Journal of Internet Services and Applications

Vines: A CloudStack Platform for the Orchestration and Holistic Management of Virtualized Network Functions and Services

2025-11-19T13:17:32+00:00

Network Function Virtualization (NFV) is changing the way networks are built and maintained by replacing traditional middleboxes with software that runs on commodity hardware. This paradigm shift not only increases flexibility but can also reduce the cost of building and maintaining the network. The ETSI NFV-MANO reference model is currently widely adopted as the de facto NFV standard, with a large number of compliant platforms currently available. In this work, we propose Vines (Vines Is an NFV-MANO Extensible Solution), a CloudStack-based platform that supports NFV technology and is compliant with the ETSI NFV specifications. Vines includes an NFV Orchestrator (NFVO) that enables the creation of complex network services composed of multiple individual functions. Management & orchestration are holistic, in the sense that they provide a comprehensive set of functionalities for heterogeneous network functions and services. Moreover, nearly all NFV developments have been done on the OpenStack cloud platform. Vines opens up the possibility of using NFV solutions on Apache CloudStack, one of the most widely used cloud platforms worldwide. Experimental results are presented showing that Vines has the same performance level as the widely used OpenStack/Tacker.

Safe and Protected: Combining Protection Mechanism with Safety Verification In Autonomous Vehicles

2025-10-01T09:59:27+00:00

Protection mechanisms, also known as security mechanisms, in automotive systems are proactive components that continuously monitor vehicle signals to detect early signs of potential faults. For autonomous vehicles, it is essential that safety models, such as Responsibility-Sensitive Safety (RSS), which governs longitudinal and lateral safety, account for these mechanisms to enable timely and effective countermeasures against imminent actuation failures. A typical example is the proactive application of braking to increase longitudinal distance and mitigate the risk of losing braking capability. In this paper, we present a data-centric approach for modeling protection mechanisms using the SmartData framework, which facilitates the automatic derivation of safety properties for real-time formal verification via a Safety Enforcement Unit (SEU). We introduce extensions to RSS proper response strategies, enabling them to anticipate potential actuation constraints by leveraging shared internal states of protection mechanisms and a predictive time-to-trigger metric. We formally demonstrate that our approach preserves compliance with the original RSS safety guarantees by extending its inductive proof structure. Furthermore, we validate the feasibility of our solution through empirical evaluation, showing that the embedded formal verification can automatically extract properties from publish-subscribe message systems and operate at runtime with minimal overhead (less than 1% of platform processing capacity). Finally, we integrate our approach with RSS and a representative protection mechanism within the CARLA simulator to showcase its effectiveness in a realistic autonomous driving environment.

Leveraging zero trust and risk indicators to support continuous vulnerability compliance

2025-09-10T13:45:11+00:00

Open source dependencies are the leading source of vulnerabilities in applications and are often exploited in software supply chain attacks. Efforts to assess vulnerabilities are employed during DevSecOps pipelines in order to keep a system compliant with security regimes. However, current strategies for continuous compliance are limited to preventing issues before deployment, and thus do not address changes in dynamic aspects such as newfound vulnerabilities, let alone how to respond to such incidents. In this work, we leverage zero-trust to enable continuous, post-deployment vulnerability compliance assessment, isolating workloads that fail to meet a minimum security posture. This approach balances exploitation prevention with application availability --- a fundamental trade-off for critical use cases. The solution is built on top of SPIRE, a robust open-source identity provider based on workload attestation, and implements a custom plugin that responds to compliance violations driven by dynamic aspects exposed by OWASP's Dependency Track, an open-source tool for monitoring software components and their dependencies for vulnerabilities. To enhance flexibility in the security-availability trade-off, we introduce a grace period mechanism, enabling organizations to defer enforcement of newly identified vulnerabilities based on workload criticality, thus supporting availability for non-critical workloads without compromising long-term security. Finally, we evaluate the performance impact of this approach on a SPIRE environment, showing that the added resource usage reliably remains within the recommended 16 GiB of RAM and 4 vCPUs to run Dependency Track in production. We also show that the plugin adds less than 6 seconds of latency to the attestation process, which is insignificant given its default frequency of twice per hour. Moreover, the results confirm that the approach successfully prevents vulnerability exploitation by prioritizing security, while enabling controlled flexibility in less critical contexts.

Selecting Consensus Algorithm Integrations in a DAG-based Blockchain for IoT Using Genetic Algorithms

2025-11-11T20:49:13+00:00

The Internet of Things (IoT) drives technological advances across various sectors by enabling seamless communication among smart devices. However, significant challenges remain regarding the integrity and reliability of the data stored by these devices. Traditional blockchain solutions, such as those based on Proof of Work (PoW), are generally unsuitable for IoT applications due to their high computational resource demands. Although approaches combining multiple consensus algorithms have emerged as alternatives to optimise performance and security, determining the best combination for each scenario remains an open problem. This paper proposes a strategy based on Genetic Algorithms (GAs) to adaptively select and combine consensus algorithms, thus improving blockchain efficiency in IoT environments. The approach was evaluated on a test blockchain, OmniBlock, implemented using a Directed Acyclic Graph (DAG) and designed specifically for evaluation purposes in IoT applications. OmniBlock supports multiple consensus algorithms, including Proof of Authority (PoA), Proof of Stake (PoS), Proof of Work (PoW), Practical Byzantine Fault Tolerance (PBFT), Raft, and others. The consensus algorithm combination is chosen based on performance attributes. All combinations of consensus algorithms evaluated in this work were suggested by GAs; the practical feasibility of each is analyzed empirically. Experimental results indicate that the evolutionary optimization-based strategy performs better across most of the combinations suggested by the GAs.

Drone Surveillance System Availability and Reliability: A Comprehensive Analytical and Numerical Modeling Approach

2025-09-10T13:37:37+00:00

This paper proposes an approach to evaluate the availability and reliability of drone surveillance systems using complementary modeling techniques. Resilient system architecture with drone and battery redundancy is analyzed using two modeling strategies: (i) an analytical model based on Continuous-Time Markov Chains (CTMC), which yields closed-form availability equations, and (ii) a numerical model employing Stochastic Petri Nets (SPN) to handle more complex redundancy scenarios. Both models consider key factors such as battery charging/discharging times, drone failure and repair rates, and replacement operations. Sensitivity analyses highlight battery-related parameters as critical to system performance. Case studies show that optimizing component parameters can yield up to 97% availability, while redundancy alone can provide 91%. Combined strategies can achieve up to 99.89% availability. For long missions (30 hours), reliability analysis indicates that 15--20 redundant batteries and charging times below 36 minutes are needed to maintain over 80% reliability. For shorter missions, discharge times over 144 minutes are beneficial. This integrated modeling approach provides a robust framework for dependability assessment, guiding the design of resilient and cost-effective drone surveillance systems for mission-critical applications.

Integrated Technical and Economic Analysis of Open RAN for Remote eHealth in Brazil

2025-10-21T21:18:18+00:00

Traditional radio access networks (RANs) are often characterized by rigid, proprietary architectures, high capital (CAPEX) and operational (OPEX) expenditures, and vendor lock-in. These limitations hinder cost-effective deployments in remote and underserved regions. In this paper, we evaluate the potential of Open RAN, a flexible and disaggregated networking paradigm leveraging virtualization and multi-vendor interoperability, to bridge the healthcare gap in Brazil through remote eHealth applications. Focusing on the mobile specialist practice (MSP) use case, we introduce a total cost of ownership model that integrates both CAPEX and OPEX across urban, suburban, and rural deployment scenarios, thereby addressing a critical gap in current network economic models. Additionally, we explore a detailed taxonomy of MSP sub-use cases that delineates the technical requirements for high-definition video streaming, haptic feedback, and remote diagnostics. We conducted laboratory experiments on a 5G Open RAN testbed using real ultrasound equipment in collaboration with Samsung, Beneficência Portuguesa (one of the largest private healthcare hubs in Latin America), and InovaHC (the innovation center of the region’s largest hospital). These experiments demonstrated that our approach meets stringent performance indicators such as low latency, robust throughput, and reliable packet delivery under diverse backhaul conditions. The results further indicate that Open RAN can substantially reduce deployment costs while ensuring high-performance remote medical services. These findings provide valuable insights for advancing field trials, refining economic models, and guiding future policy initiatives.

Performance Analysis and Metric Correlation in Blockchain Networks: Geth vs. Besu with and without Load Balancer

2026-01-16T15:29:07+00:00

Blockchain technology has emerged as a disruptive innovation, facilitating decentralized and secure transactions across various domains. However, performance and scalability are critical challenges, especially for enterprise applications. This study evaluates the performance of two Ethereum-based blockchain clients: Geth (Go Ethereum) and Hyperledger Besu, under different network conditions, including the use of a Load Balancer. We conducted an extensive benchmarking analysis using the Hyperledger Caliper tool to measure key performance metrics such as Requests per Second (Req/s), Transactions per Second (TPS), Latency, and Resource Utilization (CPU and Memory). Additionally, we performed statistical analyses, including Percentage Difference, Coefficient of Variation, and Correlation between Metrics, to provide deeper insights. Our results indicate that Geth consistently outperforms Besu in terms of TPS and latency under high workloads, while Besu demonstrates greater stability and scalability as the number of nodes increases. The impact of the Load Balancer varies across metrics, improving throughput in some cases but increasing latency in others. These findings offer valuable insights for organizations selecting blockchain platforms for enterprise solutions, highlighting scenarios in which each client performs best.

PRISEC III: Dynamic Cryptographic Adaptation for Balancing Performance and Security

2026-03-31T14:00:50+00:00

This paper introduces PRISEC III, a dynamic cryptographic framework designed to balance security and performance in heterogeneous IoT environments. Unlike static, one-size-fits-all approaches, PRISEC III employs a role-based multi-level model that adapts cryptographic strategies according to data sensitivity, device constraints, and network conditions. The framework integrates lightweight symmetric primitives for efficiency, robust asymmetric methods for secure key exchange, and hybrid schemes that combine multiple layers of protection. To enhance long-term resilience, PRISEC III also incorporates post-quantum options, ensuring preparedness against emerging cryptographic threats. Evaluation results demonstrate that the approach achieves scalable security while maintaining feasible computational costs, making it suitable for large-scale and resource-constrained IoT deployments.

Spot-Wise Smart Parking: An Edge-Enabled Architecture with YOLOv11 Towards a Digital Twin

2026-02-05T13:18:15+00:00

Smart parking systems help reduce congestion and minimize users’ search time, thereby contributing to smart city adoption and enhancing urban mobility. In previous works, we presented a system developed on a university campus to monitor parking availability by estimating the number of free spaces from vehicle counts within a region of interest. Although this approach achieved good accuracy, it restricted the system’s ability to provide spot-level insights and support more advanced applications. To overcome this limitation, we extend the system with a spot-wise monitoring strategy based on a distance-aware matching method with spatial tolerance, enhanced through an Adaptive Bounding Box Partitioning method for challenging spaces. The proposed approach achieves a balanced accuracy of 98.80% while maintaining an inference time of 8 seconds on a resource-constrained edge device, enhancing the capabilities of YOLOv11m, a model that has a size of 40.5 MB. In addition, two new components were introduced: (i) a Digital Shadow that visually represents parking lot entities as a base to evolve to a full Digital Twin, and (ii) an application support server based on a repurposed TV box. The latter not only enables scalable communication among cloud services, the parking totem, and a bot that provides detailed spot occupancy statistics, but also promotes hardware reuse as a step towards greater sustainability.

Improving Image Segmentation in Adverse Conditions for Coastal Infrastructure Monitoring

2025-12-22T12:10:32+00:00

Smart cities increasingly rely on AI-driven solutions to improve citizen safety. In coastal regions such as Rio de Janeiro, Brazil, maritime risks present significant challenges, as exemplified by the collapse of the Tim Maia Bike lane. This paper proposes a method for monitoring the coastal infrastructure using a custom segmentation model based on YOLO, aiming to reduce the need for continuous human supervision. However, the external placement of cameras introduces lighting and weather-related challenges, which complicate accurate segmentation. To address these issues, we investigate how domain-specific data augmentation techniques affect model performance under adverse visual conditions. As a case study, we apply this method to develop a system for the Tim Maia Bike lane, with the improved models achieving 97.6% mAP50-95 throughout the day. Furthermore, we analyze the correlation between our system’s outputs and environmental measurements obtained from an ocean buoy. Our findings highlight the potential for integrating AI-based monitoring into broader urban risk management frameworks to provide real-time protection for coastal infrastructure.

Restoring Continuity: An Aggregative, Open-Source Methodology for Harmonizing Disparate Census Tracts Across Time

2026-03-03T13:21:18+00:00

Urban analysis often relies on census or census-like survey data, but the redesign of census tract layers often breaks historical comparability, thereby hampering longitudinal studies at the local scale. In this article, we propose an automated methodology for making census tracts comparable through the construction of a graph, using spatial join operations and non-spatial id comparisons. We adopt an aggregative heuristic to minimize the impact of the matching process on analytical possibilities. To validate the proposed methodology, we deploy it to match the most recent Brazilian censuses for the São Paulo, Vitória, and Recife metropolitan regions, as well as for the Brazilian Federal District. We also test our implementation for New York City and Buenos Aires. We then evaluate the results against available gold standard data and alternative metrics, concluding with a discussion of potential improvements. Our implementation produces comparability files efficiently and has the potential to enable studies that would otherwise be impractical.

Study of Reliability and Availability in Autonomous Electric Vehicles

2026-03-30T19:45:32+00:00

The popularity and development of Autonomous Electric Vehicles (AEVs) bring the need to ensure the safety and reliability of these systems. With the increasing adoption of such vehicles, the promise of reducing human errors and improving transportation efficiency is becoming increasingly attainable. However, failures in autonomous vehicle systems can lead to material damage and loss of human life. Minimizing these failures becomes critical to guarantee the safety of passengers and pedestrians. This work employs Reliability Block Diagram (RBD) and Stochastic Petri Net (SPN) models to evaluate the vehicle safety system of a Level 3 AEV. The proposed approach enables the analysis of availability and reliability metrics, identifying potential improvements in system components. The system’s reliability showed a predictable decline over time, allowing for the anticipation of maintenance and necessary enhancements. These results provide valuable insights for AEV developers regarding the optimization of vehicle safety and reliability.

A Decoupled Embedding-Based Framework for Efficient Node Classification on Social Networks

2026-03-30T15:59:08+00:00

Graph-based learning has become a cornerstone for analyzing complex relationships in domains such as social networks. However, most existing solutions rely on Graph Neural Networks (GNNs), which often require high computational resources, careful parameter tuning, and extensive training time. In this paper, we propose a decoupled learning framework for node classification that replaces end-to-end deep graph architectures with latent structural embeddings and conventional machine-learning models. Our method generates low-dimensional node embeddings and then applies classifiers such as logistic regression, KNN, and random forests to predict node categories. By structurally decoupling the embedding and classification stages, our approach achieves competitive performance while drastically reducing memory complexity and training time. Experimental results on multiple social network datasets demonstrate that our method offers a scalable, interpretable alternative to deep GNN models.

APACHE: Fragmentation and Spectrum-Aware Provisioning for Elastic Optical Networks with Service-Class Differentiation and Revenue Analysis

2026-03-08T17:18:24+00:00

Elastic Optical Networks (EONs) enable fine-grained spectrum allocation that adapts to heterogeneous Internet services. Yet, fragmentation and the lack of contiguous free slots remain persistent causes of connection blocking and SLA violations. This article extends our SBRC paper from 2024 by providing a comprehensive journal version of APACHE—an analytical provisioning algorithm that (i) distinguishes blocking due to fragmentation from blocking due to true scarcity, (ii) incorporates Class of Service (CoS) differentiation into the RSA, and (iii) evaluates the economic impact of blocking via revenue loss. We detail the algorithmic design, simulation methodology, and an expanded performance assessment on the USA and RNP topologies. Results show that APACHE reduces circuit blocking up to 80% (USA) and 56% (RNP) compared to CFCoSP and TSSCF baselines, while consistently minimizing revenue loss under mixed-demand traffic profiles. The findings highlight how fragmentation-awareness and service-class prioritization jointly improve the efficiency and business viability of EON provisioning for next-generation Internet services.

Analysis of the Quality of Service of Public Urban Buses Based on GPS Monitoring

2026-02-11T19:13:29+00:00

The introduction of GPS-equipped IoT devices onboard of urban buses allows the collection of data to monitor the fleet and assess the quality of service of this public transportation modality. The present work analyzes the GPS data from Rio de Janeiro buses, which includes executed trajectories, bus routes and identifiers to estimate per-route performance metrics with the collected data. In particular, the time between two buses, the number of bunched buses, the time spent on the inner fraction of the route, and the entropy are investigated as indicators of quality of service. The results reveal the unpredictability degree of each analyzed route. Lastly, we investigate the correlations between different metrics as a means of discovering relationships between metric performances. Our analysis shows that some routes exhibit greater regularity than others when individual metrics are considered. In addition, we observe a correlation between bus interval and bus bunching, with longer intervals reducing the likelihood of bunching. Also, we observed a correlation between entropy and time spent in the inner fraction of the route. Those results provide useful information in fleet planning activities for public transport.