Roberto Baldoni

Distributed Event Routing in Publish/Subscribe Systems

Since the early nineties, anonymous and asynchronous dissemination of information has been a basic building block for typical distributed applications such as stock exchanges, news tickers and air-traffic control. With the advent of ubiquitous computing and of the ambient intelligence, information dissemination solutions have to face challenges such as the exchange of huge amounts of information, large and dynamic number of participants possibly deployed over a large network (e.g. peer-to-peer systems), mobility and scarcity of resources (e.g. mobile ad hoc and sensor networks) [53].

Emergent Semantics and Cooperation in Multi-knowledge Communities: the ESTEEM Approach

In the present global society, information has to be exchangeable in open and dynamic environments, where interacting users do not necessarily share a common understanding of the world at hand. This is particularly true in P2P scenarios, where millions of autonomous users (peers) need to cooperate by sharing their resources (such as data and services). We propose the Esteem approach (Emergent Semantics and cooperaTion in multi-knowledgE EnvironMents), where a comprehensive framework and a platform for data and service discovery in P2P systems are proposed, with advanced solutions for trust and quality-based data management, P2P infrastructure definition, query processing and dynamic service discovery in a context-aware scenario. In Esteem, semantic communities are built around declared interests in the form of manifesto ontologies and their autonomous nature is preserved by allowing a shared semantics to naturally emerge from the peer interactions. Inside the borders of semantic communities data and services are discovered, queried and invoked in a resource sharing scenario, where the context in which users interoperate and the trust of exchanged information are also relevant aspects to take into account.

Malware Triage Based on Static Features and Public APT Reports

Understanding the behavior of malware requires a semi-automatic approach including complex software tools and human analysts in the loop. However, the huge number of malicious samples developed daily calls for some prioritization mechanism to carefully select the samples that really deserve to be further examined by analysts. This avoids computational resources be overloaded and human analysts saturated. In this paper we introduce a malware triage stage where samples are quickly and automatically examined to promptly decide whether they should be immediately dispatched to human analysts or to other specific automatic analysis queues, rather than following the common and slow analysis pipeline. Such triage stage is encapsulated into an architecture for semi-automatic malware analysis presented in a previous work. In this paper we propose an approach for sample prioritization, and its realization within such architecture. Our analysis in the paper focuses on malware developed by Advanced Persistent Threats (APTs). We build our knowledge base, used in the triage, on known APTs obtained from publicly available reports. To make the triage as fast as possible, only static malware features are considered, which can be extracted with negligible delay, without the necessity of executing the malware samples, and we use them to train a random forest classifier. The classifier has been tuned to maximize its precision, so that analysts and other components of the architecture are mostly likely to receive only malware correctly identified as being similar to known APT, and do not waste important resources on false positives. A preliminary analysis shows high precision and accuracy, as desired.

Bee’s Strategy Against Byzantines Replacing Byzantine Participants: (Extended Abstract)

Schemes for the identification and replacement of two-faced Byzantine processes are presented. The detection is based on the comparison of the (blackbox) decision result of a Byzantine consensus on input consisting of the inputs of each of the processes, in a system containing n processes \(p_1,\dots , p_n\). Process \(p_i\) that received a gossiped message from \(p_j\) with the input of another process \(p_k\), that differs from \(p_k\)’s input value as received from \(p_k\) by \(p_i\), reports on \(p_k\) and \(p_j\) being two-faced. If enough processes (where enough means at least \(t+1\), \(t<n\) is a threshold on the number of Byzantine participants) report on the same participant \(p_j\) to be two-faced, participant \(p_j\) is replaced. If less than the required \(t+1\) processes threshold report on a participant \(p_j\), both the reporting processes and the reported process are replaced. If one of them is not Byzantine, its replacement is the price to pay to cope with the uncertainty created by Byzantine processes. The scheme ensures that any two-faced Byzantine participant that prevents fast termination is eliminated and replaced. Such replacement may serve as a preparation for the next invocations of Byzantine agreement possibly used to implement a replicated state machine.

Bee’s Strategy Against Byzantines Replacing Byzantine Participants

Schemes for the identification and replacement of two-faced Byzantine processes are presented. The detection is based on the comparison of the (blackbox) decision result of a Byzantine consensus on input consisting of the inputs of each of the processes, in a system containing n processes \(p_1,\dots , p_n\). Process \(p_i\) that received a gossiped message from \(p_j\) with the input of another process \(p_k\), that differs from \(p_k\)’s input value as received from \(p_k\) by \(p_i\), reports on \(p_k\) and \(p_j\) being two-faced. If enough processes (where enough means at least \(t+1\), \(t<n\) is a threshold on the number of Byzantine participants) report on the same participant \(p_j\) to be two-faced, participant \(p_j\) is replaced. If less than the required \(t+1\) processes threshold report on a participant \(p_j\), both the reporting processes and the reported process are replaced. If one of them is not Byzantine, its replacement is the price to pay to cope with the uncertainty created by Byzantine processes. The scheme ensures that any two-faced Byzantine participant that prevents fast termination is eliminated and replaced. Such replacement may serve as a preparation for the next invocations of Byzantine agreement possibly used to implement a replicated state machine.

B ee’s S trategy A gainst B yzantines Replacing Byzantine Participants

Schemes for the identification and replacement of two-faced Byzantine processes are presented. The detection is based on the comparison of the (blackbox) decision result of a Byzantine consensus on input consisting of the inputs of each of the processes, in a system containing n processes \(p_1,\dots , p_n\). Process \(p_i\) that received a gossiped message from \(p_j\) with the input of another process \(p_k\), that differs from \(p_k\)’s input value as received from \(p_k\) by \(p_i\), reports on \(p_k\) and \(p_j\) being two-faced. If enough processes (where enough means at least \(t+1\), \(t<n\) is a threshold on the number of Byzantine participants) report on the same participant \(p_j\) to be two-faced, participant \(p_j\) is replaced. If less than the required \(t+1\) processes threshold report on a participant \(p_j\), both the reporting processes and the reported process are replaced. If one of them is not Byzantine, its replacement is the price to pay to cope with the uncertainty created by Byzantine processes. The scheme ensures that any two-faced Byzantine participant that prevents fast termination is eliminated and replaced. Such replacement may serve as a preparation for the next invocations of Byzantine agreement possibly used to implement a replicated state machine.

Building Regular Registers with Rational Malicious Servers and Anonymous Clients

The paper addresses the problem of emulating a regular register in a synchronous distributed system where clients invoking

The Italian e-Government Service Oriented Architecture: Strategic Vision and Technical Solutions

{\sf read}()

Architectural Support for Data Quality in Cooperative Information Systems

and

Comfort-Oriented Metamorphic House (COMETAE)

{\sf write}()