Current Search: Fernandez, Eduardo B. (x)
View All Items
Pages
- Title
- Unifying the conceptual levels of network security through the use of patterns.
- Creator
- Kumar, Ajoy, Fernandez, Eduardo B., Florida Atlantic University, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
Network architectures are described by the International Standard for Organization (ISO), which contains seven layers. The internet uses four of these layers, of which three are of interest to us. These layers are Internet Protocol (IP) or Network Layer, Transport Layer and Application Layer. We need to protect against attacks that may come through any of these layers. In the world of network security, systems are plagued by various attacks, internal and external, and could result in Denial...
Show moreNetwork architectures are described by the International Standard for Organization (ISO), which contains seven layers. The internet uses four of these layers, of which three are of interest to us. These layers are Internet Protocol (IP) or Network Layer, Transport Layer and Application Layer. We need to protect against attacks that may come through any of these layers. In the world of network security, systems are plagued by various attacks, internal and external, and could result in Denial of Service (DoS) and/or other damaging effects. Such attacks and loss of service can be devastating for the users of the system. The implementation of security devices such as Firewalls and Intrusion Detection Systems (IDS), the protection of network traffic with Virtual Private Networks (VPNs), and the use of secure protocols for the layers are important to enhance the security at each of these layers.We have done a survey of the existing network security patterns and we have written the missing patterns. We have developed security patterns for abstract IDS, Behavior–based IDS and Rule-based IDS and as well as for Internet Protocol Security (IPSec) and Transport Layer Security (TLS) protocols. We have also identified the need for a VPN pattern and have developed security patterns for abstract VPN, an IPSec VPN and a TLS VPN. We also evaluated these patterns with respect to some aspects to simplify their application by system designers. We have tried to unify the security of the network layers using security patterns by tying in security patterns for network transmission, network protocols and network boundary devices.
Show less - Date Issued
- 2014
- PURL
- http://purl.flvc.org/fau/fd/FA00004132, http://purl.flvc.org/fau/fd/FA00004132
- Subject Headings
- Computer architecture, Computer network architectures, Computer network protocols, Computer network protocols, Computer networks -- Security measures, Expert systems (Computer science)
- Format
- Document (PDF)
- Title
- Misuse Patterns for the SSL/TLS Protocol.
- Creator
- Alkazimi, Ali, Fernandez, Eduardo B., Florida Atlantic University, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
The SSL/TLS is the main protocol used to provide secure data connection between a client and a server. The main concern of using this protocol is to avoid the secure connection from being breached. Computer systems and their applications are becoming more complex and keeping these secure connections between all the connected components is a challenge. To avoid any new security flaws and protocol connections weaknesses, the SSL/TLS protocol is always releasing newer versions after discovering...
Show moreThe SSL/TLS is the main protocol used to provide secure data connection between a client and a server. The main concern of using this protocol is to avoid the secure connection from being breached. Computer systems and their applications are becoming more complex and keeping these secure connections between all the connected components is a challenge. To avoid any new security flaws and protocol connections weaknesses, the SSL/TLS protocol is always releasing newer versions after discovering security bugs and vulnerabilities in any of its previous version. We have described some of the common security flaws in the SSL/TLS protocol by identifying them in the literature and then by analyzing the activities from each of their use cases to find any possible threats. These threats are realized in the form of misuse cases to understand how an attack happens from the point of the attacker. This approach implies the development of some security patterns which will be added as a reference for designing secure systems using the SSL/TLS protocol. We finally evaluate its security level by using misuse patterns and considering the threat coverage of the models.
Show less - Date Issued
- 2017
- PURL
- http://purl.flvc.org/fau/fd/FA00004873, http://purl.flvc.org/fau/fd/FA00004873
- Subject Headings
- Computer networks--Security measures., Computer network protocols., Computer software--Development., Computer architecture.
- Format
- Document (PDF)
- Title
- Model-Driven Architecture and the Secure Systems Methodology.
- Creator
- Morrison, Patrick, Fernandez, Eduardo B., Florida Atlantic University, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
As a compamon and complement to the work being done to build a secure systems methodology, this thesis evaluates the use of Model-Driven Architecture (MDA) in support of the methodology's lifecycle. The development lifecycle illustrated follows the recommendations of this secure systems methodology, while using MDA models to represent requirements, analysis, design, and implementation information. In order to evaluate MDA, we analyze a well-understood distributed systems security problem,...
Show moreAs a compamon and complement to the work being done to build a secure systems methodology, this thesis evaluates the use of Model-Driven Architecture (MDA) in support of the methodology's lifecycle. The development lifecycle illustrated follows the recommendations of this secure systems methodology, while using MDA models to represent requirements, analysis, design, and implementation information. In order to evaluate MDA, we analyze a well-understood distributed systems security problem, remote access, as illustrated by the internet "secure shell" protocol, ssh. By observing the ability of MDA models and transformations to specify remote access in each lifecycle phase, MDA's strengths and weaknesses can be evaluated in this context. A further aim of this work is to extract concepts that can be contained in an MDA security metamodel for use in future projects.
Show less - Date Issued
- 2007
- PURL
- http://purl.flvc.org/fau/fd/FA00012537
- Subject Headings
- Expert systems (Computer science), Software engineering, Computer-aided design, Computer network architectures
- Format
- Document (PDF)
- Title
- An authorization model for object-oriented and semantic databases.
- Creator
- Song, Haiyan., Florida Atlantic University, Fernandez, Eduardo B., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
The incorporation of object-oriented and semantic modeling concepts to databases is one of the most significant advances in the evolution of database systems. Among the many issues brought along by this integration, one that becomes important is the protection of the information. This thesis presents an authorization model that applies two basic aspects: control of users' access to data values, and control of administrators' access to data definitions and authorization rules. The model...
Show moreThe incorporation of object-oriented and semantic modeling concepts to databases is one of the most significant advances in the evolution of database systems. Among the many issues brought along by this integration, one that becomes important is the protection of the information. This thesis presents an authorization model that applies two basic aspects: control of users' access to data values, and control of administrators' access to data definitions and authorization rules. The model consists of a set of policies, a structure for authorization rules, algorithms for access request validation and procedures for administrative functions. Even though this model is developed in the context of a particular data model, the discussion is sufficiently general and can be applied to similar environments.
Show less - Date Issued
- 1990
- PURL
- http://purl.flvc.org/fcla/dt/14592
- Subject Headings
- Object-oriented databases, Data base security, Computers--Access control
- Format
- Document (PDF)
- Title
- A heterogeneous multiprocessor architecture for workstations.
- Creator
- Bealkowski, Richard., Florida Atlantic University, Fernandez, Eduardo B., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
Providing multiprocessor capability to the class of computers commonly referred to as personal workstations is the next evolutionary step in their development. Uniprocessor workstations limit the user in throughput, reliability, functionality, and architecture. Multiprocessor workstations have the potential of increasing system throughput. A multiprocessor system with expanded architecture derived from a set of heterogeneous processors gives the user a diverse application base within a single...
Show moreProviding multiprocessor capability to the class of computers commonly referred to as personal workstations is the next evolutionary step in their development. Uniprocessor workstations limit the user in throughput, reliability, functionality, and architecture. Multiprocessor workstations have the potential of increasing system throughput. A multiprocessor system with expanded architecture derived from a set of heterogeneous processors gives the user a diverse application base within a single system. The replication and diversity offered in systems of this design, when coupled with fault-tolerant design techniques, enhances system reliability. A heterogeneous multiprocessor architecture is presented which combines loosely- and tightly-coupled configurations (multicomputer and multiprocessor). This architecture provides for incremental growth of the system, either by static or dynamic reconfiguration. The software view of the system is that of an object-oriented environment. The object-oriented approach is used to unify the heterogeneous nature of the system. The process is the unit of concurrency in the system and cooperating concurrent processes are supported. A set of system primitives are provided to support the requirements of a heterogeneous multiprocessing environment. A virtual machine layer controls the distribution of processes and allocation of resources in the system. A virtual network is used to provide communication paths and resource sharing. The virtual network is designed to be bridged to an external physical network. The system requirements for a secure and reliable operating environment are incorporated into the design. This system utilizes "hardware porting" as a means to overcome the lag of software support for hardware advances. Rather than software port an entire application base to a new system architecture, hardware porting brings the required instruction set architecture to the applications. This heterogeneous multiprocessor architecture builds on a popular system architecture, the scIBM PS/2 with the Micro Channel system bus. Incorporating a second bus, the scSCSI bus, as a system extension is explored.
Show less - Date Issued
- 1989
- PURL
- http://purl.flvc.org/fcla/dt/12242
- Subject Headings
- Microcomputer workstations, Multiprocessors, Object-oriented programming (Computer science), Computer architecture
- Format
- Document (PDF)
- Title
- The design of reliable decentralized computer systems.
- Creator
- Wu, Jie., Florida Atlantic University, Fernandez, Eduardo B., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
With the increase in the applications of computer technology, there are more and more demands for the use of computer systems in the area of real-time applications and critical systems. Reliability and performance are fundamental design requirements for these applications. In this dissertation, we develop some specific aspects of a fault-tolerant decentralized system architecture. This system can execute concurrent processes and it is composed of processing elements that have only local...
Show moreWith the increase in the applications of computer technology, there are more and more demands for the use of computer systems in the area of real-time applications and critical systems. Reliability and performance are fundamental design requirements for these applications. In this dissertation, we develop some specific aspects of a fault-tolerant decentralized system architecture. This system can execute concurrent processes and it is composed of processing elements that have only local memories with point-to-point communication. A model using hierarchical layers describes this system. Fault tolerance techniques are discussed for the applications, software, operating system, and hardware layers of the model. Scheduling of communicating tasks to increase performance is also addressed. Some special problems such as the Byzantine Generals problem are considered. We have shown that, by combining reliable techniques on different layers and with consideration of system performance, one can provide a system with a very high level reliability as well as performance.
Show less - Date Issued
- 1989
- PURL
- http://purl.flvc.org/fcla/dt/12237
- Subject Headings
- Electronic digital computers--Reliability, Fault-tolerant computing, System design, Computer software--Reliability
- Format
- Document (PDF)
- Title
- An object-oriented model for a manufacturing resource planning system.
- Creator
- Kastritis, Karen Mary., Florida Atlantic University, Han, Chingping (Jim), Fernandez, Eduardo B., College of Engineering and Computer Science, Department of Ocean and Mechanical Engineering
- Abstract/Description
-
Manufacturing Resource Planning systems are functionally complex systems. In providing effective resource management tools, they support the integration of a wide variety of complex functions. These systems also undergo frequent changes as business needs change. For these reasons, analysis techniques which provide methods to create clear, flexible systems must be sought. Object oriented analysis is such a technique. This thesis presents the development of an object oriented model for a...
Show moreManufacturing Resource Planning systems are functionally complex systems. In providing effective resource management tools, they support the integration of a wide variety of complex functions. These systems also undergo frequent changes as business needs change. For these reasons, analysis techniques which provide methods to create clear, flexible systems must be sought. Object oriented analysis is such a technique. This thesis presents the development of an object oriented model for a Manufacturing Resource Planning system (MRPII). It will be shown that the use of objects and object oriented techniques to model complex systems such as MRPII results in system models which are more easily understood and more flexible to change than other more conventional representations. Future research may include the formal design and implementation of the model. The flexibility of the implemented system could then be compared to the level of flexibility of a non-object based system.
Show less - Date Issued
- 1996
- PURL
- http://purl.flvc.org/fcla/dt/15288
- Subject Headings
- Manufacturing processes, Manufacturing resource planning, Production management--Data processing, Object-oriented programming (Computer science)
- Format
- Document (PDF)
- Title
- THE IMPLEMENTATION OF SOFTWARE FAULT TOLERANCE IN THE INTEL 80286 PROCESSOR.
- Creator
- OZAKI, BRENDA., Florida Atlantic University, Fernandez, Eduardo B., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
This thesis analyzes how the architecture of the Intel 80286 microprocessor may be used to implement fault tolerant software structures. The Multi-Micro Programming Line, MML, and the Intel 80286 kernel, K286, are used as tools to illustrate the implementation of software fault tolerance in an 80286 environment. The recovery metaprogram approach is supported by software layers which use the privilege levels in the 80286. Implementation of recovery blocks, N-version programming, exceptions,...
Show moreThis thesis analyzes how the architecture of the Intel 80286 microprocessor may be used to implement fault tolerant software structures. The Multi-Micro Programming Line, MML, and the Intel 80286 kernel, K286, are used as tools to illustrate the implementation of software fault tolerance in an 80286 environment. The recovery metaprogram approach is supported by software layers which use the privilege levels in the 80286. Implementation of recovery blocks, N-version programming, exceptions, and conversations using a recovery metaprogram are covered. While the details are specific to the 80286 architecture, the general results apply to any architecture with three or more rings of privilege and a segmented virtual memory using descriptors.
Show less - Date Issued
- 1987
- PURL
- http://purl.flvc.org/fcla/dt/14399
- Subject Headings
- Fault-tolerant computing, Intel 80286 (Microprocessor)
- Format
- Document (PDF)
- Title
- Modeling and analysis of security.
- Creator
- Ajaj, Ola, Fernandez, Eduardo B., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
Cloud Computing is a new computing model consists of a large pool of hardware and software resources on remote datacenters that are accessed through the Internet. Cloud Computing faces significant obstacles to its acceptance, such as security, virtualization, and lack of standardization. For Cloud standards, there is a long debate about their role, and more demands for Cloud standards are put on the table. The Cloud standardization landscape is so ambiguous. To model and analyze security...
Show moreCloud Computing is a new computing model consists of a large pool of hardware and software resources on remote datacenters that are accessed through the Internet. Cloud Computing faces significant obstacles to its acceptance, such as security, virtualization, and lack of standardization. For Cloud standards, there is a long debate about their role, and more demands for Cloud standards are put on the table. The Cloud standardization landscape is so ambiguous. To model and analyze security standards for Cloud Computing and web services, we have surveyed Cloud standards focusing more on the standards for security, and we classified them by groups of interests. Cloud Computing leverages a number of technologies such as: Web 2.0, virtualization, and Service Oriented Architecture (SOA). SOA uses web services to facilitate the creation of SOA systems by adopting different technologies despite their differences in formats and protocols. Several committees such as W3C and OASIS are developing standards for web services; their standards are rather complex and verbose. We have expressed web services security standards as patterns to make it easy for designers and users to understand their key points. We have written two patterns for two web services standards; WS-Secure Conversation, and WS-Federation. This completed an earlier work we have done on web services standards. We showed relationships between web services security standards and used them to solve major Cloud security issues, such as, authorization and access control, trust, and identity management. Close to web services, we investigated Business Process Execution Language (BPEL), and we addressed security considerations in BPEL and how to enforce them. To see how Cloud vendors look at web services standards, we took Amazon Web Services (AWS) as a case-study. By reviewing AWS documentations, web services security standards are barely mentioned. We highlighted some areas where web services security standards could solve some AWS limitations, and improve AWS security process. Finally, we studied the security guidance of two major Cloud-developing organizations, CSA and NIST. Both missed the quality of attributes offered by web services security standards. We expanded their work and added benefits of adopting web services security standards in securing the Cloud.
Show less - Date Issued
- 2013
- PURL
- http://purl.flvc.org/fau/fd/FA0004001
- Subject Headings
- Cloud Computing, Computational grids (Computer systems), Computer network architectures, Expert systems (Computer science), Web services -- Management
- Format
- Document (PDF)
- Title
- THE DESIGN AND IMPLEMENTATION OF A DECENTRALIZED SECURITY ADMINISTRATION SYSTEM.
- Creator
- KANG, SHYHJER., Florida Atlantic University, Fernandez, Eduardo B., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
Modern computer systems have strong requirements for security. The decentralization of the security functions is becoming necessary due to the complexity and physical distribution of many systems. This study uses a previous model of authorization for decentralized security administration. The concept of file classes is proposed and used for the entire system design as a main motive. Algorithms for delegation of administrative access rights with revocation are designed and implemented. For...
Show moreModern computer systems have strong requirements for security. The decentralization of the security functions is becoming necessary due to the complexity and physical distribution of many systems. This study uses a previous model of authorization for decentralized security administration. The concept of file classes is proposed and used for the entire system design as a main motive. Algorithms for delegation of administrative access rights with revocation are designed and implemented. For development of software, top-down and bottom-up methods are adopted. The strategy for design is borrowed from the object-oriented approach. The special "unit" feature of the implementation language--Meridian-Pascal, serves as a window to observe the interaction and coordination of the fundamental data representations. Four basic table structures are defined to control the authorization system. For the delegation and revocation of the administrative access rights, two graph structures are used and implemented to illustrate the logical view of the operations.
Show less - Date Issued
- 1987
- PURL
- http://purl.flvc.org/fcla/dt/14394
- Subject Headings
- File organization (Computer science), Decentralization in management
- Format
- Document (PDF)
- Title
- A parallel and reliable robot controller system.
- Creator
- Zhang, Ruiguang., Florida Atlantic University, Fernandez, Eduardo B., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
In recent years robots have become increasingly important in many areas. Along with the development of robot-arm control theory, there has been an increased demand for faster and more reliable control systems. In this thesis, a parallel technique is applied to all of the units of a robot control system. Also, software fault-tolerance mechanisms such as timeout, conversation, exception handling, and their Occam implementations, are considered. A simulation study shows that pipelining, together...
Show moreIn recent years robots have become increasingly important in many areas. Along with the development of robot-arm control theory, there has been an increased demand for faster and more reliable control systems. In this thesis, a parallel technique is applied to all of the units of a robot control system. Also, software fault-tolerance mechanisms such as timeout, conversation, exception handling, and their Occam implementations, are considered. A simulation study shows that pipelining, together with a multiprocessing system, increases the performance of this real-time system, and it is a convenient way to speed up robot controller execution. While we have not evaluated the increase in reliability, we have shown that these fault tolerance mechanisms can be conveniently implemented in this type of application.
Show less - Date Issued
- 1989
- PURL
- http://purl.flvc.org/fcla/dt/14566
- Subject Headings
- Control theory, Robots--Programming
- Format
- Document (PDF)
- Title
- Software-implemented fault tolerance in a hypercube multiprocessor.
- Creator
- Sahai, Shankar., Florida Atlantic University, Fernandez, Eduardo B., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
This thesis analyzes how software fault tolerance can be implemented in a hypercube multiprocessor. For concreteness we consider a multiprocessor using Intel 80286/386/486 processors. The Recovery Metaprogram approach (an architecture that isolates all fault tolerance functions in a special layer) has been used to implement application transparent and application specific fault tolerance technigues such as recovery blocks, N-version programming, exceptions and others. A fault tolerant routing...
Show moreThis thesis analyzes how software fault tolerance can be implemented in a hypercube multiprocessor. For concreteness we consider a multiprocessor using Intel 80286/386/486 processors. The Recovery Metaprogram approach (an architecture that isolates all fault tolerance functions in a special layer) has been used to implement application transparent and application specific fault tolerance technigues such as recovery blocks, N-version programming, exceptions and others. A fault tolerant routing algorithm is also described. While the details are specific to the 80286/386/486 processor these results apply also to any other processor with similar features.
Show less - Date Issued
- 1990
- PURL
- http://purl.flvc.org/fcla/dt/14633
- Subject Headings
- Hypercube networks (Computer networks), Intel 80x86 (Microprocessor)
- Format
- Document (PDF)
- Title
- Formal specification of authorization and user group models for object-oriented databases.
- Creator
- Wei, Dong., Florida Atlantic University, Fernandez, Eduardo B., France, Robert B., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
The use of formal methods has become increasingly important for software development. In this thesis, we present the formal specifications for a method-based authorization model for object-oriented databases. We also formalize a proposed user group structuring. We start from an existing OMT (Object Modeling Technique) description and we use Z as language for formal specification. This specification gives a precise definition of the policies and functions of this authorization system. This can...
Show moreThe use of formal methods has become increasingly important for software development. In this thesis, we present the formal specifications for a method-based authorization model for object-oriented databases. We also formalize a proposed user group structuring. We start from an existing OMT (Object Modeling Technique) description and we use Z as language for formal specification. This specification gives a precise definition of the policies and functions of this authorization system. This can be used as a basis for implementation and possible verification in those cases where a high level of security is required.
Show less - Date Issued
- 1995
- PURL
- http://purl.flvc.org/fcla/dt/15175
- Subject Headings
- Object-oriented databases, Computer software--Development, Database security
- Format
- Document (PDF)
- Title
- A REFERENCE ARCHITECTURE FOR NETWORK FUNCTION VIRTUALIZATION.
- Creator
- Alwakeel, Ahmed M., Fernandez, Eduardo B., Florida Atlantic University, Department of Computer and Electrical Engineering and Computer Science, College of Engineering and Computer Science
- Abstract/Description
-
Cloud computing has provided many services to potential consumers, one of these services being the provision of network functions using virtualization. Network Function Virtualization is a new technology that aims to improve the way we consume network services. Legacy networking solutions are different because consumers must buy and install various hardware equipment. In NFV, networks are provided to users as a software as a service (SaaS). Implementing NFV comes with many benefits, including...
Show moreCloud computing has provided many services to potential consumers, one of these services being the provision of network functions using virtualization. Network Function Virtualization is a new technology that aims to improve the way we consume network services. Legacy networking solutions are different because consumers must buy and install various hardware equipment. In NFV, networks are provided to users as a software as a service (SaaS). Implementing NFV comes with many benefits, including faster module development for network functions, more rapid deployment, enhancement of the network on cloud infrastructures, and lowering the overall cost of having a network system. All these benefits can be achieved in NFV by turning physical network functions into Virtual Network Functions (VNFs). However, since this technology is still a new network paradigm, integrating this virtual environment into a legacy environment or even moving all together into NFV reflects on the complexity of adopting the NFV system. Also, a network service could be composed of several components that are provided by different service providers; this also increases the complexity and heterogeneity of the system. We apply abstract architectural modeling to describe and analyze the NFV architecture. We use architectural patterns to build a flexible NFV architecture to build a Reference Architecture (RA) for NFV that describe the system and how it works. RAs are proven to be a powerful solution to abstract complex systems that lacks semantics. Having an RA for NFV helps us understand the system and how it functions. It also helps us to expose the possible vulnerabilities that may lead to threats toward the system. In the future, this RA could be enhanced into SRA by adding misuse and security patterns for it to cover potential threats and vulnerabilities in the system. Our audiences are system designers, system architects, and security professionals who are interested in building a secure NFV system.
Show less - Date Issued
- 2020
- PURL
- http://purl.flvc.org/fau/fd/FA00013434
- Subject Headings
- Virtual computer systems, Cloud computing, Computer network architectures, Computer networks
- Format
- Document (PDF)
- Title
- TOWARDS A SECURITY REFERENCE ARCHITECTURE FOR NETWORK FUNCTION VIRTUALIZATION.
- Creator
- Alnaim, Abdulrahman K., Fernandez, Eduardo B., Florida Atlantic University, Department of Computer and Electrical Engineering and Computer Science, College of Engineering and Computer Science
- Abstract/Description
-
Network Function Virtualization (NFV) is an emerging technology that transforms legacy hardware-based network infrastructure into software-based virtualized networks. Instead of using dedicated hardware and network equipment, NFV relies on cloud and virtualization technologies to deliver network services to its users. These virtualized network services are considered better solutions than hardware-based network functions because their resources can be dynamically increased upon the consumer’s...
Show moreNetwork Function Virtualization (NFV) is an emerging technology that transforms legacy hardware-based network infrastructure into software-based virtualized networks. Instead of using dedicated hardware and network equipment, NFV relies on cloud and virtualization technologies to deliver network services to its users. These virtualized network services are considered better solutions than hardware-based network functions because their resources can be dynamically increased upon the consumer’s request. While their usefulness can’t be denied, they also have some security implications. In complex systems like NFV, the threats can come from a variety of domains due to it containing both the hardware and the virtualize entities in its infrastructure. Also, since it relies on software, the network service in NFV can be manipulated by external entities like third-party providers or consumers. This leads the NFV to have a larger attack surface than the traditional network infrastructure. In addition to its own threats, NFV also inherits security threats from its underlying cloud infrastructure. Therefore, to design a secure NFV system and utilize its full potential, we must have a good understanding of its underlying architecture and its possible security threats. Up until now, only imprecise models of this architecture existed. We try to improve this situation by using architectural modeling to describe and analyze the threats to NFV. Architectural modeling using Patterns and Reference Architectures (RAs) applies abstraction, which helps to reduce the complexity of NFV systems by defining their components at their highest level. The literature lacks attempts to implement this approach to analyze NFV threats. We started by enumerating the possible threats that may jeopardize the NFV system. Then, we performed an analysis of the threats to identify the possible misuses that could be performed from them. These threats are realized in the form of misuse patterns that show how an attack is performed from the point of view of attackers. Some of the most important threats are privilege escalation, virtual machine escape, and distributed denial-of-service. We used a reference architecture of NFV to determine where to add security mechanisms in order to mitigate the identified threats. This produces our ultimate goal, which is building a security reference architecture for NFV.
Show less - Date Issued
- 2020
- PURL
- http://purl.flvc.org/fau/fd/FA00013435
- Subject Headings
- Computer network architectures--Safety measures, Virtual computer systems, Computer networks, Modeling, Computer
- Format
- Document (PDF)
- Title
- MODELING AND SECURITY IN CLOUD AND RELATED ECOSYSTEMS.
- Creator
- Syed, Madiha Haider, Fernandez, Eduardo B., Florida Atlantic University, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
Software systems increasingly interact with each other, forming ecosystems. Cloud is one such ecosystem that has evolved and enabled other technologies like IoT and containers. Such systems are very complex and heterogeneous because their components can have diverse origins, functions, security policies, and communication protocols, which makes it difficult to comprehend, utilize and consequently secure them. Abstract architectural models can be used to handle this complexity and...
Show moreSoftware systems increasingly interact with each other, forming ecosystems. Cloud is one such ecosystem that has evolved and enabled other technologies like IoT and containers. Such systems are very complex and heterogeneous because their components can have diverse origins, functions, security policies, and communication protocols, which makes it difficult to comprehend, utilize and consequently secure them. Abstract architectural models can be used to handle this complexity and heterogeneity but there is lack of work on precise, implementation/vendor neutral and holistic models which represent ecosystem components and their mutual interactions. We attempted to find similarities in systems and generalize to create abstract models for adding security. We represented the ecosystem as a Reference architecture (RA) and the ecosystem units as patterns. We started with a pattern diagram which showed all the components involved along with their mutual interactions and dependencies. We added components to the already existent Cloud security RA (SRA). Containers, being relatively new virtualization technology, did not have a precise and holistic reference architecture. We have built a partial RA for containers by identifying and modeling components of the ecosystem. Container security issues were identified from the literature as well as analysis of our patterns. We added corresponding security countermeasures to container RA as security patterns to build a container SRA. Finally, using container SRA as an example, we demonstrated an approach for RA validation. We have also built a composite pattern for fog computing that is an intermediate platform between Cloud and IoT devices. We represented an attack, Distributed Denial of Service (DDoS) using IoT devices, in the form of a misuse pattern which explains it from the attacker’s perspective. We found this modelbased approach useful to build RAs in a flexible and incremental way as components can be identified and added as the ecosystems expand. This provided us better insight to analyze security issues across boundaries of individual ecosystems. A unified, precise and holistic view of the system is not just useful for adding or evaluating security, this approach can also be used to ensure compliance, privacy, safety, reliability and/or governance for cloud and related ecosystems. This is the first work we know of where patterns and RAs are used to represent ecosystems and analyze their security.
Show less - Date Issued
- 2019
- PURL
- http://purl.flvc.org/fau/fd/FA00013345
- Subject Headings
- Software ecosystems, Cloud computing--Security measures, Internet of things, Software architecture--Security measures, Computer modeling
- Format
- Document (PDF)
- Title
- Complexity metrics in parallel computing.
- Creator
- Larrondo-Petrie, Maria M., Florida Atlantic University, Fernandez, Eduardo B., Coulter, Neal S., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
Accompanying the potential increase in power offered by parallel computers is an increase in the complexity of program design, implementation, testing and maintenance. It is important to understand the logical complexity of parallel programs in order to support the development of concurrent software. Measures are needed to quantify the components of parallel software complexity and to establish a basis for comparison and analysis of parallel algorithms at various stages of development and...
Show moreAccompanying the potential increase in power offered by parallel computers is an increase in the complexity of program design, implementation, testing and maintenance. It is important to understand the logical complexity of parallel programs in order to support the development of concurrent software. Measures are needed to quantify the components of parallel software complexity and to establish a basis for comparison and analysis of parallel algorithms at various stages of development and implementation. A set of primitive complexity measures is proposed that collectively describe the total complexity of parallel programs. The total complexity is separated into four dimensions or components: requirements, sequential, parallel and communication. Each proposed primitive measure is classified under one of these four areas. Two additional possible dimensions, fault-tolerance and real-time, are discussed. The total complexity measure is expressed as a vector of dimensions; each component is defined as a vector of primitive metrics. The method of quantifying each primitive metric is explained in detail. Those primitive metrics that contribute to the parallel and communications complexity are exercised against ten published summation algorithms and programs, illustrating that architecture has a significant effect on the complexity of parallel programs--even if the same programming language is used. The memory organization and the processor interconnection scheme had no effect on the parallel component, but did affect the communication component. Programming style and language did not have a noticeable effect on either component. The proposed metrics are quantifiable, consistent, and useful in comparing parallel algorithms. Unlike existing parallel metrics, they are general and applicable to different languages, architectures, algorithms, paradigms, programming styles and stages of software development.
Show less - Date Issued
- 1992
- PURL
- http://purl.flvc.org/fcla/dt/12296
- Subject Headings
- Parallel programming (Computer Science), Computer algorithms
- Format
- Document (PDF)
- Title
- Diagnosis of microprocessors using self-test and its application to multiprocessing.
- Creator
- Yazdani, Hamid R., Florida Atlantic University, Fernandez, Eduardo B., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
A great deal of research in the area of VLSI built-in testability is under way. This approach increases the reliability of the hardware system at the gate or circuit level. However, in many cases we cannot modify an existing hardware, and diagnostic software is a possible way to increase reliability. We use here a strategy to apply diagnostic tests that consist of starting of single units and instructions, to include progressively more complex instructions and units. After a complete...
Show moreA great deal of research in the area of VLSI built-in testability is under way. This approach increases the reliability of the hardware system at the gate or circuit level. However, in many cases we cannot modify an existing hardware, and diagnostic software is a possible way to increase reliability. We use here a strategy to apply diagnostic tests that consist of starting of single units and instructions, to include progressively more complex instructions and units. After a complete processor is shown to be correct, it can be used to test other processors in a multiprocessing system. We present here details of this approach, including self-test software and its application to the Intel 8086 microprocessor.
Show less - Date Issued
- 1987
- PURL
- http://purl.flvc.org/fcla/dt/14426
- Subject Headings
- Microprocessors--Testing
- Format
- Document (PDF)
- Title
- Modeling access control of medical information.
- Creator
- Sorgente, Tami W., Florida Atlantic University, Fernandez, Eduardo B., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
Medical information is very private and sensitive. With the digitization of medical data, it is becoming accessible through distributed systems, including the Internet. Access to all this information and appropriate exchange of data makes the job of health providers more effective, however, the number of people that can potentially access this information increases by orders of magnitude. Private health information is not well protected. We present guidelines for security models for medical...
Show moreMedical information is very private and sensitive. With the digitization of medical data, it is becoming accessible through distributed systems, including the Internet. Access to all this information and appropriate exchange of data makes the job of health providers more effective, however, the number of people that can potentially access this information increases by orders of magnitude. Private health information is not well protected. We present guidelines for security models for medical information systems. First, we model the structure of the medical information in the form of object-oriented patterns. Second, we study models and patterns in use today and compare them to our patterns. Next we define requirements necessary for controlling access, and describe the common policies and restrictions of security models for medical applications. We present some of the medical record access control restrictions directly in a conceptual model of the medical information.
Show less - Date Issued
- 2004
- PURL
- http://purl.flvc.org/fcla/dt/13163
- Subject Headings
- Medical records--Access control, Privacy, Right of, Freedom of information, Medical records--Data processing, Medicine--Research--Moral and ethical aspects, Confidential communications, Medical ethics, Information storage and retrieval systems--Medical care, Medical informatics, Computer security, Medicine--Computer networks
- Format
- Document (PDF)
- Title
- PERFORMANCE EVALUATION OF A RIDGE 32 COMPUTER SYSTEM (RISC (REDUCED INSTRUCTION SET COMPUTER)).
- Creator
- YOON, SEOK TAE., Florida Atlantic University, Fernandez, Eduardo B., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
As a new trend in designing a computer architecture, Reduced Instruction set Computers(RISC) have been proposed recently. This thesis reviews the new design approach behind the RISC and discuss the controversy between the proponents of the RISC approach and those of the traditional Complex Instruction set COmputer(CISC) approach. Ridge 32 is selected as a case study of the RISCs. Architectural parameters to evaluate the computer performance are considered to analyze the performance of the...
Show moreAs a new trend in designing a computer architecture, Reduced Instruction set Computers(RISC) have been proposed recently. This thesis reviews the new design approach behind the RISC and discuss the controversy between the proponents of the RISC approach and those of the traditional Complex Instruction set COmputer(CISC) approach. Ridge 32 is selected as a case study of the RISCs. Architectural parameters to evaluate the computer performance are considered to analyze the performance of the Ridge 32. A simulator for the Ridge 32 was implemented in PASCAL as a way of measuring those parameters. Measurement results on the several selected benchmark programs are given and analyzed to evaluate the characteristics of the Ridge 32.
Show less - Date Issued
- 1986
- PURL
- http://purl.flvc.org/fcla/dt/14348
- Subject Headings
- Computer architecture, Microprocessors
- Format
- Document (PDF)