Computer network architectures

The success of deep learning has renewed interest in applying neural networks and other machine learning techniques to most fields of data and signal processing, including communications. Advances in architecture and training lead us to consider new modem architectures that allow flexibility in design, continued learning in the field, and improved waveform coding. This dissertation examines neural network architectures and training methods suitable for demodulation in power-limited communication systems, such as those found in wireless sensor networks. Such networks will provide greater connection to the world around us and are expected to contain orders of magnitude more devices than cellular networks. A number of standard and proprietary protocols span this space, with modulations such as frequency-shift-keying (FSK), Gaussian FSK (GFSK), minimum shift keying (MSK), on-off-keying (OOK), and M-ary orthogonal modulation (M-orth). These modulations enable low-cost radio hardware with efficient nonlinear amplification in the transmitter and noncoherent demodulation in the receiver.

Cloud computing has provided many services to potential consumers, one of these services being the provision of network functions using virtualization. Network Function Virtualization is a new technology that aims to improve the way we consume network services. Legacy networking solutions are different because consumers must buy and install various hardware equipment. In NFV, networks are provided to users as a software as a service (SaaS). Implementing NFV comes with many benefits, including faster module development for network functions, more rapid deployment, enhancement of the network on cloud infrastructures, and lowering the overall cost of having a network system. All these benefits can be achieved in NFV by turning physical network functions into Virtual Network Functions (VNFs). However, since this technology is still a new network paradigm, integrating this virtual environment into a legacy environment or even moving all together into NFV reflects on the complexity of adopting the NFV system. Also, a network service could be composed of several components that are provided by different service providers; this also increases the complexity and heterogeneity of the system. We apply abstract architectural modeling to describe and analyze the NFV architecture. We use architectural patterns to build a flexible NFV architecture to build a Reference Architecture (RA) for NFV that describe the system and how it works. RAs are proven to be a powerful solution to abstract complex systems that lacks semantics. Having an RA for NFV helps us understand the system and how it functions. It also helps us to expose the possible vulnerabilities that may lead to threats toward the system. In the future, this RA could be enhanced into SRA by adding misuse and security patterns for it to cover potential threats and vulnerabilities in the system. Our audiences are system designers, system architects, and security professionals who are interested in building a secure NFV system.

Recently most of the research pertaining to Service-Oriented Architecture (SOA) is
based on web services and how secure they are in terms of efficiency and
effectiveness. This requires validation, verification, and evaluation of web services.
Verification and validation should be collaborative when web services from different
vendors are integrated together to carry out a coherent task. For this purpose, novel
model checking technologies have been devised and applied to web services. "Model
Checking" is a promising technique for verification and validation of software
systems. WS-BPEL (Business Process Execution Language for Web Services) is an
emerging standard language to describe web service composition behavior. The
advanced features of BPEL such as concurrency and hierarchy make it challenging to
verify BPEL models. Based on all such factors my thesis surveys a few important technologies (tools) for model checking and comparing each of them based on their
"functional" and "non-functional" properties. The comparison is based on three case
studies (first being the small case, second medium and the third one a large case)
where we construct synthetic web service compositions for each case (as there are not
many publicly available compositions [1]). The first case study is "Enhanced LoanApproval
Process" and is considered a small case. The second is "Enhanced Purchase
Order Process" which is of medium size and the third, and largest is based on a
scientific workflow pattern, called the "Service Oriented Architecture Implementing
BOINC Workflow" based on BOINC (Berkeley Open Infrastructure Network
Computing) architecture.

In mobile ad hoc networks, it is challenging to solve the standard problems
encountered in fixed network because of the unpredictable motion of mobile nodes.
Due to the lack of a fixed infrastructure to serve as the backbone of the network, it
is difficult to manage nodes' locations and ensure the stable node performance. The
virtual mobile node (VMN) abstraction that has been applied implements an virtual
mobile node that consists of a set of real nodes traveling on one predetermined virtual
path to collect messages and deliver them to the destinations when they meet. It
conquers the unpredictable motion with virtual nodes' predictable motion. But it
encounters unavoidable failure when all the nodes leave the VMN region and stop
emulating the VMN. We extend the idea of the VMN abstraction to the Multi-path
Intelligent Virtual Mobile Node (MIVMN) abstraction, which allows the messages
to switch between multiple Hamiltonian paths to increase the message delivery ratio
and decrease the failure rate of the virtual nodes. Through simulation results we
show that the MIVMN abstraction successfully meets our goals.

As a compamon and complement to the work being done to build a secure systems
methodology, this thesis evaluates the use of Model-Driven Architecture (MDA) in
support of the methodology's lifecycle. The development lifecycle illustrated follows the
recommendations of this secure systems methodology, while using MDA models to
represent requirements, analysis, design, and implementation information. In order to
evaluate MDA, we analyze a well-understood distributed systems security problem,
remote access, as illustrated by the internet "secure shell" protocol, ssh. By observing the
ability of MDA models and transformations to specify remote access in each lifecycle
phase, MDA's strengths and weaknesses can be evaluated in this context. A further aim
of this work is to extract concepts that can be contained in an MDA security metamodel
for use in future projects.

Network architectures are described by the International Standard for
Organization (ISO), which contains seven layers. The internet uses four of these layers,
of which three are of interest to us. These layers are Internet Protocol (IP) or Network
Layer, Transport Layer and Application Layer. We need to protect against attacks that
may come through any of these layers. In the world of network security, systems are plagued by various attacks, internal and external, and could result in Denial of Service (DoS) and/or other damaging effects. Such attacks and loss of service can be devastating for the users of the system. The implementation of security devices such as Firewalls and Intrusion Detection Systems
(IDS), the protection of network traffic with Virtual Private Networks (VPNs), and the
use of secure protocols for the layers are important to enhance the security at each of
these layers.We have done a survey of the existing network security patterns and we have written the missing patterns. We have developed security patterns for abstract IDS, Behavior–based IDS and Rule-based IDS and as well as for Internet Protocol Security (IPSec) and Transport Layer Security (TLS) protocols. We have also identified the need for a VPN pattern and have developed security patterns for abstract VPN, an IPSec VPN and a TLS VPN. We also evaluated these patterns with respect to some aspects to simplify their application by system designers. We have tried to unify the security of the network layers using security patterns by tying in security patterns for network transmission, network protocols and network boundary devices.

Cloud Computing is a new computing model consists of a large pool of hardware
and software resources on remote datacenters that are accessed through the Internet.
Cloud Computing faces significant obstacles to its acceptance, such as security,
virtualization, and lack of standardization. For Cloud standards, there is a long debate
about their role, and more demands for Cloud standards are put on the table. The Cloud
standardization landscape is so ambiguous. To model and analyze security standards for
Cloud Computing and web services, we have surveyed Cloud standards focusing more on
the standards for security, and we classified them by groups of interests. Cloud
Computing leverages a number of technologies such as: Web 2.0, virtualization, and
Service Oriented Architecture (SOA). SOA uses web services to facilitate the creation of
SOA systems by adopting different technologies despite their differences in formats and
protocols. Several committees such as W3C and OASIS are developing standards for web services; their standards are rather complex and verbose. We have expressed web services security standards as patterns to make it easy for designers and users to understand their key points. We have written two patterns for two web services standards; WS-Secure Conversation, and WS-Federation. This completed an earlier work we have done on web services standards. We showed relationships between web services security standards and used them to solve major Cloud security issues, such as, authorization and access control, trust, and identity management. Close to web services, we investigated Business Process Execution Language (BPEL), and we addressed security considerations in BPEL and how to enforce them. To see how Cloud vendors look at web services standards, we took Amazon Web Services (AWS) as a case-study. By reviewing AWS documentations, web services security standards are barely mentioned. We highlighted some areas where web services security standards could solve some AWS limitations, and improve AWS security process. Finally, we studied the security guidance of two major Cloud-developing organizations, CSA and NIST. Both missed the quality of attributes offered by web services security standards. We expanded their work and added benefits of adopting web services security standards in securing the Cloud.

This research investigates memory latency of cluster-based cache-coherent multiprocessor systems with different interconnection topologies. We focus on a cluster-based architecture which is a variation of Stanford DASH architecture. The architecture, also, has some similarities with the STiNG architecture from Sequent Computer System Inc. In this architecture, a small number of processors and a portion of shared-memory are connected through a bus inside each cluster. As the number of processors per cluster is small, snoopy protocol is used inside each cluster. Each processor has two levels of caches and for each cluster a separate directory is maintained. Clusters are connected using directory-based scheme through an interconnection network to make the system scaleable. Trace-driven simulation has been developed to evaluate the overall memory latency of this architecture using three different network topologies, namely ring, mesh, and hypercube. For each network topology, the overall memory latency has been evaluated running a representative set of SPLASH-2 applications. Simulation results show that, the cluster-based multiprocessor system with hypercube topology outperforms those with mesh and ring topologies.

In many scientific and signal processing applications, there are increasing demands for large volume and high speed computations, which call for not only high-speed low power computing hardware, but also for novel approaches in developing new algorithms and architectures. This thesis is concerned with the development of such architectures and algorithms suitable for the VLSI implementation of recursive and nonrecursive 1-dimension digital filters using multiple slower processing elements. As the background for the development, vectorization techniques such as state-space modeling, block processing, and look ahead computation are introduced. Concurrent architectures such as systolic arrays, wavefront arrays and appropriate parallel filter realizations such as lattice, all-pass, and wave filters are reviewed. A fully hardware efficient systolic array architecture termed as Multiplexed Block-State Filter is proposed for the high speed implementation of lattice and direct realizations of digital filters. The thesis also proposes a new simplified algorithm, Alternate Pole Pairing Algorithm, for realizing an odd order recursive filter as the sum of two all-pass filters. Performance of the proposed schemes are verified through numerical examples and simulation results.

Broadband-ISDN Network Architecture and Signaling concepts are described with particular emphasis on Asynchronous Transfer Mode (ATM) technology. A consolidated view of various aspects of B-ISDN/ATM Access and Network Signaling functions, architecture and protocols is presented. Additionally, a suggested evolutionary growth path for the B-ISDN signaling protocols is summarized. This is followed by a high-level comparison of two protocols under consideration for network signaling. The result of this evaluation indicates that the requirements of network signaling are best met by a protocol stack based on SS7 concepts. Finally, a set of future B-ISDN and Multimedia services is presented in context of the requirements they would impose on the signaling protocols. Enhancements to the access signaling protocol are proposed for the support of multiconnection and/or multiparty calls. These extensions/enhancements consist of a set of simplified messages, information elements and procedures based on message flows. Evolution and backward compatibility to existing protocols are taken into account while developing the extensions.