Scheduled System Maintenance on May 29th, 2015:
IEEE Xplore will be upgraded between 11:00 AM and 10:00 PM EDT. During this time there may be intermittent impact on performance. We apologize for any inconvenience.
By Topic

Network and Service Management, IEEE Transactions on

Issue 4 • Date December 2010

Filter Results

Displaying Results 1 - 9 of 9
  • Table of contents

    Publication Year: 2010 , Page(s): c1
    Save to Project icon | Request Permissions | PDF file iconPDF (33 KB)  
    Freely Available from IEEE
  • Farewell Message

    Publication Year: 2010 , Page(s): 200 - 203
    Save to Project icon | Request Permissions | PDF file iconPDF (115 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • A Distributed Probabilistic Commitment Control Algorithm for Service-Oriented Systems

    Publication Year: 2010 , Page(s): 204 - 217
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (412 KB) |  | HTML iconHTML  

    Application creation through service composition is a cornerstone for several architectures including Service-Oriented Architecture. As the number and diversity of applications created based on this paradigm increase, the need for guaranteeing quality of service becomes more important. In this paper, we present a distributed algorithm for guaranteeing a specified level of application completion probability. The algorithm is designed to control service commitments in both queue-less and queue-enabled service-oriented systems. The algorithm does not assume a specific distribution type for service execution times and application request inter-arrival times, and hence is suitable for systems with stationary or non-stationary request arrivals. We show that the proposed distributed algorithm achieves its performance objectives for both queue-less and queue-enabled service oriented systems. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Passive Solution to the Memory Resource Discovery Problem in Computational Clusters

    Publication Year: 2010 , Page(s): 218 - 230
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1641 KB) |  | HTML iconHTML  

    Resource discovery is an important problem in distributed computing, because the throughput of the system is directly linked to its ability to quickly locate available resources. Current solutions are undesirable for discovering resources in large computational clusters because they are intrusive, chatty (i.e., have per-node overhead), or maintenance-intensive. In this paper, we present a novel method that offers the ability to non-intrusively identify resources that have available memory; this is critical for memory-intensive cluster applications such as weather forecasting and computational chemistry. The prime benefits are fourfold: (1) low message complexity, (2) scalability, (3) load balancing, and (4) low maintainability. We demonstrate the feasibility of our method with experiments using a 50-node test-bed (DETERlab). Our technique allows us to establish a correlation between memory load and the timely response of network traffic from a node. Results show that our method can accurately (92%-100%) identify nodes with available memory through analysis of existing network traffic, including network traffic that has passed through a switch (non-congested). View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Policy Based Security Analysis in Enterprise Networks: A Formal Approach

    Publication Year: 2010 , Page(s): 231 - 243
    Cited by:  Papers (6)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (405 KB) |  | HTML iconHTML  

    In a typical enterprise network, there are several sub-networks or network zones corresponding to different departments or sections of the organization. These zones are interconnected through set of Layer-3 network devices (or routers). The service accesses within the zones and also with the external network (e.g., Internet) are usually governed by a enterprise-wide security policy. This policy is implemented through appropriate set of access control lists (ACL rules) distributed across various network interfaces of the enterprise network. Such networks faces two major security challenges, (i) conflict free representation of the security policy, and (ii) correct implementation of the policy through distributed ACL rules. This work presents a formal verification framework to analyze the security implementations in an enterprise network with respect to the organizational security policy. It generates conflict-free policy model from the enterprise-wide security policy and then formally verifies the distributed ACL implementations with respect to the conflict-free policy model. The complexity in the verification process arises from extensive use of temporal service access rules and presence of hidden service access paths in the networks. The proposed framework incorporates formal modeling of conflict-free policy specification and distributed ACL implementation in the network and finally deploys Boolean satisfiability (SAT) based verification procedure to check the conformation between the policy and implementation models. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Machine Learning Techniques for Passive Network Inventory

    Publication Year: 2010 , Page(s): 244 - 257
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1876 KB) |  | HTML iconHTML  

    Being able to fingerprint devices and services, i.e., remotely identify running code, is a powerful service for both security assessment and inventory management. This paper describes two novel fingerprinting techniques supported by isomorphic based distances which are adapted for measuring the similarity between two syntactic trees. The first method leverages the support vector machines paradigm and requires a learning stage. The second method operates in an unsupervised manner thanks to a new classification algorithm derived from the ROCK and QROCK algorithms. It provides an efficient and accurate classification. We highlight the use of such classification techniques for identifying the remote running applications. The approaches are validated through extensive experimentations on SIP (Session Initiation Protocol) for evaluating the impact of the different parameters and identifying the best configuration before applying the techniques to network traces collected by a real operator. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Hierarchical Identity Based Key Management Scheme in Tactical Mobile Ad Hoc Networks

    Publication Year: 2010 , Page(s): 258 - 267
    Cited by:  Papers (10)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (296 KB) |  | HTML iconHTML  

    Hierarchical key management schemes would serve well for military applications where the organization of the network is already hierarchical in nature. Most of the existing key management schemes concentrate only on network structures and key allocation algorithms, ignoring attributes of the nodes themselves. Due to the distributed and dynamic nature of MANETs, it is possible to show that there is a security benefit to be attained when the node states are considered in the process of constructing a private key generator (PKG). In this paper, we propose a distributed hierarchical key management scheme in which nodes can get their keys updated either from their parent nodes or a threshold of sibling nodes. The dynamic node selection process is formulated as a stochastic problem and the proposed scheme can select the best nodes to be used as PKGs from all available ones considering their security conditions and energy states. Simulation results show that the proposed scheme can decrease network compromising probability and increase network lifetime in tactical MANETs. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Biologically Inspired Anomaly Detection and Security Control Frameworks for Complex Heterogeneous Networks

    Publication Year: 2010 , Page(s): 268 - 281
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (632 KB) |  | HTML iconHTML  

    The demand for anytime, anywhere, anyhow communications in future generation networks necessitates a paradigm shift from independent network services into a more harmonized system. This vision can be accomplished by integrating the existing and emerging access networks via a common Internet Protocol (IP) based platform. Nevertheless, owing to the inter-worked infrastructure, a malicious security threat in such a heterogeneous network is no more confined to its originating network domain, but can easily be propagated to other access networks. To address these security concerns, this paper proposes a biologically inspired security framework that governs the cooperation among network entities to identify security attacks, to perform security updates, and to inhibit attacks propagation in the heterogeneous network. The proposed framework incorporates two principal security components, in the form of anomaly detection framework and security control framework. Several plausible principles from two fields of biology, in particular the human immune system (HIS) and epidemiology have been adopted into the proposed security framework. Performance evaluation demonstrates the efficiency of the proposed biologically inspired security framework in detecting malicious anomalies such as denial-of-service (DoS), distributed DoS (DDoS), and worms, as well as restricting their propagations in the heterogeneous network. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Balancing Request Denial Probability and Latency in an Agent-Based VPN Architecture

    Publication Year: 2010 , Page(s): 282 - 295
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (556 KB) |  | HTML iconHTML  

    Agent-based virtual private networks architecture (ABVA) refers to the environment where a third-party provider runs and administers remote access virtual private network (VPN) service for organizations that do not want to maintain their own in-house VPN servers. In this paper, we consider the problem of optimally connecting users of an organization to VPN server locations in an ABVA environment so that request denial probability and latency are balanced. A user request needs a certain bandwidth between the user and the VPN server. The VPN server may deny requests when the bandwidth is insufficient (capacity limitation). At the same time, the latency perceived by a user from its current location to a VPN server is an important consideration. We present a number of schemes regarding how VPN servers are to be selected and the number of servers to be tried so that request denial probability is minimized without unduly affecting latency. These schemes are studied on a number of different topologies. For our study, we consider Poisson and non-Poisson arrival of requests under both finite and infinite population models to understand the impact on the entire system. We found that the arrival processes have a significant and consistent impact on the request denial probability and the impact on the latency is dependent on the traffic load in the infinite model. In the finite model, arrival processes have an inconsistent impact to the request denial probability. As to the latency in the finite model, arrivals that have a squared co-efficient of variation less than one is consistently largest, followed by the Poisson case, then the case that the squared co-efficient of variation is more than one. Finally, a strength of this work is the comparison of infinite and finite models; we found that a mismatch between the infinite and the finite model is dependent both on the number of users in the system and the load. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.

Aims & Scope

IEEE Transactions on Network and Service Management will publish (online only) peerreviewed archival quality papers that advance the state-of-the-art and practical applications of network and service management.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief

Rolf Stadler
Laboratory for Communication Networks
KTH Royal Institute of Technology
Stockholm
Sweden
stadler@kth.se