the platform. The industrial partners of our project (i.e. Siemens S.A.) have developed a prototype application for TMN performance management. Although it is still a prototype it is being used to validate the technological advantages of using mobile agents in the management of telecommunication networks.

Providing applications with mobile agent technology

Over the last couple of years we have been working on the development of mobile agents systems and their application to the areas of telecommunications and network management. This work has produced positive results: a competitive mobile agent platform was built, the run-time benefits of mobile agents were proved, and our industrial partners have developed practical applications that are being integrated into commercial products. However, despite the positive results, we feel that mobile agent technology is still not ready to enter the path of mainstream software development. In our perspective, one of the main reasons for this situation arises from the traditional approach to mobile agent technology. This approach, based on the familiar concept of the mobile-agent distributed platform as an extension of the operating system, focuses too much on the mobile agents and associated issues (mobility, agent lifecycle, security, coordination, etc.) and provides poor support for the development of applications where mobile agents are just one of several available technologies. Learning from past experience, we are now working on a new approach where the focus is brought back to the applications and mobile agents become just one the tools available to develop distributed systems. This provides a much lighter framework for application-based mobile agent systems. This paper presents the lessons learned from our previous project and discusses the new concept we are developing: application-centric mobile agent systems.

Improving Resilience of Interdependent Critical Infrastructures via an On-Line Alerting System

This paper illustrates the activities under development within the FP7 EU MICIE project. The project is devotedto design and implement an on-line alerting system, able toevaluate, in real time, the level of risk of interdependent Critical Infrastructures (CIs). Such a risk is generated by undesired events and by the high level of interconnection of the different infrastructures. Heterogeneous models are under development to perform short term predictions of the Quality of Service (QoS) of each CI according to the QoS of the others, to the level of interdependency among the Infrastructures, and according to the undesired events identified in the reference scenario.

A Cybersecurity Detection Framework for Supervisory Control and Data Acquisition Systems

This paper presents a distributed intrusion detection system (DIDS) for supervisory control and data acquisition (SCADA) industrial control systems, which was developed for the CockpitCI project. Its architecture was designed to address the specific characteristics and requirements for SCADA cybersecurity that cannot be adequately fulfilled by techniques from the information technology world, thus requiring a domain-specific approach. DIDS components are described in terms of their functionality, operation, integration, and management. Moreover, system evaluation and validation are undertaken within an especially designed hybrid testbed emulating the SCADA system for an electrical distribution grid.

WiMAX for Emergency Services: An Empirical Evaluation

WiMAX, as a Broadband Wireless Access technology for Metropolitan Area Networks, supporting fixed and mobile terminals, is very promising for Next Generation Networks. Emergency Services can also strongly benefit from WiMAX features, allowing the exploitation of novel application scenarios and business models. This paper presents a set of scenarios, such as Environmental Monitoring, Telemedicine and Fire Prevention, defined and implemented in several European testbeds, interconnected by the European research network GEANT 2, in the framework of the WEIRD project. In particular, we focus our attention on the scenario implemented in the Portuguese testbed - Fire Prevention - providing a detailed description about the testbed planning, implementation and evaluation.

Integrating SNMP into a Mobile Agent Infrastructure

Mobile Code is an emerging paradigm that is gaining momentum in several fields of application. Network Management is a potential area for the use of this technology, provided it will be able to interoperate with well established solutions for Network Management. This paper presents the integration a classic NM protocol, like SNMP, into a platform of Mobile Agents. Our platform, called JAMES, has been developed in the context of an Eureka Project (Σ!1921) where the project partners are University of Coimbra, Siemens SA and Siemens AG. Since the main target of the platform is network management, it includes a set of SNMP services allowing mobile agents to easily interface with SNMP agents, as well as with legacy SNMP-based management applications. In the paper we present a brief overview of the general architecture of the platform and we describe in some detail the framework we used to provide for integration between mobile agent applications and SNMP.

The QueuePusher: Enabling Queue Management in OpenFlow

The evolution of Software-Defined Networking and the overall acceptance of protocols such as OpenFlow, demonstrates the added value of decoupling the data plane from the control plane. Existing SDN Controllers enable the expected flexibility from such networks by dynamically providing a fine-grained control of each flow. However, hardware-specific configurations, such as the creation of queues or other mechanisms is out of the scope of these controllers. This work presents an extension to a well known OpenFlow controller (Floodlight) to efficiently handle the management of Traffic Control Queues in OpenFlow switches, resorting to a RESTful northbound interface. The obtained results demonstrate further possibility of developing innovative on-demand resource reservation mechanisms in SDN without adding unbearable overheads.

CWMP extensions for enhanced management of domestic network services

Broadband Forums CPE Wan Management Protocol (CWMP/TR-069) became, in the last few years, a key industry standard for the management of devices that, despite located in the local network of domestic broadband users, still need to be directly managed by operators due to their relevance to added value services such as VoIP, IPTV, VoD or femtocell applications. Despite its relevance, the adoption of CWMP is still slow, in part because current CWMP applications do not cope well (yet) with the dynamic environment of domestic LANs, where the nature of topologies and services to be managed quickly evolves. In this paper we propose an extensible CWMP agent framework that, whilst keeping full compatibility with the original specification, allows it to better adapt to the home network environment, by incorporating the notion of extensible CWMP agents and proxying mechanisms.

Integration of PXE-based desktop solutions into broadband access networks

Presently there is a lack of remote desktop management solutions for domestic and SOHO users connected to broadband access networks. This contrasts with the enterprise LAN environment, where there are several standards, resources and frameworks for PC or thin-client management. Among these, one specific remote boot technology - the Preboot execution Environment (PXE) [1] - is now the basis for a wide array of LAN-wide desktop management applications.

Improving network security monitoring for industrial control systems

Programmable Logic Controller (PLC) technology plays an important role in the automation architectures of several critical infrastructures such as Industrial Control Systems (ICS), controlling equipment in contexts such as chemical processes, factory lines, power production plants or power distribution grids, just to mention a few examples. Despite their importance, PLCs constitute one of the weakest links in ICS security, frequently due to reasons such as the absence of secure communication mechanisms, authenticated access or system integrity checks. While events such as the Stuxnet worm have raised awareness for this problem, industry has slowly reacted, either due to reliability or cost concerns. This paper introduces the Shadow Security Unit, a low-cost device deployed in parallel with a PLC or Remote Terminal Unit (RTU), being capable of transparently intercepting its communications control channels and physical process I/O lines to continuously assess its security and operational status. The proposed device does not require significant changes to the existing control network, being able to work in standalone or integrated within an ICS protection framework.