Showing papers presented at "International Conference on Distributed Computing Systems Workshops in 2014"

Content and Popularity Analysis of Tor Hidden Services

Abstract: Tor hidden services allow running Internet services while protecting the location of the servers. Their main purpose is to enable freedom of speech even in situations in which powerful adversaries try to suppress it. However, providing location privacy and client anonymity also makes Tor hidden services an attractive platform for every kind of imaginable shady service. The ease with which Tor hidden services can be set up has spurred a huge growth of anonymously provided Internet services of both types. In this paper we analyse the landscape of Tor hidden services. We have studied 39824 hidden service descriptors collected on 4th of Feb 2013: we scanned them for open ports, in the case of 3050 HTTP services, we analysed and classified their content. We also estimated the popularity of hidden services by looking at the request rate for hidden service descriptors by clients. We found that while the content of Tor hidden services is rather varied, the most popular hidden services are related to botnets. We also propose a method for opportunistic deanonymisation of Tor Hidden Service clients. In addtiton, we identify past attempts to track "Silk road" by consensus history analysis.

Machine-Learning-Based Feature Selection Techniques for Large-Scale Network Intrusion Detection

Abstract: Nowadays, we see more and more cyber-attacks on major Internet sites and enterprise networks. Intrusion Detection System (IDS) is a critical component of such infrastructure defense mechanism. IDS monitors and analyzes networks' activities for potential intrusions and security attacks. Machine-learning (ML) models have been well accepted for signature-based IDSs due to their learn ability and flexibility. However, the performance of existing IDSs does not seem to be satisfactory due to the rapid evolution of sophisticated cyber threats in recent decades. Moreover, the volumes of data to be analyzed are beyond the ability of commonly used computer software and hardware tools. They are not only large in scale but fast in/out in terms of velocity. In big data IDS, the one must find an efficient way to reduce the size of data dimensions and volumes. In this paper, we propose novel feature selection methods, namely, RF-FSR (Random Forest-Forward Selection Ranking) and RF-BER (Random Forest-Backward Elimination Ranking). The features selected by the proposed methods were tested and compared with three of the most well-known feature sets in the IDS literature. The experimental results showed that the selected features by the proposed methods effectively improved their detection rate and false-positive rate, achieving 99.8% and 0.001% on well-known KDD-99 dataset, respectively.

Secure Fallback Authentication and the Trusted Friend Attack

Abstract: Fallback authentication, i.e., recovering access to an account after the password is lost, is an important aspect of real-world deployment of authentication solutions. However, most proposed and deployed mechanisms have substantial weaknesses that seriously degrade security and/or usability. e.g., the well-known security questions are often easy to guess. A promising new fallback authentication mechanism is social authentication, which bases authentication on information about the social context of the user (e.g., on his social graph). We consider fallback authentication mechanisms deployed in practice on a number of social network sites (we concentrate on social networks because those can realistically implement social authentication). Our main contribution is a novel attack against Facebook's social authentication mechanism called Trusted Friends, which is the prime example for social authentication. Our attack is different from previous attacks in that it does not exploit bias in user choice but exploits tests that are realized client-side (but should be server-side) and POST-data fields that can be manipulated by an attacker. Furthermore, we found problems with all fallback authentication mechanisms used by social network sites, and demonstrate a number of cases where we can circumvent the schemes used. These findings are problematic as successfully breaking the fallback authentication gives full access to an account, just as breaking the main authentication mechanism. We conclude that implementations of fallback authentication mechanisms require more attention, both on a conceptual and an implementation level, as even seemingly minor implementation details can have a broad impact on the overall security. We have responsibly reported all attacks to the respective security teams well in advance of publication.

A Criticism to Society (As Seen by Twitter Analytics)

Abstract: Analytic tools are beginning to be largely employed, given their ability to rank, e.g., the visibility of social media users. Visibility that, in turns, can have a monetary value, since social media popular people usually either anticipate or establish trends that could impact the real world (at least, from a consumer point of view). The above rationale has fostered the flourishing of private companies providing statistical results for social media analysis. These results have been accepted, and largely diffused, by media without any apparent scrutiny, while Academia has moderately focused its attention on this phenomenon. In this paper, we provide evidence that analytic results provided by field-flagship companies are questionable (at least). In particular, we focus on Twitter and its "fake followers". We survey popular Twitter analytics that count the fake followers of some target account. We perform a series of experiments aimed at verifying the trustworthiness of their results. We compare the results of such tools with a machine-learning classifier whose methodology bases on scientific basis and on a sound sampling scheme. The findings of this work call for a serious re-thinking of the methodology currently used by companies providing analytic results, whose present deliveries seem to lack on any reliability.

Data Center Network Throughput Analysis Using Queueing Petri Nets

Abstract: In this paper, we contribute performance modeling and analysis approach in computer networks. We present a meta-model designed for the performance modeling of network infrastructures in modern data centers. Instances of our meta-model can be automatically transformed into stochastic simulation models for performance prediction. In this paper, we present a transformation to Queueing Petri Nets (QPNs). We show that despite the high level of abstraction of the QPN models, we are able to predict the utilization of resources with good accuracy within a short time.

Behavioral Security Threat Detection Strategies for Data Center Switches and Routers

Abstract: Behavioral security threats such as Distributed Denial of Service (DDoS) attacks are an ongoing problem in large scale Data Centers (DC) and pose huge performance challenges to DC operators. Typically, a dedicated Firewall/DDoS appliance is needed for Layer 2-7 behavioral security threat detection and mitigation. This solution is cost prohibitive for large scale multi-tenant DCs with high throughput performance needs. This paper examines various Layer 2-4 behavioral security threat detection methods and assists which are implement able in the switches and routers at low cost. For DCs, this complements the overall behavioral security threat detection strategy and enables operators to offer tiered services. Extensions to emerging NFV and SDN scenarios are also discussed.

Deploying and Extending On-Premise Cloud Storage Based on ownCloud

Abstract: The conception and implementation of an on-premise cloud storage is a significant, but also necessary step in the development of modern data centers. Providing seamless access to data from multiple devices and from any network-connected location world-wide is a mandatory requirement for the data management and also expected by users, as most of them already use commercial offerings such as drop box, box, sky drive and many others. These demands raise activities of almost every educational driven unification like "Deutsches Forschungsnetz" (DFN) or "Zentren fur Kommunikation und Information sverarbeitung" (ZKI). This paper describes our concept and implementation for on-premise cloud storage, designed to service up to 40.000 students and faculty members of TU Berlin. The solution is based on the open-source project own Cloud, which is extended with functionalities for sharing files among research groups, based on integration with the TUB identity management system. The paper also presents an experimental evaluation in a real-life scenario and summarizes pitfalls occurred during the rollout of such a large system.

Let Our Browsers Socialize: Building User-Centric Content Communities on WebRTC

Abstract: The emerging Internet standards of WebRTC open up a new paradigm of direct browser interconnects. Users are thus enabled to build personal communities by simply loading Web pages, provided an appropriate software is at hand. In this paper, we present a software architecture that provides the core concepts and components for content-centric communities on a pure P2P basis. Starting from generic use cases, we develop an information-centric overlay that naturally supports user requirements. Our prototypical implementation and evaluation demonstrate the feasibility of this light-weight approach.

Friend or Flood? Social Prevention of Flooding Attacks in Mobile Opportunistic Networks

Abstract: Opportunistic networks enable decentralised and infrastructure-less social networking applications, through the cooperation of peer mobile devices to forward messages on one another's behalf. The decentralised and cooperative nature of these networks, however, introduces potential security threats. For instance, malicious nodes may modify messages, or send many messages in an attempt to drain other nodes' resources and thereby disrupt the network. Such attacks are well-studied for wireless ad hoc networks, but may need reconsideration in disconnected opportunistic networks. In this paper we define a simple flooding attack that can deny service in an opportunistic network. We simulate the attack and demonstrate its efficacy using real-world datasets. We furthermore develop a scheme for mitigating the attack, by using the social relations between nodes. The scheme is lightweight, requires only local knowledge to be stored by each node, and is shown to be effective: for one dataset, the median proportion of time spent offline by nodes was reduced from 42.7% to 6.3%.

Dynamic Scheduling for Speculative Execution to Improve MapReduce Performance in Heterogeneous Environment

Abstract: MapReduce framework allows users to quickly develop big-data applications and process big-data effectively. However, unexpected malfunction may be found in cloud environment because a distributed system consists of several hardware, and this malfunction often causes delay of overall processing. MapReduce framework provides Speculative Execution (SE). SE reduces delay in a homogeneous environment by assigning delayed tasks to additional nodes. As cloud computing prevails, cloud computing environment is moving from homogeneous to heterogeneous. Original SE is not perfect and sometimes produces inefficient result in a heterogeneous environment. This paper proposes Dynamic Scheduling for Speculative Execution (DSSE) which enhances performance in a heterogeneous environment by improving existing SE. DSSE prevents wasted SE since it calculates processing capability of each node more objectively and precisely. DSSE has reduced entire processing time approximately 10% compared to original SE. Success rate of SE was 100%.

Automated Modeling of I/O Performance and Interference Effects in Virtualized Storage Systems

Abstract: Modern IT systems frequently employ virtualization technology to maximize resource efficiency. By sharing physical resources, however, the virtualized storage used in such environments can quickly become a bottleneck. Performance modeling and evaluation techniques applied prior to system deployment help to avoid performance issues. In current practice, however, modeling I/O performance is usually avoided due to the increasing complexity of modern virtualized storage systems. In this paper, we present an automated modeling approach based on statistical regression techniques to analyze I/O performance and interference effects in the context of virtualized storage systems. We demonstrate our approach in three case studies creating performance models with two I/O benchmarks. The case studies are conducted in a real-world environment based on IBM System z and IBM DS8700 server hardware. Using our approach, we effectively create performance models with excellent prediction accuracy for both I/O-intensive applications and I/O performance interference effects with a mean prediction error up to 7%.

OS-Assisted Task Preemption for Hadoop

Abstract: This work introduces a new task preemption primitive for Hadoop, that allows tasks to be suspended and resumed exploiting existing memory management mechanisms readily available in modern operating systems. Our technique fills the gap that exists between the two extreme cases of killing tasks (which waste work) or waiting for their completion (which introduces latency): experimental results indicate superior performance and very small overheads when compared to existing alternatives.

Impact of Ethernet Multipath Routing on Data Center Network Consolidations

Abstract: With the advent of network virtualization, data center networking is reaching a high level of management complexity. Indeed, interconnection networks in data center networks (DCN) are no longer just based on flat over-provisioned pipes, but are increasingly facing traffic engineering (TE) issues that commonly characterize long-haul provider networks. TE objectives, however, are opposite to energy efficiency (EE) objectives commonly chased by virtual machine (VM) consolidations. Moreover, the specific topologies of DCNs and the systematic use of multipath forwarding make the joint TE and VM consolidation optimization complex. The contribution of this paper is twofold. First, we propose a repeated matching heuristic for the DCN optimization problem with multipath capabilities, which also scales well for large topologies without discarding both TE and EE objectives. Second, we assess the impact of multipath forwarding on TE and EE goals. Extensive simulations show us that multipath forwarding is beneficial only when EE is not the primary goal in network-aware VM consolidations, and that it can be counterproductive when instead the EE is the primary goal of such optimizations.

A Hybrid Cloud Architecture for a Social Science Research Computing Data Center

Abstract: Research computing in the social sciences requires access to statistical software and quantitative tools that perform embarrassingly parallel computation at moderate scale, large memory to fit entire data sets, and secure storage for potentially confidential data. The Research Computing Environment (RCE) was designed as a three-tier system to satisfy these requirements in a transparent manner. We extend the RCE to use cloud resources while maintaining the transparency of the resources from the user. This paper describes this use case and highlights the significant resource management and networking decisions made when designing and implementing a hybrid cloud architecture for a research computing environment to support the social sciences.

Vehicular Coordination via a Safety Kernel in the Gulliver Test-Bed

Abstract: Cooperative vehicular systems base their coordination on inherently uncertain inter-vehicle communications. Safe solutions that do not properly manage uncertainty, lead to inefficient outcomes. We consider that cooperative functions can be executed with several service levels, and we use the system architectural concept of safety kernel for managing the service level that achieves the best possible performance while keeping the system safe. We use the Gulliver test-bed for demonstrating the safety kernel concept by means of a pilot system implementation on scaled vehicles with sensors and communication capabilities. The demonstrated architecture incorporates: (1) a local dynamic map (LDM) that uses local and remote sensory information for calculating the location of nearby objects, (2) a safety kernel to manage the service levels, (3) a cooperative level of service evaluator that allows vehicles to reach agreement on a common service level and, finally, (4) a driver manager that executes in accordance to the cooperative level of service when determining how to calculate the trajectory. This paper explains how the different components considered in the architectural concept operate, and shows how it is possible to use (similar to existing) trajectory planning algorithms when implementing the concept.

Cayley-Graph-Based Data Centers and Space Requirements of a Routing Scheme Using Automata

Abstract: Modern data centers connect tens of thousands of computers by an interconnection network. The design of such networks implies the selection of an appropriate routing scheme for them. Those schemes need to be efficient with respect to time and space requirements. Cayley Graphs (CG) has been proposed as models for large-scale interconnection networks with excellent properties and very efficient routing schemes. In a previous work, we presented a fast general-purpose shortest path routing scheme for CG with compact routing tables. The scheme uses the concept the Automatic Structures (AS) of a group. However, the size of such structures was not considered into the complexity analysis. Therefore, this paper evaluates the required space to keep such structures and the several intermediate finite state automata that arise during the process of constructing such AS. We perform the evaluation on six well-known families of CG. The results show which structures are space-efficient to implement the scheme, and how the size of such structures depends on the so-called k-fellow traveler property.

MDoctor: A Mobile Malware Prognosis Application

Abstract: Mobile malware is on the rise as the global number of smartphone users grows exponentially. Traditional malware detection and scanning tools only detect malware when devices are actually infected. In previous work, we saw that the presence of applications that occur often with known malware can indicate not only infection status but also potential risk of infection. In this paper, we present Doctor - a malware prognosis application based on crowd sourced data. Doctor includes a server component and an easy-to-use Android client application. Doctor visualizes the health of the device as a pie chart, slices representing applications. Each slice is split into four sections, corresponding to different lightweight indicators of infection. Sections of each slice are colored from green to red. The greater the amount of red, the greater the risk of infection. This front-end application provides users a new function for malware prognosis which is currently missing in existing mobile anti-malware tools.

Privacy Preserving Statistics in the Smart Grid

Abstract: Smart meters are widely deployed to provide fine-grained information pertaining to tenant power consumption. These data are analyzed by suppliers for more accurate statistics, energy consumption predictions and personalized billing. Indirectly this aggregation of data can reveal personal information of tenants such as number of persons in a house, vacation periods and appliance preferences. To date, work in the area has focused mainly on privacy preserving aggregate statistical functions such as the computation of sum. In this paper we propose a novel solution for privacy preserving individual data collection per smart meter. We consider the operation of identifying the maximum consumption of a smart meter as an interesting property for energy suppliers, as it can be employed for energy forecasting to allocate electricity in advance. In our solution we employ an order preserving encryption scheme in which the order of numerical data is preserved in the cipher text space. We enhance the accuracy of maximum consumption by utilizing a delta encoding scheme.

Decentralized Adaptive Helper Selection in Multi-channel P2P Streaming Systems

Abstract: In Peer-to-Peer (P2P) multi-channel live streaming, helper peers with surplus bandwidth resources act as micro-servers to compensate the server deficiencies in balancing the resources between different channel overlays. With deployment of helper level between server and peers, optimizing the user/helper topology becomes a challenging task since applying well-known reciprocity-based choking algorithms is impossible due to the one-directional nature of video streaming from helpers to users. Because of selfish behavior of peers and lack of central authority among them, selection of helpers requires coordination. In this paper, we design a distributed online helper selection mechanism which is adaptable to supply and demand pattern of various video channels. Our solution for strategic peers' exploitation from the shared resources of helpers is to guarantee the convergence to correlated equilibria (CE) among the helper selection strategies. Online convergence to the set of CE is achieved through the regret-tracking algorithm which tracks the equilibrium in the presence of stochastic dynamics of helpers' bandwidth. The resulting CE can help us select proper cooperation policies. Simulation results demonstrate that our algorithm achieves good convergence, load distribution on helpers and sustainable streaming rates for peers.

An Efficient Edge-Based Authentication for Network Coding against Entropy Attacks

Abstract: This paper proposes a new edge-based authentication scheme for network coding. Many authentication schemes for random linear network coding have been proposed against pollution attacks. However, random linear network coding is vulnerable to entropy attacks. An adversary can generate messages that are verified as correct messages by the authentication mechanism but obstruct the network coding. Random linear network coding is shown to be efficient in a random failure model, but not in an adversary model. This paper shows a simple solution to tolerate entropy attacks by changing random linear coding to deterministic message combining rule. For an example, this paper shows a modification of RIPPLE, an authentication scheme for random linear network coding. Lastly, we show that the total delay of modified RIPPLE can be reduced by an edge-based authentication. RIPPLE and many other authentication schemes are node-based, that is, verification keys and operations are defined for each node. We show that we can construct an edge-based scheme, that is, verification keys and operations are defined for each edge. We show that the edge-based authentication scheme is more efficient than the node-based schemes.

Controlling the Delay of Small Flows in Datacenters

Abstract: As data centers grow in size, the communication between servers has emerged as a major bottleneck. Studies have shown that data center workloads are highly variable in sizes, comprising of a mix of mice and elephant flows which, when coupled with hard to predict arrivals, make bandwidth provisioning and flow scheduling a challenging task. There has been a significant progress in excess bandwidth provisioning and flow scheduling algorithms, especially using hybrid electrical-optical networks, aimed at providing effective throughput to elephant flows while ignoring the delay of small flows. The latency of small flows, however, is an important performance metric and existing solutions for improving this metric for traditional packet switched as well as hybrid data center networks continue to be inadequate. We aim at looking at the design of a data center network which ensures adequate bandwidth provisioning and minimizes delay for mice flows effectively. In this paper, we propose a novel hybrid architecture along with simple flow routing schemes to achieve these goals. The design schemes proposed in this paper can be incorporated in the existing data center networks. We evaluate the performance of our scheme and compare it to other existing schemes through simulations.

A Software Architecture for Progressive Scanning of On-line Communities

Abstract: We consider a set of on-line communities (e.g., news, blogs, Google groups, Web sites, etc.). The content of a community is continuously updated by users and such updates can be seen by users of other communities. Thus, when creating an update, a user could be influenced by one or more updates creating a semantic causal relationship among updates. This transitively will allow to trace how an information flows across communities. The paper presents a software architecture that progressively scan a set of on-line communities in order to detect such semantic causal relationships. The architecture includes a crawler, a large scale storage, a distributed indexing system and a mining system. The paper mainly focuses on crawling and indexing.

Model-Based Engineering Techniques for QoS Auditing in Distributed Cloud Services

Abstract: Given cloud-based realization of a distributed system S, QoS auditing enables risk analysis and accounting of SLA violations under various security threats and resource depletion faced by S. The problem of QoS failures and security infringements arises due to third-party control of the underlying cloud resources and components. Here, a major issue is to reason about how well the system internal mechanisms are engineered to offer a required level of service to the application. We employ computational models of S to determine the optimal feasible output trajectory and verify how close is the actual behavior of S to this trajectory. The less-than-100% trust between the various sub-systems of S necessitates our model-based analysis of the service behavior vis-a-vis the SLA negotiated with S. The paper describes a case study of CDN realized on a cloud to corroborate our model-based system auditing techniques.

A Control Method of Guaranteeing Throughput for TCP Communication Considering Handover over WLAN

Abstract: In wireless LAN environments, the frequency of handover has been increased by the rapid spread of mobile devices such as smartphones and tablets. In such environments, streaming applications such as video feeds, are quite common and have high bandwidth (throughput) requirements. Here, QoS is an important metric for assurance of network quality. QoS-TCP has been proposed as one of the techniques for guaranteeing the throughput, it controls only the terminal. In this study, we treat TCP-AV as one of the typical QoS-TCPs. However, TCP-AV was originally developed for wired networks. It has difficulty in guaranteeing adequate throughput in a wireless LAN environment because it does not consider handover. Given the frequency of handover in wireless LAN environments, (1) we modify the parameters of TCP-AV, and (2) we propose advertise window size control by an access point (AP). Simulation results show that the method proposed herein, which uses both (1) and (2), can attain the necessary throughput, unlike the original TCP-AV approach.

On Balance among Energy, Performance and Recovery in Storage Systems

Abstract: With the increasing size of the clusters as well as the increasing capacity of each storage node, current storage systems are spending more time on recovery. When node failure happens, the system enters degradation mode in which node reconstruction/block recovery is initiated. This very process needs to wake up a number of disks and takes a substantial amount of I/O bandwidth which will not only compromise energy efficiency but also performance. This raises a natural problem: how to balance the performance, energy, and recovery in degradation mode for an energy efficient storage system? Without considering the I/O bandwidth contention between recovery and performance, we find that the current energy proportional solutions cannot answer these question accurately. This paper presents a mathematical model called Perfect Energy, Reliability, and Performance (PERP) which provides guidelines of provisioning active nodes number and recovery speed at each time slot with respect to the performance and recovery constraints. We apply our model to practical data layouts and test the effectiveness on our 25-node CASS cluster. Experimental results validate that our model helps realize 25% energy savings while meeting both performance and recovery constraints and the saving is expected to increase with a larger number of nodes.

Analysis of Permanent Faults in Transaction Level SystemC Models

Abstract: Since SoC systems are typically used for critical scenarios, it is desirable to analyze the impact of faults on them. However, fault-impact analysis is difficult due to the high integrity of SoC systems and different levels of abstraction provided by modern system design languages such as SystemC. In this paper, we present a method for modeling and analyzing permanent faults in SystemC TLM programs. The proposed method includes three steps, namely timed model extraction, fault modeling, and fault analysis. We use UPPAAL timed automata to formally model the SystemC TLM programs and monitor how the models behave in the presence of faults. A case study is also provided to better explain our proposed approach.

On Parameters for the Secure Dispersed Data Transfer Scheme Using a Multipath Routing Method

Abstract: Ad hoc networks are autonomous distributed networks without the fixed communication infrastructures such as base stations. Ad hoc networks are at risk of a variety of attacks such as node capture attacks that result in tampering or leaking data. The secure dispersed data transfer method is a method to prevent node capture attacks. The performance of the dispersed data transfer method can be improved by the specific configuration of its parameters and using multiple paths with few bottleneck nodes. In this paper, we propose a configuration to maximize performance of the multipath routing method, which reduces the control packet count and reduce bottlenecking between shared elements. We have implemented our proposed method with the secure dispersed data transfer method on a network simulator, to confirm its effectiveness. In this paper, we discuss the appropriate parameters that give a promising advantage to the secure dispersed data transfer method.

Are Circles Communities? A Comparative Analysis of Selective Sharing in Google+

Abstract: The audience of shared content in Social Media is often hard to determine. To protect users from over-sharing, several services provide a feature for grouping contacts. Communities, interest groups, and circles are common examples. In this work, we investigate the structural properties of the circles in Google+ in comparison to the well-known communities. Based on several data sets and scoring functions, we search for the specific characteristics of circles. Our findings indicate that circles indeed form a special substructure that clearly differs from community groups. While the internal connectivity of circles and communities appear fairly similar, circles admit a much enhanced intensity of external relations. Circles resemble communities to which a large number of external links have been added. Selective sharing in circles is thus less confined.

Protection Mechanism in Privileged Memory Space for Embedded Systems, Real-Time OS

Abstract: Memory protection mechanisms have become important in embedded systems because programs are becoming larger and more complex, and the failure of one program can corrupt other programs. In order to isolate failures and to prevent the failure of one program from propagating throughout the system, memory protection is required. Recently, memory protection is also required in safety-critical embedded systems. In embedded systems, the memory protection mechanisms are used the memory management unit (MMU) function in a CPU. However, the overhead cost of system calls to the OS is very large because the system calls are implemented by a software trap, which decreases the system performance. The goal of the present study is to provide a lightweight memory protection mechanism in the privilege memory space in order to protect a real-time OS from unintended behaviors of application programs in the privilege memory space. An application program in the privilege level in an embedded system, which is accessible to registers in peripheral devices and can execute privilege instructions for the embedded system, is crucial. We design and implement the light memory protection mechanism in the privilege memory space in real-time OS using MMU in ARM processor. We show that our memory protection mechanism is effective in a real application because of very small increase of execution time.

Exercising High-Level Parallel Programming on Streams: A Systems Biology Use Case

Abstract: The stochastic modelling of biological systems, coupled with Monte Carlo simulation of models, is an increasingly popular technique in Bioinformatics. The simulation-analysis workflow may result into a computationally expensive task reducing the interactivity required in the model tuning. In this work, we advocate high-level software design as a vehicle for building efficient and portable parallel simulators for a variety of platforms, ranging from multi-core platforms to GPGPUs to cloud. In particular, the Calculus of Wrapped Compartments (CWC) parallel simulator for systems biology equipped with on-line mining of results, which is designed according to the Fast Flow pattern-based approach, is discussed as a running example. In this work, the CWC simulator is used as a paradigmatic example of a complex C++ application where the quality of results is correlated with both computation and I/O bounds, and where high-quality results might turn into big data. The Fast Flow parallel programming framework, which advocates C++ pattern-based parallel programming makes it possible to develop portable parallel code without relinquish neither run-time efficiency nor performance tuning opportunities. Performance and effectiveness of the approach are validated on a variety of platforms, inter-alia cache-coherent multi-cores, cluster of multi-core (Ethernet and Infiniband) and the Amazon Elastic Compute Cloud.