New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and hete...New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and heterogeneous optical network domains. This heterogeneity is, not only due to the diverse data transmission and switching technologies, but also due to the different options of control plane techniques. In light of this, the problem of heterogeneous control plane interworking needs to be solved, and in particular, the solution must address the specific issues of multi-domain networks, such as limited domain topology visibility, given the scalability and confidentiality constraints. In this article, some of the recent activities regarding the Software-Defined Networking(SDN) orchestration are reviewed to address such a multi-domain control plane interworking problem. Specifically, three different models, including the single SDN controller model, multiple SDN controllers in mesh, and multiple SDN controllers in a hierarchical setting, are presented for the DC interconnection network with multiple SDN/Open Flow domains or multiple Open Flow/Generalized Multi-Protocol Label Switching( GMPLS) heterogeneous domains. I n addition, two concrete implementations of the orchestration architectures are detailed, showing the overall feasibility and procedures of SDN orchestration for the end-to-endservice provisioning in multi-domain data center optical networks.展开更多
Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the...Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the security controls. However, defining enterprise-level security metrics has already been listed as one of the hard problems in the Info Sec Research Council's hard problems list. Almost all the efforts in defining absolute security metrics for the enterprise security have not been proved fruitful. At the same time, with the maturity of the security industry, there has been a continuous emphasis from the regulatory bodies on establishing measurable security metrics. This paper addresses this need and proposes a relative security metric model that derives three quantitative security metrics named Attack Resiliency Measure(ARM), Performance Improvement Factor(PIF), and Cost/Benefit Measure(CBM) for measuring the performance of the security controls. For the effectiveness evaluation of the proposed security metrics, we took the secure virtual machine(VM) migration protocol as the target of assessment. The virtual-ization technologies are rapidly changing the landscape of the computing world. Devising security metrics for virtualized environment is even more challenging. As secure virtual machine migration is an evolving area and no standard protocol is available specifically for secure VM migration. This paper took the secure virtual machine migration protocol as the target of assessment and applied the proposed relative security metric model for measuring the Attack Resiliency Measure, Performance Improvement Factor, and Cost/Benefit Measure of the secure VM migration protocol.展开更多
The paper proposes a conference control model between a web server and a telecom application server,referred to as the Conference Directed Graph(CDG) ,and describes an asynchronous communication mechanism between them...The paper proposes a conference control model between a web server and a telecom application server,referred to as the Conference Directed Graph(CDG) ,and describes an asynchronous communication mechanism between them. The Corba Interface Definition Language(IDL) interfaces are defined,and a message sequence chart is illustrated. This web conference control model provides conference users with a new approach to manage and control a conference and the participants. The performance of the system prototype is analyzed and verified in the 863 project named "The Multi-media and Mobile Services Enabled Soft-switch System".展开更多
An important task of Internet congestion control is inhibiting sporadic data flow to maintain a suitable window size or route queue length. Such a requirement is just consistent with the basic idea and function of a m...An important task of Internet congestion control is inhibiting sporadic data flow to maintain a suitable window size or route queue length. Such a requirement is just consistent with the basic idea and function of a moving average filter. In this paper one prior Internet congestion control model, named transmission control protocol (TCP)/random early detection (RED) stroboscopic model, is studied, and then one new scheme is proposed to enlarge its stable domain, where a simple moving average filter is introduced to inhibit sporadic data flow as possible. In the novel scheme the bifurcation phenomenon is postponed without any extra controller. The effectiveness of the new scheme is verified by theoretical analyses and numerical simulations.展开更多
文摘New and emerging use cases, such as the interconnection of geographically distributed data centers(DCs), are drawing attention to the requirement for dynamic end-to-end service provisioning, spanning multiple and heterogeneous optical network domains. This heterogeneity is, not only due to the diverse data transmission and switching technologies, but also due to the different options of control plane techniques. In light of this, the problem of heterogeneous control plane interworking needs to be solved, and in particular, the solution must address the specific issues of multi-domain networks, such as limited domain topology visibility, given the scalability and confidentiality constraints. In this article, some of the recent activities regarding the Software-Defined Networking(SDN) orchestration are reviewed to address such a multi-domain control plane interworking problem. Specifically, three different models, including the single SDN controller model, multiple SDN controllers in mesh, and multiple SDN controllers in a hierarchical setting, are presented for the DC interconnection network with multiple SDN/Open Flow domains or multiple Open Flow/Generalized Multi-Protocol Label Switching( GMPLS) heterogeneous domains. I n addition, two concrete implementations of the orchestration architectures are detailed, showing the overall feasibility and procedures of SDN orchestration for the end-to-endservice provisioning in multi-domain data center optical networks.
文摘Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the security controls. However, defining enterprise-level security metrics has already been listed as one of the hard problems in the Info Sec Research Council's hard problems list. Almost all the efforts in defining absolute security metrics for the enterprise security have not been proved fruitful. At the same time, with the maturity of the security industry, there has been a continuous emphasis from the regulatory bodies on establishing measurable security metrics. This paper addresses this need and proposes a relative security metric model that derives three quantitative security metrics named Attack Resiliency Measure(ARM), Performance Improvement Factor(PIF), and Cost/Benefit Measure(CBM) for measuring the performance of the security controls. For the effectiveness evaluation of the proposed security metrics, we took the secure virtual machine(VM) migration protocol as the target of assessment. The virtual-ization technologies are rapidly changing the landscape of the computing world. Devising security metrics for virtualized environment is even more challenging. As secure virtual machine migration is an evolving area and no standard protocol is available specifically for secure VM migration. This paper took the secure virtual machine migration protocol as the target of assessment and applied the proposed relative security metric model for measuring the Attack Resiliency Measure, Performance Improvement Factor, and Cost/Benefit Measure of the secure VM migration protocol.
基金the National High-Tech Research and De-velopment Plan of China (No.2001AA121021)the Na-tional Research Foundation for the Doctoral Program of Higher Education of China (No.20020013004)+2 种基金the Na-tional Grand Fundamental Research 973 Program of China (No.2003CB314806)the National Natural Science Foundation for Distinguished Young Scholars of China (No.60125101)the Cheung Kong Scholar’s Program and the Promotion Project for Creative Teams of the Ministry of Education (Networking Theory and Tech-nology in Telecommunication) (No.IRT0410).
文摘The paper proposes a conference control model between a web server and a telecom application server,referred to as the Conference Directed Graph(CDG) ,and describes an asynchronous communication mechanism between them. The Corba Interface Definition Language(IDL) interfaces are defined,and a message sequence chart is illustrated. This web conference control model provides conference users with a new approach to manage and control a conference and the participants. The performance of the system prototype is analyzed and verified in the 863 project named "The Multi-media and Mobile Services Enabled Soft-switch System".
基金the National Natural Science Foundation of China (No. 70571017)the Research Foundation from Provincial Education Department of Zhejiang of China (No. 20070928)
文摘An important task of Internet congestion control is inhibiting sporadic data flow to maintain a suitable window size or route queue length. Such a requirement is just consistent with the basic idea and function of a moving average filter. In this paper one prior Internet congestion control model, named transmission control protocol (TCP)/random early detection (RED) stroboscopic model, is studied, and then one new scheme is proposed to enlarge its stable domain, where a simple moving average filter is introduced to inhibit sporadic data flow as possible. In the novel scheme the bifurcation phenomenon is postponed without any extra controller. The effectiveness of the new scheme is verified by theoretical analyses and numerical simulations.
