Dependable systems: performance, security and reliability

Research focus

The Peer review has evaluated this group as Good

Business enterprises, government institutions and private individuals rely upon computer systems and networks that integrate digital devices with complex software and network infrastructures. These systems must deliver dependable services that satisfy performance requirements, ensure security features like confidentiality, authorization and others, and are resilient to malicious attacks and accidental faults. All these dependability features impact at system level and require appropriate design techniques, and experimentation and evaluation at hardware and software level. The focus of the group includes research into foundations, methodologies and models for jointly designing, evaluating and optimizing dependable systems. A more detailed list of topics follows. Performance The research group works on theoretical and practical aspects related to performance in several computer system application areas, such as: computer systems, distributed and parallel systems, IPTV and VOIP infrastructures, virtualized environments. - Queuing network models are widely adopted as a powerful tool for modeling, tuning, evaluating and predicting the performance of traditional computing systems. In such systems, device bottlenecks, at disk or CPU level, are familiar in performance analysis and are easy to identify, because the bottleneck becomes saturated, while other devices do not. However, the rapid increase in size and complexity of modern computing systems introduces new types of bottlenecks (e.g., buffer space, critical sections, locking of data, blocking of processes, task pools), which are more complex to analyze and detect because they typically involve several resources. The focus of the research is on finding extensions to the basic queuing theory that account for the increasing complexity of emerging computing systems. The models should be able to deal with a wide range of new performance critical requirements, such as admission control mechanisms, service-level requirements, virtualization and consolidation strategies. Security System security has been investigated mainly in the direction of network and data protection against unauthorized access and manipulation. - Traditional intrusion detection systems, based on pattern matching and static signatures, are increasingly limited by their need of an up-to-date and comprehensive knowledge base. The focus of the research is on intrusion detection systems that use innovative architectures and algorithms, such as data mining techniques applied on raw network data, to overcome these problems. - Cryptographic systems and algorithms have evolved considerably in the last years to a long list of viable solutions, like AES, Elliptic Curve Cryptosystems (ECC), Identification Base Cryptography (IBE), and others. Many of such systems are computationally very intensive and require a careful implementation to be effective, especially for platforms with low computing power, but also for high-end network servers. The focus of the research is on the hardware and software efficient implementation of innovative cryptographic algorithms like AES, ECC and IBE systems. Classical design techniques are extended and adapted for cryptographic algorithms, taking into account parallel HW solutions or SW implementations on parallel innovative platforms. - The field of side-channel attacks (timing, power or fault-based attack) to cryptographic devices is also quickly evolving, due to the diffusion of cryptography in the low-end and mobile systems. Defeating side-channel attacks requires the simultaneous use of a wide set of countermeasures in the device to be protected. The focus of the research is on the investigation of some side-channel attack techniques for threatening cryptographic devices, in particular those based on 121 the malicious injection of faults, which may cause information leakage and eventually allow the secret key to be extracted form the device itself. Extensions to classical differential cryptanalysys techniques have been studied and the classical solutions based on the use of fault diagnosis codes (which normally are designed for reliability purposes, not for security ones) have been extended to work also for protecting cryptographic devices against attacks based on the malicious injection of faults. Reliability The detection of service failures is of paramount importance for assessing the quality of service in distributed systems and communication networks. - Despite reliability analysis techniques have been studied for long time, they have recently acquired more importance because of the significant economic losses that may derive from service unavailability. Unfortunately, the increasing size of enterprise computing infrastructures, which may be composed by thousands of servers interconnected through large networks, makes it very difficult to manually collect, process and analyze reliability data. The focus of the research is on the development of automatic techniques for the accurate reliability assessment of large networks and data-centres.

Dipartimento di afferenza

Dipartimento di Elettronica e Informazione (DEI)

Docenti afferenti

Giuseppe Serazzi (full professor)
Anna Antola (associate professor)
Luca Breveglieri (associate professor)
Paolo Cremonesi (associate professor)