Abstract
In this paper, we provide secrecy metrics applicable to physical-layer coding techniques with finite blocklengths over Gaussian and fading wiretap channel models and analyze their secrecy performance over several cases of concatenated code designs. Our metrics go beyond some of the known practical secrecy measures, such as bit error rate and security gap, so as to make lower bound probabilistic guarantees on error rates over short blocklengths both preceding and following a secrecy decoder. Our techniques are especially useful in cases where application of traditional information-theoretic security measures is either impractical or simply not yet understood. The metrics can aid both practical system analysis, including cryptanalysis, and practical system design when concatenated codes are used for physical-layer security. Furthermore, these new measures fill a void in the current landscape of practical security measures for physical-layer security coding and may assist in the wide-scale adoption of physical-layer techniques for security in real-world systems. We also show how the new metrics provide techniques for reducing realistic channel models to simpler discrete memoryless wiretap channel equivalents over which existing secrecy code designs may achieve information-theoretic security.

Abstract
The purpose of this paper is to advance the current state of physical layer security through the design and analysis of a discrete jamming scheme that exploits the reciprocal characteristic of the wireless channel with the aim to create equivocation to a passive multiple-antenna eavesdropper. Closed form solutions of the secrecy capacity for different configurations of the jamming component were obtained and successfully compare with the simulation results. Furthermore, the secrecy level provided by the developed scheme is analyzed taking into account the number of bits extracted from the channel. The asymptotic study of the proposed secrecy technique allowed to conclude that in the high-power regime, full secrecy is obtained even considering that the eavesdropper is equipped with an unlimited number of antennas.

Abstract
Its distributed nature and ubiquitous service make the cloud subject to several vulnerabilities. One of the main tools used for reporting suspicious activity in the network's traffic is the Intrusion Detection System. However, two significant problems arise: the huge volume of control messages between the virtual machines and the servers; and the associated transfer costs. In this work, we propose a Triple-Similarity Mechanism (T-SyM) for grouping similar alarms that may correspond to the same attack (or attempt) in order to reduce the number of messages and, consequently, the total amount of information. In addition, we propose an algorithm for calculating the severity level of the alarms. T-SyM works on the basis of 3 steps: individual similarity (Euclidian distance), clustering relevant features (k-means algorithm) and generating the output (the Tanimoto coefficient). An evaluation of the most common attacks is performed using real traces from an IDS. Our mechanism was able to decrease the number of alarms by up to 90% and reduce the total amount of data by more than 80%.

Abstract
Current physical-layer security techniques typically rely on a degraded eavesdropper, thus warranting some sort of advantage that can be relied upon to achieve higher levels of security. We consider instead non-degraded eavesdroppers that possess equal or better capabilities than legitimate receivers. Under this challenging setup, most of the current physical-layer security techniques become hard to administer and new dimensions to establish advantageous periods of communication are needed. For that, we consider employing a spread spectrum uncoordinated frequency hopping (UFH) scheme aided by friendly jammers for improved secrecy. We characterize the secrecy level of this spread spectrum scheme, by devising a stochastic geometry mathematical model to assess the secure packet throughput (probability of secure communication) of devices operating under UFH that accommodates the impact of friendly jammers. We further implement and evaluate these techniques in a real-world test-bed of software-defined radios. Results show that although UFH with jamming leads to low secure packet throughput values, by exploiting frequency diversity, these methods may be used for establishing secret keys. We propose a method for secret-key establishment that builds on the advantage provided by UFH and jamming to establish secret keys, notably against non-degraded adversary eavesdroppers that may appear in advantageous situations. © 2005-2012 IEEE.

Abstract
Current physical-layer security techniques typically rely on a degraded eavesdropper, thus warranting some sort of advantage that can be relied upon to achieve higher levels of security. We consider instead non-degraded eavesdroppers that possess equal or better capabilities than legitimate receivers. Under this challenging setup, most of the current physical-layer security techniques become hard to administer and new dimensions to establish advantageous periods of communication are needed. For that, we consider employing a spread spectrum uncoordinated frequency hopping (UFH) scheme aided by friendly jammers for improved secrecy. We characterize the secrecy level of this spread spectrum scheme, by devising a stochastic geometry mathematical model to assess the secure packet throughput (probability of secure communication) of devices operating under UFH that accommodates the impact of friendly jammers. We further implement and evaluate these techniques in a real-world test-bed of software-defined radios. Results show that although UFH with jamming leads to low secure packet throughput values, by exploiting frequency diversity, these methods may be used for establishing secret keys. We propose a method for secret-key establishment that builds on the advantage provided by UFH and jamming to establish secret keys, notably against non-degraded adversary eavesdroppers that may appear in advantageous situations.

Abstract
Service applications are increasingly being deployed in virtualized environments, such as virtual machines (VMs) as a means to provide elasticity and to allow fast recovery from failures. The recent trend is now to deploy applications in containers (e.g., Docker or RKT containers), which allow, among many other benefits, to further reduce recovery time, since containers are much more lightweight than VMs. Although several performance benchmarks exist for web services (e.g., TPC-App and SPEC SPECjEnterprise2010) or even virtualized environments (e.g., SPEC Cloud IaaS 2016, TPCx-V), understanding the behavior of containerized services in the presence of faults has been generally disregarded. This paper proposes an experimental approach for evaluating the performance of containerized services in presence of operator faults. The approach is based on the injection of a simple set of operator faults targeting the containers and middleware. Results show noticeable differences regarding the impact of operator faults in Docker and RKT, with the latter one allowing for faster recovery, despite showing the lowest throughput.