Vassilios M. Stathopoulos

A framework for secure and verifiable logging in public communication networks

In this paper we are focusing on secure logging for public network providers. We review existing security threat models against system logging and we extend these to a new threat model especially suited in the environment of telecommunication network providers. We also propose a framework for secure logging in public communication networks as well as realistic implementations designs, which are more resilient to the identified security threats. A key role to the proposed framework is given to an independent Regulatory Authority, which is responsible to verify the integrity of the log files.

Secure log management for privacy assurance in electronic communications

In this paper we examine logging security in the environment of electronic communication providers. We review existing security threat models for system logging and we extend these to a new security model especially suited for communication network providers, which also considers internal modification attacks. We also propose a framework for secure log management in public communication networks as well as an implementation design, in order to provide traceability under the extended security model. A key role to the proposed framework is given to an independent Regulatory Authority, which is responsible to maintain log integrity proofs in a remote environment and verify the integrity of the providers log files during security audits.

ICALB: an integrated congestion avoidance and load balancing algorithm for distributed intelligent networks. Part II: Performance evaluation of ICALB

This paper evaluates the Integrated Congestion Avoidance and Load Balancing (ICALB) algorithm [ICALB: an integrated congestion avoidance and load balancing algorithm for distributed intelligent networks-Part I. Description of ICALB, 2002]. We test its performance by applying it in a simulated Distributed Intelligent Network (D-IN). We evaluate the algorithm ability to protect the service execution nodes from congestion, to maintain a high throughput, and to ensure a fair distribution of the resources capacity among services taking into account service priorities and quality of service requirements. The algorithms operation mainly exploits the advantages of Common Object Request Broker Architecture (CORBA) Object Request Broker (ORB) middleware that allow the invocation of operations on distributed objects without concern for object location, programming language, OS platform, communication protocols and interconnects, and hardware. Hence, all necessary operations of the algorithm are assumed to be executed over the CORBA ORB.

ICALB: an integrated congestion avoidance and load balancing algorithm for distributed intelligent networks. Part I: description of ICALB

The Intelligent Network (IN) technology has emerged with an aim to enhance the telecommunication network capabilities in terms of complex service provision. Due to the dramatic increase in service demand, the main concern in an IN system has become its scalability as well as the way intelligence is allocated to service calls. This is also the case in more advanced IN architectures like the Distributed IN which exploits new software technologies such as the Common Object Request Broker Architecture and the mobile agents. The Integrated Congestion Avoidance And Load Balancing (ICALB) algorithm proposed in this paper aims in fulfilling a number of objectives like congestion avoidance, protection of services already in progress, and fairness among different services demands. Unlike existing algorithms like Call Gapping, ICALB adopts dynamic techniques for controlling traffic load, pedantically addresses the issue of fairness by fairly serving switches and applying priorities among services, and balances excessive traffic load among the available servers of a distributed system. These additional features broaden the scope of applicability of the ICALB to other service architectures like VoIP-based systems. SIP application servers and Gatekeepers in H.323-based architectures are such examples.

A middleware service for employing and evaluating resource management algorithms in distributed networks

The first part of this paper introduces the design of a middleware-based service which is valuable for distributed networks for mainly managing their resources. The second part evaluates the performance of a distributed intelligent network (D-IN), which comprises the proposed service together with a resource management algorithm. We test the networks performance by building and emulating its basic functionality, based on distributed object technology (DOT), in a real environment. The resource management algorithm mainly aims at avoiding congestion and balancing load. Its implementation uses the ICALB algorithm (Comput. Commun. 2002; 25(17):1548–1556) model. Its incorporation is succeeded through the use and implementation of the distributed middleware-based service. It is a CORBA-based service that is used for successfully managing resource management algorithms, such as ICALB, facilitate their operation, and solving classes of problems related to communications over the distributed network, sharing of resources spread over the network, scheduling, synchronization, and management of various tasks. By this means we argue that the method that we use can be employed for operating in various distributed networks. We also evaluate the networks performance by measuring various D-IN node parameters with critical meaning and by showing the improvements that appeared to the D-IN from the operation of both the ICALB algorithm and the proposed service. Copyright

An algorithm for the efficient utilization of service control capabilities in intelligent networks

The service control point (SCP) sustains a key role in intelligent networks (IN) since it contains the software components for processing service requests. The increased demand of existing IN services by the users and the introduction of new more complex services in terms of processing requirements and messages exchanged among the IN nodes, overloads the IN and particularly the SCP. In this paper, an algorithm for the dynamic reservation of SCP resources is presented and evaluated. This algorithm uses a number of factors related with the profile requirements of the particular IN service; e.g. some services are very popular among users, others are categorized as expensive services due to their complexity, etc. The main scope of the proposed algorithm is to maximize the utilization of the SCP processor capacity, that is, to improve system scalability. The proposed algorithm allows the normal operation of the SCP under peak rates of requests for different kind of IN services. Furthermore it determines priorities on each IN service allowing the selective privileged handling of the requests. A study of the efficiency and adaptability of this algorithm over the SCP is performed by simulation.

Modelling and performance design of distributed intelligent networks

The evolution of intelligent networks (IN) passes through the distributed networking environments, made possible by the introduction of advance software technologies like CORBA and software agents. The starting point of this paper is the broadband intelligent network which adopts a centralised approach in processing IN service requests. The performance bottlenecks of the IN architecture, centred around the core service processing unit, (i.e. service control point (SCP)) are studied and compared to alternative architectures enabling distribution of intelligence to others than the SCP entities of the IN. We consider a distributed intelligent network architecture based on CORBA and mobile agents technology. We evaluate the performance of this architecture by simulation using a set of detailed models developed to represent the internal operations of the system. Results given provide insight on critical design issues like the selection of physical entities for the migration of software, the service software objects to be transferred as well as the selection of software platforms. Overall the paper provides useful guidelines for the design and implementation of advanced IN architectures.

A middleware-based service for employing resource management algorithms at distributed networks and evaluating their performance

This paper evaluates the performance of a distributed intelligent network (D-IN), enhanced with a middleware-based service and resource management functionality. We test its performance by building and emulating its basic functionality, based on distributed object technology (DOT), in a real environment. Resource management functionality mainly aims at avoiding congestion and balancing its load and is implemented by the incorporation of the ICALB algorithm (V. M. Stathopoulos and I. S. Venieris, November 2002). This incorporation is succeeded through the use and implementation of a generic and distributed middleware-based service. It is a CORBA-based service that is used for successfully managing resource management algorithms, such as ICALB, facilitate their operation, and solving classes of problems related to communications over the distributed network, sharing of resources spread over the network, scheduling, synchronization, and management of various tasks. By this means we argue that the method that we use can be employed for operating in various distributed networks. We also evaluate the networks performance by measuring the contents of a queue of an IN node with critical meaning and by showing the improvements that appeared to the D-IN from the operation of both the ICALB algorithm and the proposed service.

Distributed search in P2P networks through secure-authenticated content management systems (CMSs)

Peer to peer (P2P) networks become more and more popular nowadays. They offer the capability of locating and obtaining a file from all over the world very fast. As a result, P2P networks constitute the main cause for the network traffic. Besides their many advantages, these networks suffer from a very strong drawback: authentication-security. Content management systems (CMSs) on the other hand offer this capability, among others. A combination of these two architectures could be obviously very interesting.

Evaluating Common Privacy Vulnerabilities in Internet Service Providers

Privacy in electronic communications receives increased attention in both research and industry forums, stemming from both the users’ needs and from legal and regulatory requirements in national or international context. Privacy in internet-based communications heavily relies on the level of security of the Internet Service Providers (ISPs), as well as on the security awareness of the end users. This paper discusses the role of the ISP in the privacy of the communications. Based on real security audits performed in national-wide ISPs, we illustrate privacy-specific threats and vulnerabilities that many providers fail to address when implementing their security policies. We subsequently provide and discuss specific security measures that the ISPs can implement, in order to fine-tune their security policies in the context of privacy protection.