Abstract
The purpose of this paper is to advance the current state of physical layer security through the design and analysis of a discrete jamming scheme that exploits the reciprocal characteristic of the wireless channel with the aim to create equivocation to a passive multiple-antenna eavesdropper. Closed form solutions of the secrecy capacity for different configurations of the jamming component were obtained and successfully compare with the simulation results. Furthermore, the secrecy level provided by the developed scheme is analyzed taking into account the number of bits extracted from the channel. The asymptotic study of the proposed secrecy technique allowed to conclude that in the high-power regime, full secrecy is obtained even considering that the eavesdropper is equipped with an unlimited number of antennas.

Abstract
Its distributed nature and ubiquitous service make the cloud subject to several vulnerabilities. One of the main tools used for reporting suspicious activity in the network's traffic is the Intrusion Detection System. However, two significant problems arise: the huge volume of control messages between the virtual machines and the servers; and the associated transfer costs. In this work, we propose a Triple-Similarity Mechanism (T-SyM) for grouping similar alarms that may correspond to the same attack (or attempt) in order to reduce the number of messages and, consequently, the total amount of information. In addition, we propose an algorithm for calculating the severity level of the alarms. T-SyM works on the basis of 3 steps: individual similarity (Euclidian distance), clustering relevant features (k-means algorithm) and generating the output (the Tanimoto coefficient). An evaluation of the most common attacks is performed using real traces from an IDS. Our mechanism was able to decrease the number of alarms by up to 90% and reduce the total amount of data by more than 80%.

Abstract
Current physical-layer security techniques typically rely on a degraded eavesdropper, thus warranting some sort of advantage that can be relied upon to achieve higher levels of security. We consider instead non-degraded eavesdroppers that possess equal or better capabilities than legitimate receivers. Under this challenging setup, most of the current physical-layer security techniques become hard to administer and new dimensions to establish advantageous periods of communication are needed. For that, we consider employing a spread spectrum uncoordinated frequency hopping (UFH) scheme aided by friendly jammers for improved secrecy. We characterize the secrecy level of this spread spectrum scheme, by devising a stochastic geometry mathematical model to assess the secure packet throughput (probability of secure communication) of devices operating under UFH that accommodates the impact of friendly jammers. We further implement and evaluate these techniques in a real-world test-bed of software-defined radios. Results show that although UFH with jamming leads to low secure packet throughput values, by exploiting frequency diversity, these methods may be used for establishing secret keys. We propose a method for secret-key establishment that builds on the advantage provided by UFH and jamming to establish secret keys, notably against non-degraded adversary eavesdroppers that may appear in advantageous situations. © 2005-2012 IEEE.

Abstract
Current physical-layer security techniques typically rely on a degraded eavesdropper, thus warranting some sort of advantage that can be relied upon to achieve higher levels of security. We consider instead non-degraded eavesdroppers that possess equal or better capabilities than legitimate receivers. Under this challenging setup, most of the current physical-layer security techniques become hard to administer and new dimensions to establish advantageous periods of communication are needed. For that, we consider employing a spread spectrum uncoordinated frequency hopping (UFH) scheme aided by friendly jammers for improved secrecy. We characterize the secrecy level of this spread spectrum scheme, by devising a stochastic geometry mathematical model to assess the secure packet throughput (probability of secure communication) of devices operating under UFH that accommodates the impact of friendly jammers. We further implement and evaluate these techniques in a real-world test-bed of software-defined radios. Results show that although UFH with jamming leads to low secure packet throughput values, by exploiting frequency diversity, these methods may be used for establishing secret keys. We propose a method for secret-key establishment that builds on the advantage provided by UFH and jamming to establish secret keys, notably against non-degraded adversary eavesdroppers that may appear in advantageous situations.

Abstract
Service applications are increasingly being deployed in virtualized environments, such as virtual machines (VMs) as a means to provide elasticity and to allow fast recovery from failures. The recent trend is now to deploy applications in containers (e.g., Docker or RKT containers), which allow, among many other benefits, to further reduce recovery time, since containers are much more lightweight than VMs. Although several performance benchmarks exist for web services (e.g., TPC-App and SPEC SPECjEnterprise2010) or even virtualized environments (e.g., SPEC Cloud IaaS 2016, TPCx-V), understanding the behavior of containerized services in the presence of faults has been generally disregarded. This paper proposes an experimental approach for evaluating the performance of containerized services in presence of operator faults. The approach is based on the injection of a simple set of operator faults targeting the containers and middleware. Results show noticeable differences regarding the impact of operator faults in Docker and RKT, with the latter one allowing for faster recovery, despite showing the lowest throughput.

Abstract
The increasing capabilities of smartphones is paving way to novel applications through the crowd-sourcing of these untapped resources, to form hyperlocal meshes commonly known as edge-clouds. While a relevant body-of-work is already available for the underlying networking, computing and storage facilities, security and privacy remain second class citizens. In this paper we present Panoptic, an edge-cloud system that enables the search for missing people, similar to the commonly known Amber alert system, in high density scenarios where wireless infrastructure might be limited (WiFi and LTE), e.g. concerts, while featuring privacy and security by design. Since the limited resources present in the mobile devices, namely battery capacity, Panoptic offers a computing offloading that tries to minimize data leakage while offering acceptable levels of performance. Our results show that it is achievable to run these algorithms in an edge-cloud configuration and that it is beneficial to use this architecture to lower data transfer through the wireless infrastructure while enforcing privacy. Results from our experimental evaluation show that the security layer does not impose a significant overhead, and only accounts for 2% of the total execution time for an edge cloud comprised by, but not limited to, 8 devices.