The objectives of this survey are to provide an in-depth coverage of a few selected research papers that have made significant contributions to the development of Network Function Virtualization (NFV), and to provide readers insights into the key advantages and disadvantages of NFV and Software Defined Networks (SDN) when compared to traditional networks. The research papers covered are classified into four categories: NFV Infrastructure (NFVI), Network Functions (NFs), Management And Network Orchestration (MANO), and service chaining. The NFVI papers describe “framework” software that implement common functions, such as dynamic scaling and load balancing, required by NF developers. Papers on NFs are classified as offering solutions for software switches or middleboxes. MANO papers covered in this survey are primarily on resource allocation (virtual network embedding), which is an orchestrator function. Finally, service chaining papers that offer examples and extensions are reviewed. Our conclusions are that with the current level of investment in NFV from cloud and Internet service providers, the promised cost savings are likely to be realized, though many challenges remain.

With the in-depth development of service computing, it has become clear that when constructing service applications in an open dynamic network environment, greater attention must be paid to trustworthiness under the premise of functions' realization. Trustworthy computing requires theories for business process modeling in terms of both behavior and trustworthiness. In this paper, a calculus for ensuring the satisfaction of trustworthiness requirements in service-oriented systems is proposed. We investigate a calculus called QPi, for representing both the behavior and the trustworthiness property of concurrent systems. QPi is the combination of pi-calculus and a constraint semiring, which has a feature when problems with multi-dimensional properties must be tackled. The concept of the quantified bisimulation of processes provides us a measure of the degree of equivalence of processes based on the bisimulation distance. The QPi related properties of bisimulation and bisimilarity are also discussed. A specific modeling example is given to illustrate the effectiveness of the algebraic method.

This paper presents past and recent trends of optical networks and addresses the future directions. First, we describe path networks with the historical backgrounds and trends. path networks have advanced by using various multiplexing technologies. They include time-division multiplexing (TDM), asynchronous transfer mode (ATM), and wavelength-division multiplexing (WDM). ATM was later succeeded to multi-protocol label switching (MPLS). Second, we present generalized MPLS technologies (GMPLS). In GMPLS, the label concept of MPLS is extended to other labels used in TDM, WDM, and fiber networks. GMPLS enables network operators to serve networks deployed by different technologies with a common protocol suite of GMPLS. Third, we describe multi-layer traffic engineering and a path computation element (PCE). Multi-layer traffic engineering designs and controls networks considering resource usages of more than one layer. This leads to use network resources more efficiently than the single-layer traffic engineering adopted independently for each layer. PCE is defined as a network element that computes paths, which are used for traffic engineering. Then, we address software-defined networks, which put the designed network functions into the programmable data plane by way of the management plane. We describe the evaluation from GMPLS to software defined networking (SDN) and transport SDN. Fifth, we describe the advanced devices and switches for optical networks. Finally, we address advances in networking technologies and future directions on optical networking.

Software-based error detection techniques, which includes error detection mechanism (EDM) transformation, are used for error localization in post-silicon validation. This paper evaluates the performance of EDM for timing error localization with a noise-aware logic simulator and 65-nm test chips assuming the following two EDM usage scenarios; (1) localizing a timing error occurred in the original program, and (2) localizing as many potential timing errors as possible. Simulation results show that the EDM transformation customized for quick error detection cannot locate electrical timing errors in the original program in the first scenario, but it detects 86% of non-masked errors potential bugs in the second scenario, which mean the EDM performance of detecting electrical timing errors affecting execution results is high. Hardware measurement results show that the EDM detects 25% of original timing errors and 56% of non-masked errors. Here, these hardware measurement results are not consistent with the simulation results. To investigate the reason, we focus on the following two differences between hardware and simulation; (1) design of power distribution network, and (2) definition of timing error occurrence frequency. We update the simulation setup for filling the difference and re-execute the simulation. We confirm that the simulation and the chip measurement results are consistent.

Focused on network reconnaissance, eavesdropping, and DoS attacks caused by static routing policies, this paper designs a random routing mutation architecture based on the OpenFlow protocol, which takes advantages of the global network view and centralized control in a software-defined network. An entropy matrix of network traffic characteristics is constructed by using volume measurements and characteristic measurements of network traffic. Random routing mutation is triggered according to the result of network anomaly detection, which using a wavelet transform and principal component analysis to handle the above entropy matrix for both spatial and temporal correlations. The generation of a random routing path is specified as a 0-1 knapsack problem, which is calculated using an improved ant colony algorithm. Theoretical analysis and simulation results show that the proposed method not only increases the difficulty of network reconnaissance and eavesdropping but also reduces the impact of DoS attacks on the normal communication in an SDN network.

For IP-based mobile networks, efficient mobility management is vital to provision seamless online service. IP address starvation and scalability issue constrain the wide deployment of existing mobility schemes, such as Mobile IP, Proxy Mobile IP, and their derivations. Most of the studies focus on the scenario of mobility among public networks. However, most of current networks, such as home networks, sensor networks, and enterprise networks, are deployed with private networks hard to apply mobility solutions. With the rapid development, Software Defined Networking (SDN) offers the opportunity of innovation to support mobility in private network schemes. In this paper, a novel mobility management scheme is presented to support mobile node moving from public network to private network in a seamless handover procedure. The centralized control manner and flexible flow management in SDN are utilized to provide network-based mobility support with better QoS guarantee. Benefiting from SDN/OpenFlow technology, complex handover process is simplified with fewer message exchanges. Furthermore, handover efficiency can be improved in terms of delay and overhead reduction, scalability, and security. Analytical analysis and implementation results showed a better performance than mobile IP in terms of latency and throughput variation.

Class imbalance has drawn much attention of researchers in software defect prediction. In practice, the performance of defect prediction models may be affected by the class imbalance problem. In this paper, we present an approach to evaluating the performance stability of defect prediction models on imbalanced datasets. First, random sampling is applied to convert the original imbalanced dataset into a set of new datasets with different levels of imbalance ratio. Second, typical prediction models are selected to make predictions on these new constructed datasets, and Coefficient of Variation (C·V) is used to evaluate the performance stability of different models. Finally, an empirical study is designed to evaluate the performance stability of six prediction models, which are widely used in software defect prediction. The results show that the performance of C4.5 is unstable on imbalanced datasets, and the performance of Naive Bayes and Random Forest are more stable than other models.

Packages are re-usable components for faster and effective software maintenance. To promote the re-use in object-oriented systems and maintenance tasks easier, packages should be organized to depict compact design. Therefore, understanding and assessing package organization is primordial for maintenance tasks like Re-usability and Changeability. We believe that additional investigations of prevalent basic design principles such as defined by R.C. Martin are required to explore different aspects of package organization. In this study, we propose package-organization framework based on reachable components that measures re-usability index. Package re-usability index measures common effect of change taking place over dependent elements of a package in an object-oriented design paradigm. A detailed quality assessment on different versions of open source software systems is presented which evaluates capability of the proposed package re-usability index and other traditional package-level metrics to predict fault-proneness in software. The experimental study shows that proposed index captures different aspects of package-design which can be practically integrated with best practices of software development. Furthermore, the results provide insights on organization of feasible software design to counter potential faults appearing due to complex package dependencies.

Research on intrusion-tolerant systems (ITSs) is being conducted to protect critical systems which provide useful information services. To provide services reliably, these critical systems must not have even a single point of failure (SPOF). Therefore, most ITSs employ redundant components to eliminate the SPOF problem and improve system reliability. However, systems that include identical components have common vulnerabilities that can be exploited to attack the servers. Attackers prefer to exploit these common vulnerabilities rather than general vulnerabilities because the former might provide an opportunity to compromise several servers. In this study, we analyze software vulnerability data from the National Vulnerability Database (NVD). Based on the analysis results, we present a scheme that finds software combinations that minimize the risk of common vulnerabilities. We implement this scheme with CSIM20, and simulation results prove that the proposed scheme is appropriate for a recovery-based intrusion tolerant architecture.

Return-oriented programming (ROP) attacks, which have been increasing in number recently, are an exploitation technique that can bypass non-executable page protection methods by using codes that exist within benign programs or modules. There have been many studies on defense against ROP attacks, but most of them have high overhead or high time complexity in terms of the detection of gadgets. In this letter, we suggest an ROP defense technique which is fast, space-efficient, and of lower detection time complexity; it uses a compiler-based approach. The most recent ROP defense technique is a compiler-based zero-sum defender suggested by Kim et al., achieving very low overhead. However, it still did not solve the issue of time complexity regarding detection. Our technique performs a specific computation to identify gadgets at the resetting position immediately before and after a return instruction. This method can efficiently identify a series of gadgets performed without calls and defend against them. In our experiment, the performance overhead was 1.62% and the file size overhead was 4.60%; our proposed technique achieved O(1) in terms of time complexity while having almost the same overhead as the zero-sum defender.

DDoS remains a major threat to Software Defined Networks. To keep SDN secure, effective detection techniques for DDoS are indispensable. Most of the newly proposed schemes for detecting such attacks on SDN make the SDN controller act as the IDS or the central server of a collaborative IDS. The controller consequently becomes a target of the attacks and a heavy loaded point of collecting traffic. A collaborative intrusion detection system is proposed in this paper without the need for the controller to play a central role. It is deployed as a modified artificial neural network distributed over the entire substrate of SDN. It disperses its computation power over the network that requires every participating switch to perform like a neuron. The system is robust without individual targets and has a global view on a large-scale distributed attack without aggregating traffic over the network. Emulation results demonstrate its effectiveness.

Finding software vulnerabilities in source code before the program gets deployed is crucial to ensure the software quality. Existing source code auditing tools for vulnerability detection generate too many false positives, and only limited types of vulnerability can be detected automatically. In this paper, we propose an extendable mechanism to reveal vulnerabilities in source code with low false positives by specifying security requirements and detecting requirement violations of the potential vulnerable sinks. The experimental results show that the proposed mechanism can detect vulnerabilities with zero false positives and indicate the extendability of the mechanism to cover more types of vulnerabilities.

We have developed software that uses the R statistics software environment to automatically generate tactile graphs — i.e. graphs that can be read by blind people using their sense of touch. We released this software as a Web application to make it available to anyone, from anywhere. This Web application can automatically generate images for tactile graphs from numerical data in a CSV file. It is currently able to generate four types of graph — scatter plots, line graphs, bar charts and pie charts. This paper describes the Web application's functions, operating procedures and the results of evaluation experiments.

SDN (Software-Defined Networking) enables software applications to program individual network devices dynamically and therefore control the behavior of the network as a whole. Incomplete programming and/or inconsistency with the network policy of SDN software applications may lead to verification issues. The objective of this paper is to describe the formal modeling that uses the process algebra called pACSR and then suggest a method to verify the firewall application running on top of the SDN controller. The firewall rules are translated into a pACSR process which acts as the specification, and packet's behaviors in SDN are also translated to a pACSR process which is a role as the implementation. Then we prove the correctness by checking whether the parallel composition of two pACSR processes is deadlock-free. Moreover, in the case of network topology changes, our verification can be directly applied to check whether any mismatches or inconsistencies will occur.

The goal of software testing should go beyond simply finding defects. Ultimately, testing should be focused on increasing customer satisfaction. Defects that are detected in areas of the software that the customers are especially interested in can cause more customer dissatisfaction. If these defects accumulate, they can cause the software to be shunned in the marketplace. Therefore, it is important to focus on reducing defects in areas that customers consider valuable. This article proposes a value-driven V-model (V2 model) that deals with customer values and reflects them in the test design for increasing customer satisfaction and raising test efficiency.

Software defined networking (SDN) and OpenFlow, which enables the abstraction of vendor/technology-specific attributes, improve the control and management flexibility of optical transport networks. In this paper, we present an interoperability demonstration of SDN/OpenFlow-based optical path control for multi-domain/multi-technology optical transport networks. We also summarize the abstraction approaches proposed for multi-technology network integration at SDN controllers.

Named Data Networking (NDN) has emerged as an alternative to traditional IP-based networking for the achievement of Information-Centric Networking (ICN). Currently, most NDN is deployed over IP networks, but such an overlay deployment increases the transport network overhead due to the use of dual network control planes (NDN routing and IP routing). Software-Defined Networking (SDN) can be used to mitigate the network overhead by forwarding NDN packets without the use of IP routing. However, to deploy NDN over SDN, a variable NDN content name needs to be mapped to a fixed-size match field in an OpenFlow switch flow table. For efficient support of such a mapping task, we propose a new architecture that uses dual name for content: content name and Name Tag. The Name Tag is derived from the corresponding content name and is a legitimate IPv6 address. By using the proposed Name Tag, the SDN with an NDN control application can transport an IPv6 packet that encapsulates an NDN packet for an NDN name-based routing. We emulate the proposed architecture using Mininet and verify that it is feasible.

The software birthmarking technique has conventionally been studied in fields such as software piracy, code theft, and copyright infringement. The most recent API-based software birthmarking method (Han et al., 2014) extracts API call sequences in entire code sections of a program. Additionally, it is generated as a birthmark using a cryptographic hash function (MD5). It was reported that different application types can be categorized in a program through pre-filtering based on DLL/API numbers/names. However, similarity cannot be measured owing to the cryptographic hash function, occurrence of false negatives, and it is difficult to functionally categorize applications using only DLL/API numbers/names. In this paper, we propose an API-based software birthmarking method using fuzzy hashing. For the native code of a program, our software birthmarking technique extracts API call sequences in the segmented procedures and then generates them using a fuzzy hash function. Unlike the conventional cryptographic hash function, the fuzzy hash is used for the similarity measurement of data. Our method using a fuzzy hash function achieved a high reduction ratio (about 41% on average) more than an original birthmark that is generated with only the API call sequences. In our experiments, when threshold ε is 0.35, the results show that our method is an effective birthmarking system to measure similarities of the software. Moreover, our correlation analysis with top 50 API call frequencies proves that it is difficult to functionally categorize applications using only DLL/API numbers/names. Compared to prior work, our method significantly improves the properties of resilience and credibility.

Modern optimizing compilers tend to be conservative and often fail to vectorize programs that would have benefited from it. In this paper, we propose a way to predict the relevant command-line options of the compiler so that it chooses the most profitable vectorization strategy. Machine learning has proven to be a relevant approach for this matter: fed with features that describe the software to the compiler, a machine learning device is trained to predict an appropriate optimization strategy. The related work relies on the control and data flow graphs as software features. In this article, we consider tensor contraction programs, useful in various scientific simulations, especially chemistry. Depending on how they access the memory, different tensor contraction kernels may yield very different performance figures. However, they exhibit identical control and data flow graphs, making them completely out of reach of the related work. In this paper, we propose an original set of software features that capture the important properties of the tensor contraction kernels. Considering the Intel Merom processor architecture with the Intel Compiler, we model the problem as a classification problem and we solve it using a support vector machine. Our technique predicts the best suited vectorization options of the compiler with a cross-validation accuracy of 93.4%, leading to up to a 3-times speedup compared to the default behavior of the Intel Compiler. This article ends with an original qualitative discussion on the performance of software metrics by means of visualization. All our measurements are made available for the sake of reproducibility.

GitHub is a developers' social networking service that hosts a great number of open source software (OSS) projects. Although some of the hosted projects are growing and have many developers, most projects are organized by a few developers and face difficulties in terms of sustainability. OSS projects depend mainly on volunteer developers, and attracting and retaining these volunteers are major concerns of the project stakeholders. To investigate the population structures of OSS development communities in detail and conduct software analytics to obtain actionable information, we apply a demographic approach. Demography is the scientific study of population and seeks to identify the levels and trends in the size and components of a population. This paper presents a case study, investigating the characteristics of the population structures of OSS projects on GitHub, and shows population projections generated with the well-known cohort component method. We found that there are four types of population structures in OSS development communities in terms of experiences and contributions. In addition, we projected the future population accurately using a cohort component population projection method. This method predicts a population of the next period using a survival rate calculated from past population. To the best of our knowledge, this is the first study that applied demography to the field of OSS research. Our approach addressing OSS-related problems based on demography will bring new insights, since studying population is novel in OSS research. Understanding current and future structures of OSS projects can help practitioners to monitor a project, gain awareness of what is happening, manage risks, and evaluate past decisions.