A Situation-Aware Information Infrastructure

Lead Research Organisation: Lancaster University
Department Name: Computing & Communications

Abstract

Resilience is a vital property of communications systems and unified ICT environments, and is achieved mainly by infrastructural redundancy, and static security and network control (e.g., through multipath routing protocols, signature-based intrusion detection systems). This results in mostly monolithic solutions that are service and location-specific, and they protect the infrastructure against a static and well-defined set of threats. However, current approaches do not incorporate, nor do they take advantage of, the wealth of spatio-temporal information available in today's ICT environments, such as sensing, logs, packet data, or external global media feeds. Such diverse data and information sources from heterogeneous environments unified over ICT infrastructures can be exploited to create situation awareness, and can help protect the infrastructure from a range of dynamic and emerging adversarial events (e.g., from new types of failures due to complexity and centralisation, to denial of service attacks and natural disasters) that current static approaches fail to provide [1][2][3].
At the same time, today's ICT environments are evolving as crucial, mission-critical socio-economic systems, and their optimal performance depends on adaptive and intelligent schemes to ensure resilient operation at the onset of legitimate or malicious adversarial events. In order to realise this aim, there needs to be a suitable instrumentation, measurement, analysis, and control infrastructure that will operate natively with, and add intelligence to, the unified networked environment.

In this project, we propose to design and develop a generic, resilient and adaptive situation-aware information infrastructure that would predict and confront the broad range of challenges faced by the network. We aim to provide novel and practical mechanisms that will enable a deeper understanding of the dynamic and non-stationary evolution of mission-critical systems through harnessing 'big data' sets of relevant internal (monitored) and external (global media feeds) spatio-temporal information - what we call 'context'. Our mechanisms will be incorporated as a protocol suite within a Software-Defined architecture, integrated as a native component in (future) computer networks design. This project is not simply aiming at integrating off-the-shelf solutions into a unified scheme, but rather to revisit the resilience challenge in mission-critical ICT environments and contribute new solutions to the information processing, algorithmic, networking and systems aspects of such undertakings.

The research will be carried out over two years jointly at the Universities of Lancaster and Glasgow, involving investigators with a wide range of expertise (from resilient and autonomic communications, through network instrumentation and management, to information retrieval) and in collaboration with a number of leading industrial partners in the areas of safety-critical systems (NATS), industrial control networks (EADS-IW), and hardware-accelerated custom computation products (Solarflare). This consortium will ensure delivery of excellent research results with direct industrial applicability and transformative effects on future intelligent mission-critical infrastructures.


[1]. Windows Azure service interruption:
http://blogs.msdn.com/b/windowsazure/archive/2012/08/02/root-cause-analysis-for-recent-windows-azure-service-interruption-in-western-europe.aspx
[2]. Air Traffic Management system malfunction at Dublin Airport:
http://www.computerworld.com/s/article/9110319/Dublin_Airport_radar_system_brought_down_by_faulty_network_card
[3]. Power outage hits London Data Centre:
http://www.theregister.co.uk/2012/07/10/data_centre_power_cut/

Planned Impact

This project has excellent potential for significant direct and indirect impact for a range of beneficiaries. This is already partly evident from the explicit interest and contributions offered by our four leading industrial partners, namely EADS-IW, NATS, Solarflare and JANET that are offering significant resources and data to tackle the objectives of this work.

We will also participate in appropriate standardization activities with ENISA and organize workshops co-located with prestigious conferences such as ACM SIGCOMM, ACM SIGIR and IEEE INFOCOM. Apart from aiming to publish in these conferences we will also target major events such as IFIP/IEEE IM, IFIP/IEEE NOMS, and high-profile journals such ACM/IEEE Transaction in Networking, i.e we are also aiming for high impact in the scientific domain alongside industrial and societal impact.

Directly, the outcomes of this work will have immediate and longer-term impact for the following beneficiaries:

Mission-critical infrastructure and service providers - The situation-aware information infrastructure that will result from this work, integrated with next generation networking architectures, will significantly improve the resilience, adaptability and seamless operation of future unified ICT environments at the onset of adversarial events. Results from this work will increase service predictability and dependability and will have a direct positive impact on return on investment.

Hardware and network equipment vendors - Results from this work will provide new insights in the instrumentation, measurement, and analysis support that will need to be provided natively and at very high-speeds by future resilient and situation-aware infrastructures. We will produce prototype hardware-accelerated processing modules that equipment vendors can then optimize and incorporate into their future platforms. ASIC, FPGA, and switch/router equipment vendors (e.g., Cisco, HP, Juniper) are particularly likely to benefit.

Software-Defined Networking (SDN) vendors - This work will provide a new suite of situation-aware protocols that will operate as part of a framework for fast and flexible, programmable service deployment in short timescales. We will extend the current SDN model to provide for increased distributed intelligence alongside the centralised abstraction of the network control plane. SDN and Openflow software and equipment vendors will benefit from this extended functionality.


Security solutions providers - The proposed work will develop novel online anomaly and intrusion detection algorithms that will harness both operational data and external information sources of input in order to detect, identify and remediate threats to the infrastructures. This will shed new light on combinatorial information processing and potentially to novel patterns of abnormal system-wide behaviour. Security software warehouses and security assessment companies will particularly benefit from these outcomes.

Information retrieval and filtering software providers - The parallel processing of global public content sources to extract information relevant to particular infrastructures while simultaneously creating notions of locality, time, and incident context, will shed new light on processing high-volume, high velocity, and high-noise information feeds.

Indirectly, the following will benefit:

Users - The provision of native resilience mechanisms will benefit the many users who are increasingly using shared infrastructures, and will indirectly facilitate IT-as-a-Utility by making infrastructures more dependable.

The RAs working on this project will develop unique research and development skills in cutting-edge networking, machine learning, and information retrieval and filtering technologies, while working closely with leading industry providers.

Publications

10 25 50
publication icon
Cui L (2017) PLAN: Joint Policy- and Network-Aware VM Management for Cloud Data Centers in IEEE Transactions on Parallel and Distributed Systems

publication icon
Cziva R (2016) SDN-Based Virtual Machine Management for Cloud Data Centers in IEEE Transactions on Network and Service Management

publication icon
Knowles W (2015) A survey of cyber security management in industrial control systems in International Journal of Critical Infrastructure Protection

publication icon
Shirazi N (2015) A framework for resilience management in the cloud in e & i Elektrotechnik und Informationstechnik

publication icon
Simpson S (2018) An Inter-Domain Collaboration Scheme to Remedy DDoS Attacks in Computer Networks in IEEE Transactions on Network and Service Management

 
Description The grant is proceeding well, and is in its final phase -- reporting on findings will be done in due course.
Exploitation Route We are discussing engagement with ENISA, the European Network and Information Security Agency, to promote our results as well as the new discipline of resilience.

This is in addition to working with our industry use case partners, with GCHQ, and the UK Academic Resilience Forum.

Most recently, we have established a broader technical liaison with JISC/JANET under a NDA.
Sectors Aerospace, Defence and Marine,Digital/Communication/Information Technologies (including Software),Energy,Environment,Financial Services, and Management Consultancy,Healthcare,Manufacturing, including Industrial Biotechology,Security and Diplomacy,Transport

 
Description We have used the work to contribute to a study of resilient systems following the recent floods and consequent disruption of the electricity supply in the Lancaster area. One of the academics also spoke at a breakfast meeting in London at the Houses of Parliament, on research in resilient systems. Our work has enabled further discussion with AIT in Vienna about future testbeds and research on resilient systems enabled by situational awareness. The case study with JISC/JANET has yielded interesting new technical directions.
First Year Of Impact 2016
Sector Digital/Communication/Information Technologies (including Software),Energy,Environment
Impact Types Cultural,Societal,Policy & public services

 
Description COST
Amount € 100,000 (EUR)
Funding ID CA15127 
Organisation European Cooperation in Science and Technology (COST) 
Sector Public
Country European Union (EU)
Start 03/2016 
End 02/2020
 
Description Resilient and energy-aware computer networks 
Organisation University of Leeds
Department Faculty of Medicine and Health
Country United Kingdom 
Sector Academic/University 
PI Contribution Working with University of Leeds (Professor Jaafar Elmirghani), we have spent a large amount of academic time on the collaboration -- contributing mainly expertise, intellectual input and also access to the testbeds at Lancaster University's InfoLab21.
Collaborator Contribution Professor Elmirghani led the EPSRC funded INTERNET Programme Grant; I was an adviser on the project. Later, we teamed up on a new research proposal, which we are currently preparing -- including work with industrial partners.
Impact None yet -- awaiting funding ...
Start Year 2015
 
Description Resilient and secure systems 
Organisation Austrian Institute of Technology
Country Austria 
Sector Private 
PI Contribution We provide consultancy and know-how in resilient systems design
Collaborator Contribution They provide real-world examples of problems, and contacts with industry partners
Impact Several so far, including publications and two international, collaborative workshops -- one held in Germany on flexible networked systems and the other in Austria on Critical Infrastructures Protection
Start Year 2013
 
Description Situational awareness for resilient systems 
Organisation University of Glasgow
Country United Kingdom 
Sector Academic/University 
PI Contribution We are providing the know-how on resilient computer networks management
Collaborator Contribution They are providing data science inputs and know-how.
Impact Multi-disciplinary within the general field of computer science; but also people and organisational issues. This project has only recently started ...
Start Year 2015