ProjectsThis information is currently being updated.Current ProjectsAIR-II
ARINC 653 In Space RTOS CloudFIT
Fault and Intrusion Tolerance for Cloud Computing DIVERSE
Diversity for Intrusion-Tolerant Systems FTH-Grid
Fault-Tolerant Hierarchical Grid Scheduling MASSIF
MAnagement of Security information and events in Service Infrastructures RC-Clouds
Resilient Computing in the Clouds ReD
Resilient Database Clusters REGENESYS
Regeneration of Replicated Systems SITAN
Services for Intrusion Tolerant Ad Hoc Networks TCLOUDS
Trustworthy Clouds: Privacy and Resilience for Internet-scale Critical Infrastructure TRONE
Trustworthy and Resilient Operations in a Network Environment
Project Title: AIR-II
ARINC 653 In Space RTOS - Industrial Initiativehttp://air.di.fc.ul.pt/air-ii/ Sponsoring body: European Space Agency - Innovation Triangle Initiative Project Number: ESTEC Contract 21217/07/NL/CB Total award amount: 150K Euro Coordinator: Skysoft Portugal Partners: FCUL, Skysoft Portugal, Thales Alenia Space Start Date: Jan 2008 Keywords: Aerospace industry, ARINC 653, Real-time kernels, RTEMS, Safety-critical embedded systems, Time and space partitioning Summary: The ARINC 653 specification is an important block from the Integrated Modular Avionics (IMA) definition, and both emerged in the civil aviation sector to answer to problems also identified in the space world. The AIR innovation initiative stemmed from the interest of the European Space Agency (ESA) in the adoption of the ARINC 653 concept for space on-board software, and aimed at the utilization and re-utilization of components off the shelf (COTS), exploiting the use of the Real-Time Executive for Multiprocessor Systems (RTEMS), a free/opensource real-time operating system. However, the AIR activies went further ahead, and resulted, not only in the intended proof of concept of the utilization of ARINC 653 in space, but also in the definition of a general architecture for an ARINC 653-compliant RTOS, allowing the co-existence of different RTOS kernels in different partitions. The "AIR-II: ARINC 653 Interface in Space RTOS - Industrial Initiative" activities continue the work done in AIR, with the goal of becoming closer to a real system by improving and completing the key ideas identified. Besides evolving the design of an ARINC 653-compliant RTOS, AIR-II strives to make prototyping more efficient, by uniformizing the integration of operating systems and using widely available production chain tools. The establishment of a uniform methodology for operating system integration benefits from lessons learned in the course of work with Linux, and opens room for the flexible integration of real-time and non-real-time operating systems. Open design issues from AIR, which will be dealth with in AIR-II, concern: consolidation of robust spatial segregation features, including hardware-based memory protection mechanisms; enhancing timeliness attributes, by adding support for multiple mode-based schedules (defined as an additional service in ARINC 653, Part 2) and runtime process deadline violation monitoring; definition of a flexible and portable Application Executive (APEX) Interface; definition of space-specific functions, such as health monitoring functions for error processing at all the levels of the system. The AIR-II consortium benefits from the experience of both FCUL and Skysoft researchers obtained from the results of the AMOBA (ARINC 653 simulator for modular space based applications) activity, and is sustained by a new partner, Thales Alenia Space, a key system integrator for ESA. Indication of project size at FCUL: Latest publications: José Rufino, João Craveiro, Paulo Verissimo, “Architecting Robustness and Timeliness in a New Generation of Aerospace Systems,” in Architecting Dependable Systems VII, LNCS 6420, A. Casimiro, R. de Lemos, and C. Gacek (Eds.), Berlin Heidelberg: Springer-Verlag, 2010. João Craveiro and José Rufino, “Adaptability Support in Time- and Space-Partitioned Aerospace Systems,” in Proceedings of the Second International Conference on Adaptive and Self-adaptive Systems and Applications (ADAPTIVE 2010), Lisbon, Portugal, Nov. 2010. José Rufino, João Craveiro, and Paulo Verissimo, “Building a time- and space-partitioned architecture for the next generation of space vehicle avionics,” in Proceedings of the 8th IFIP Workshop on Software Technologies for Future Embedded and Ubiquitous Systems (SEUS 2010), LNCS 6399, S.L. Min et al. (Eds.), Waidhofen an der Ybbs, Austria, Oct. 2010. Joaquim Rosa, João Craveiro, José Rufino, “Exploiting AIR Composability towards Spacecraft Onboard Software Update,” in Actas do INForum 2010 - II Simpósio de Informática, L. S. Barbosa and M. P. Correia (Eds.), Braga, Portugal, Sep. 2010. João Craveiro and José Rufino, “Schedulability Analysis in Partitioned Systems for Aerospace Avionics,” in Proceedings of the 15th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA 2010), Bilbao, Spain, Sep. 2010.
Project Title: CloudFIT
Fault and Intrusion Tolerance for Cloud Computinghttp://cloudfit.di.fc.ul.pt/ Sponsoring body: FCT Project Number: PTDC/EIA-CCO/108299/2008 Total award amount: ... Coordinator: FCUL Partners: FCUL, Universität Ulm Start Date: Jan 2010 Duration: 2 years Keywords: Distributed Systems, Intrusion Tolerance, Security, Availability, Cloud Computing Summary: Cloud computing has gained strong popularity in the past years. Cloud architectures typically combine a potentially large number of heterogeneous, loosely coupled and geographically dispersed computers connected via the Internet to form a single unified system that hosts service applications. Cloud architectures make it difficult to apply traditional security approaches. For example, global management policies are difficult to enforce when clouds cross administrative boundaries. At the same time, software complexity is steadily increasing, making it practically infeasible to guarantee the absence of security vulnerabilities in it. As a consequence, implementing dependable services in a cloud faced by malicious attacks is a challenging task. Intrusion tolerance is a paradigm that allows implementing services in a way that they can correctly provide their functionality in spite of malicious intrusions in some of the cloud nodes. The objective of this project is to define an infrastructure for intrusion-tolerant services in a cloud environment. In order to achieve this goal, we use intrusion-tolerant replication, which allows tolerating intrusions in a subset of the replicas. With the CloudFIT architecture, we address three main scientific challenges, as stated below. First, virtualisation technology has become mainstream in cloud computing, executing services within virtual machines and managing the cloud resources with the virtualisation infrastructure. Virtualisation is also an established approach to create a hybrid system architecture with an intrusion-free trusted domain and application domains that execute services subject to malicious attacks. While most virtualisation approaches for clouds tend to continuously grow in functionality and complexity, virtualisation for implementing a trusted domain needs to be minimal and verifiable, in order to justify the assumption of intrusion-freedom. The goal of CloudFIT is to combine both in a common architecture, analysing the requirements that both have on the virtual machine monitor (VMM) and defining a minimal virtualisation layer with sufficient functionality for intrusion-tolerant applications and for managing cloud resources. Second, the trusted computing base has to execute the functionality needed for intrusion-tolerant replication and proactive recovery. As the code base executed within the TCB should be minimal, the functionality needs to be split between application domains and trusted domain. The challenge hereby is identifying a subset of the infrastructure for intrusion-tolerant replication and recovery that should be executed in a trusted computing base, and the definition of adequate interfaces between application domain and TCB, for example for supporting efficient state transfer. Third, resource allocation in clouds is typically automated, given the resource demands of applications, such as the need for CPU time, disk space, and network capacity. Automatically allocating replicas of an intrusion-tolerant application needs additional criteria that influence intrusion tolerance. For example, replicas should never be placed on the same host, probably not even in the same administrative domain, and should be heterogeneous (e.g., different hardware or operating systems), in order to avoid common-mode faults that would allow an attacker to compromise multiple replicas simultaneously. With the same motivations, recoveries should change replica locations in order to avoid suffering again from the same attack. It is thus essential to define strategies for resource allocation for replicas in the cloud, in order to maximise the availability of a service, and integrate these strategies with the automated resource allocation mechanisms found in cloud infrastructures. The expected results from the project are: - The definition of a virtualisation architecture that respects the needs of cloud infrastructures and provides a minimal trusted computing base (TCB) for intrusion-tolerant replication with proactive recovery;
- The specification of an intrusion-tolerant replication infrastructure for cloud computing, in which the functionality is split between a minimal core executing in the TCB and a second part that is placed within normal application domains faced with malicious faults;
- The analysis of the requirements on resource management for intrusion tolerance, such as replica dislocation and diversity;
- The extension of a grid/cloud resource allocator in order to incorporate the fault-tolerance requisites;
- A prototype that integrates (1)-(4), an evaluation of the performance of this prototype, and an analysis of the improvements that the proposed architecture yields in terms of intrusion tolerance.
Indication of project size at FCUL: 5 researchers Latest publications: ...
Project Title: DIVERSE
Diversity for Intrusion-Tolerant Systemshttp://www.di.fc.ul.pt/~nuno/PROJECTS/DIVERSE/ Sponsoring body: FCT Project Number: PTDC/EIA-EIA/100894/2008 Total award amount: 88.5K Euro Start Date: Jan 2010 Duration: 3 years Keywords: ... Summary: Intrusion tolerance is a security and dependability paradigm that has beengaining momentum over the past decade. It lets system designers address bothaccidental faults and attacks in a seamless manner, which can complement thereach of classical security approaches. Intrusion tolerance assumes that: inpart due to their complexity, systems remain to some extent faulty and/orvulnerable; attacks on components can happen and some will be successful; butautomatic mechanisms can ensure that the overall system nevertheless remainscorrect and operational. In distributed systems, the usual way to deploy intrusion tolerance servicesis through a middleware layer that manages n server replicas. Replicas performthe operations requested by the users, and rely on distributed protocols of themiddleware to carry out coordination and cooperation actions. Given themalicious intelligence behind the expect threats, the protocols have to resistto a wide range of attacks, originating from the network, bad clients andcorrupted replicas. The necessary number of replicas varies with systemconfiguration, the baseline being that if one expects a number f of faults orintrusions, then the service should run a minimum of n = 3f+1 replicas. Intrusion tolerant systems, therefore, can only remain correct if they areable to preserve in every instant a number of corrupted replicas smaller thanthe f threshold. This is a difficult task because adversaries are alwaysdiscovering new forms of attack, and it can be exacerbated due to common-modevulnerabilities. These vulnerabilities occur in all (or in a large subset of)replicas, and once found allow a speedy compromise of the system with minimaleffort. Additionally, adversaries learn from past intrusions, which means thateven if replicas are recovered, they will be rapidly corrupted unless they arerestarted with diverse software (that does not contain the samevulnerabilities). In this project, we want to investigate ways to obtain and integrate diversesoftware replica versions in intrusion tolerant systems. In the past, thissubject has been mainly overlooked because research in distributed protocols hasconsidered it an orthogonal issue. However, once the actual deployment ofsystems is considered, it becomes a fundamental problem that is actually quitehard to solve. Firstly, in almost all cases it is unfeasible to build severalsoftware versions due to cost, but even if it was possible, it is not clear thatthe outcome would acceptable (e.g., programmers tend to make similar mistakes).Therefore, one would always need to devise evaluation methods to confirm thevulnerability independence of replicas. Secondly, diversity increases thedifficulty of ensuring replica execution determinism, a common assumption inintrusion tolerant systems. In these systems, malicious replica behavior isusually tolerated by running the same operation in all replicas and then byselecting the result which has more than f votes. This quorum might not beattainable because small changes on replicas’ executions can have an impact onthe output result. Therefore, mechanisms will have to be devised to address thisissue. Contributions are expected in the following important areas: - The project will investigate new techniques for the inclusion of diversityin intrusion tolerant services, in order to reduce the probability of occurringcommon mode vulnerabilities across multiple replicas. The project will considertwo fundamental approaches to achieve this objective: it will take advantage ofthe inherent diversity provided by software products that implement the samefunctionality, and it will develop ways to automatically introduce diversity inthe applications, for example, by exploring disparate configurations, input datamodifications, and control flow randomization.
- The project will implement the techniques and integrate them in a middlewarethat supports the execution of intrusion tolerant services. One shouldunderstand that this implementation poses a few research challenges becausediversity undermines replica determinism, a primary assumption on the statemachine replication paradigm. Non-determinism can be a problem even for a singleprogram that runs multiple times (e.g., due to scheduling differences of theoperations), therefore, it becomes much more complex to tackle when diversity isemployed.
- The project will evaluate the merits of each technique to prevent orincrease the difficulty of attacks. For software products that have been in themarket for a while, one would like to develop metrics to measure vulnerabilityindependence, for example, based on evidence collected from the analysis of bugreports. For cases where this data is unavailable, one would like to employexperimental techniques that look for common vulnerabilities (e.g., staticanalysis or attack injection).
Indication of project size at FCUL: 9 researchers Latest publications: Henrique Moniz, Nuno Ferreira Neves, Miguel Correia,“Turquois: Byzantine Consensus in Wireless Ad hoc Networks,”in Proceedings of the International Conference on Dependable Systems and Networks (DSN), Chicago, USA, June 2010. João Antunes, Nuno Ferreira Neves, Paulo Verissimo, “Using Attack Injection on Closed Protocols”,Fast Abstract in Supplement of the International Conference on Dependable Systems and Networks (DSN), Chicago, USA, June 2010. Bruno Vavala, Nuno Neves, Henrique Moniz, Paulo Verissimo, “Randomized Consensus in Wireless Environments: A Case Where More is Better,”in Proceedings of the International Conference on Dependability (DEPEND), Venice, Italy, July 2010. (One of the Best Papers)
Project Title: FTH-Grid
Fault-Tolerant Hierarchical Grid Schedulinghttp://fth-grid.di.fc.ul.pt/ Sponsoring body: ... Project Number: ... Total award amount: ... Coordinator: ... Partners: LIP6/CNRS (France), FCUL Start Date: ... Duration: ... Keywords: ... Summary: FTH-Grid is a cooperation project between the Laboratoire d’Informatique de Paris 6 (LIP6/CNRS, France) and the Large-Scale Informatics Systems Laboratory (LASIGE/FCUL, Portugal). As a cooperation project, its goal is to foster scientific research collaboration between the two research teams. From a scientific point of view, the project aims to design architectures and mechanisms for fault- and intrusion-tolerant computational grid. Indication of project size at FCUL: 5 researchers Latest publications: Alysson N. Bessani, Vinicius V. Cogo, Miguel Correia, Pedro Costa, MarceloPasin, Fabricio Silva, Luciana Arantes, Olivier Marin, Pierre Sens, JulienSopena, “Making Hadoop MapReduce Byzantine Fault-Tolerant,” Fast Abstract inSupplement of the International Conference on Dependable Systems and Networks(DSN), Chicago, USA, June 2010.
Project Title: MASSIF
MAnagement of Security information and events in Service Infrastructureshttp://www.massif-project.eu/ Sponsoring body: EU (FP7-ICT Integrated project) Project Number: 257475 Total award amount: 5.95M Euro Coordinator: Atos Origin Partners: Atos Origin, CINI, Epsilon srl, Orange Labs - FranceTelecom, Fraunhofer-SIT, FCUL, SPIIRAS, Télécom SudParis, AlienVault, T-SystemsSouth Africa, Distributed Systems Laboratory (LSD - Universidad Politécnica deMadrid), 6CURE Start Date: Oct 2010 Duration: 3 years Keywords: ... Summary: “Prevention is ideal, but detection is a must.” The main objective of MASSIF is to achieve a significant advance in the area of (Security Information and Event Management). On the base of proper multi-level event correlation MASSIF will provide innovation techniques in order to enable the detection of upcoming security threats and trigger remediation actions even before the occurrence of possible security incidences. Thus, MASSIF will develop a new generation SIEM framework for service infrastructures supporting intelligent, scalable, and multi-level/multi-domain security event processing and predictive security monitoring. Such service-level SIEM involves the modelling and formal validation of security, including trusted computing concepts, architecture for dependable and resilient collection of service events, supported by an extremely scalable and high performance event collection and processing framework, in the context of service-level attack models. Four industrial domains serve as a source for requirements and to validate and demonstrate project results: - Olympic Games IT infrastructure deployed and managed by Atos Origin;
- France Telecom scenario on "Mobile phone based money transfer service" facing security events, especially for the "non-IT" and "service" events;
- T-Systems South Africa provides managed IT outsource services with a high degree of complexity in setting up SIEM systems for large distributed enterprises;
- Epsilon (an SME) will demonstrate the use of the advanced concepts of SIEM in an IT system supporting a critical infrastructure (dam).
Indication of project size at FCUL: Latest publications: ...
Project Title: RC-Clouds
Resilient Computing in the CloudsSponsoring body: FCT Project Number: ... Total award amount: ... Coordinator: ... Partners: ... Start Date: ... Duration: ... Keywords: ... Summary: ... ... Indication of project size at FCUL: Latest publications: ... ...
Project Title: ReD
Resilient Database Clustershttp://red.lsd.di.uminho.pt/ Sponsoring body: FCT Project Number: PDTC/EIA-EIA/109044/2008 Total award amount: ... Coordinator: CCTC/U.Minho Partners: CCTC/U.Minho, FCUL Start Date: ... Duration: ... Keywords: ... Summary: Context Relational database management systems (RDBMS) have long been the trusty workhorse of the information technology (IT) industry. In fact, by holding all shared mutable state and being responsible for durability, the RDBMS is the key component in system scale-out and availability, making database server clusters a perennial hot topic of research in industry and academia. The current state of the art to address these challenges is still, after a long standing debate, split between shared-storage and shared-nothing clustering architectures. On one hand, a shared-storage cluster allows maximum resource efficiency: One uses as many nodes as required for processing the workload and to ensure the desired availability, while the storage is configured solely according to the desired storage bandwidth and disk resilience. Unfortunately, a shared-storage approach based on distributed shared memory and distributed locking raises a number of problems, which make such solutions costly to develop and deploy. Namely, server software needs to be heavily refactored to deal with distributed locking, buffer invalidation, and recovery from partial cluster failure. Anecdotal evidence for these is that none of the mainstream open source database servers provide this option. Most commercial database servers also lack a shared-storage configuration. Also, true write sharing is a potential source of corruption upon software or hardware faults. It is also an additional vulnerability to malicious intrusions. On the other hand, there have been a number of proposals for shared-nothing database server clusters based on consistent replication. All these share the same basic approach: Updates are ordered and propagated before replying back to the client, thus ensuring that no conflicts arise after the transaction commits. The resulting performance and scalability are very good, especially, with currently common mostly read-only workloads. The logical independence of database replicas also increases resilience to data corruption, whether malicious or not. Moreover they are inexpensive and widely available as an add-on to all major DBMS, as no changes to the server software are required. Unfortunately, in a shared-nothing cluster a separate physical copy of data is required for each node. Therefore, even if a only few copies are required for dependability, a large cluster with hundreds of nodes must be configured also with sufficient storage capacity for hundreds of copies of data. In large scale systems, this imposes a hardware and operational cost that offsets their initial advantage. Goal The goal of project ReD is to achieve a generic, robust, and inexpensive shared-storage cluster from an off-the-shelf RDBMS. In detail, the project will deliver the following concrete results: - A general architecture and specification of the proposed approach.
- An exploration of the performance, scalability, and dependabilityaspects of the approach, highlighting the most interesting tradeoffs.
- Adetailed experimental evaluation, using the prototype and industry standardtransaction processing benchmarks.
Challenge and Approach It might look simple at first sight to extend the shared-nothing protocol to cope with shared storage: If all replicas perform exactly the same write operations, database state would be identical and thus could be shared. Unfortunately, internal non-determinism means that different physical images are produced regardless of logical consistency, leading to corruption. Moreover, such simple approach would not preserve the logical independence of replicas and rule out tolerating Byzantine faults. The ReD approach is to combine the replication protocol with a specialized copy-on-write volume management system, that holds transient logically independent partial copies, thus masking internal server non-determinism and isolating multiple logical replicas for resilience. Indication of project size at FCUL: 4 researchers Latest publications: Miguel Araújo and José Pereira, “Evaluating data freshness in large scale replicated databases,”in Actas do INForum 2010 – II Simpósio de Informática, 2010,Braga, Portugal, September 2010. Francisco Maia, José Enrique Armendáriz-Iñigo, M. I. Ruiz-Fuertes, and Rui Oliveira,“Scalable transactions in the cloud: Partitioning revisited,”in 12th International Symposium on Distributed Objects, Middleware, andApplications (DOA), Crete, Greece, 2010. Springer.
Project Title: REGENESYS
Regeneration of Replicated Systemshttp://regenesys.di.fc.ul.pt/ Sponsoring body: FCT Project Number: http://regenesys.di.fc.ul.pt/ Total award amount: ... Start Date: Jan 2010 Duration: 3 years Keywords: Distributed Systems, Intrusion Tolerance, Security, Availability. Summary: Information technology (IT) systems deployed in environments where malicious adversaries may be present (e.g., Internet) are exposed to dangerous attacks. Moreover, it is well-known that attackers are actively involved in the development of new techniques to carry out these attacks. When attacks are successful, they may originate intrusions, giving the intruder arbitrary control over the compromised system. The usual way of fighting such evolving malicious behavior is by applying security patches to operating systems or by introducing newer (better) versions of the application code. Typically, these activities are done by a system administrator and may introduce unavailability periods in system operation. We argue that the security of money-critical (e.g., online banking, e-commerce websites) and safety-critical (e.g., power/water/gas infrastructures connected to the Internet) systems should not depend on human intervention and that unavailability should be avoided at all costs. In order to increase the security of IT systems exposed to malicious attacks, these systems should be able to deal with attacks and intrusions in an automatic away. In the last decade, a large number of Byzantine fault-tolerant (BFT) protocols has been proposed. These protocols, also called intrusion-tolerant protocols, may be used in replicated systems to tolerate the arbitrary failure of a finite number of replicas, denoted by f (typically, f=1 or f=2). However, BFT protocols alone are not enough. These protocols have limited utility in long-lived systems where malicious adversaries are constantly deploying attacks and causing intrusions, given that the allowed number of failures (f) may be exhausted. To deal with this problem, we argue that intrusion-tolerant protocols should be complemented with regeneration mechanisms able to reduce the probability of an adversary compromising more than f replicas. The regeneration of a replica may include various actions, but at the minimum, it cleans the effects of any existing intrusions and applies security patches, restoring the replica to a correct state. These actions imply a non-negligible unavailability time for the replica being regenerated. The goal of the project is to design, implement and evaluate a regeneration service able to enhance the security of replicated systems exposed to accidental (e.g., server crashes) and malicious (e.g., virus infection, server intrusions) faults. In order to achieve this goal, the regeneration service should be able to integrate with existing BFT protocols, enhancing their intrusion tolerance properties. Moreover, the service is flexible, allowing both planned and unplanned regeneration actions. Planned regenerations are defined at deployment time and are triggered periodically. Unplanned regenerations are triggered on demand when a danger situation is predicted. The combination of planned and unplanned regenerations is done in a way that maximizes the availability of the replicas that are necessary to ensure the normal operation of the replicated system. The two main scientific challenges of the proposed regeneration service are the following: - the combination of planned and unplanned regenerations in a way that does not disturb the normal operation of the replicated system, namely its availability;
- the integration of the regeneration service with existing BFT protocols. This second challenge is specially difficult given that most existing BFT protocols only deal with permanent faults (i.e., they assume that a replica either is correct during the entire execution or arbitrarily fails at some instant and is never restored) and, consequently, are not prepared to deal with the transient faults introduced by replicas’ regeneration. Solving this challenge will allow the creation of a novel class of BFT protocols.
The project team has a solid background on the design of BFT protocols and regeneration mechanisms. Therefore, there is an adequate know-how to address the scientific challenges enumerated above. The expected results from the project are: - the definition of a novel class of BFT protocols that are able to tolerate permanent and transient arbitrary faults;
- the specification of an abstract methodology to convert existing BFT protocols into protocols that tolerate permanent and transient arbitrary faults;
- the specification of a novel regeneration service that accommodates both planned and unplanned regenerations and that integrates with BFT protocols converted using the methodology defined in (2);
- the implementation of this regeneration service and of one or more converted BFT protocols;
- the evaluation of the security and availability of an intrusion-tolerant application in two scenarios: using classical BFT protocols and using the novel class of BFT protocols combined with the regeneration service.
Indication of project size at FCUL: 6 researchers Latest publications: ... ...
Project Title: SITAN
Services for Intrusion Tolerant Ad Hoc NetworksSponsoring body: FCT Project Number: ... Total award amount: ... Coordinator: ... Partners: ... Start Date: ... Duration: ... Keywords: ... Summary: ... ... Indication of project size at FCUL: Latest publications: ... ...
Project Title: TCLOUDS
Trustworthy Clouds: Privacy and Resilience for Internet-scale Critical Infrastructurehttp://www.tclouds-project.eu/ Sponsoring body: EU (FP7-ICT Integrated project) Project Number: 257243 Total award amount: 7.5M Euro Coordinator: Technikon Forschungs- und Planungsgesellschaft Partners: Technikon, IBM Research GmbH, Philips Electronics Nederland B.V., Sirrix AG, FCUL, ULD, University of Oxford, Politecnico di Torino, Friedrich-Alexander-Universität Erlangen-Nürnberg, Fondazione Centro San Raffaele Del Monte Tabor, EDP, UNU MERIT (University of Maastricht), EFACEC, TU Darmstadt Start Date: Oct 2010 Duration: 3 years Keywords: ... Summary: Trustworthy Clouds (TClouds) aims to build a prototype Internetscale ICT infrastructure which allows virtualized computing, network, and storage resources over the Internet to provide scalability and cost-efficiency. The following objectives contribute to achieving the overall goal: - Identifying and addressing the legal and business implications and opportunities of a widespread use of infrastructure clouds, contributing to building a regulatory framework for enabling resilient and privacy-enhanced cross-border infrastructure clouds.
- Defining an architecture and prototype for securing infrastructure clouds by providing security enhancements that can be deployed on top of commodity infrastructure clouds (as a cloudof-clouds) and assessing the resilience and privacy benefits of security extensions of existing clouds.
- Providing resilient middleware for adaptive security on the cloud-of-clouds. The TClouds platform will provide tolerance and adaptability to mitigate security incidents and unstable operating conditions for a range of applications running on such clouds-of-clouds.
To demonstrate TClouds, scientists will prototype two scenarios involving critical IT- systems: - A smart energy grid with Portugal’s leading energy and solution providers Energias de Portugal and EFACEC: TClouds will show how such energy-preserving systems can be migrated to a cloud infrastructure while increasing their resilience, privacy protection and tolerance against both hackers and hardware failures.
- A patient-centric home healthcare service with San Raffaele Hospital in Milano, Italy, will remotely monitor, diagnose and assist patients outside a hospital setting. TClouds will demonstrate how the quality of in-home healthcare can be improved cost-efficiently without reducing privacy.
Indication of project size at FCUL: Latest publications: ... ...
Project Title: TRONE
Trustworthy and Resilient Operations in a Network Environmenthttp://trone.di.fc.ul.pt/ Sponsoring body: FCT Project Number: ... Total award amount: ... Coordinator: ... Partners: FCUL, FCTUC, Carnegie Mellon University, PT Comunicações Start Date: Oct 2010 Duration: 3 years Keywords: ... Summary: The leading objective of TRONE is ensuring a seamless and dynamic enforcement of the dependability and security of network services in New Generation Networks. The project will focus on reducing hazards, both proactively, by increasing architecture robustness, and reactively, by improving the means for detection and recovery from anomalous situations like faults and attacks. It will investigate innovative ways to apply fault/failure diagnosis, detection and prevention/tolerance techniques, in symbiosis with automated or semi-automated reconfiguration and adaptation dynamics, in order to preserve stability of network operation against accidents or attacks. Indication of project size at FCUL: Latest publications: ... ...
Submenu
|