PORTALE DELLA DIDATTICA

Ricerca CERCA
  KEYWORD

DAUIN - GR-03 - COMPUTER NETWORKS GROUP - NETGROUP

Security Automation and Optimization in NFV and SDN Cloud Context

keywords CYBERSECURITY, NETWORK FUNCTIONS VIRTUALIZATION, SECURITY AUTOMATION

Reference persons GUIDO MARCHETTO, RICCARDO SISTO, FULVIO VALENZA

External reference persons BRINGHENTI DANIELE

Research Groups COMPUTER NETWORKS GROUP - NETGROUP, DAUIN - GR-03 - COMPUTER NETWORKS GROUP - NETGROUP, GR-03 - COMPUTER NETWORKS GROUP - NETGROUP, NETGROUP

Thesis type THEORETICAL/EXPERIMENTAL

Description  Network function virtualization (NFV) and Software-Defined Networking (SDN) are two novel networking paradigms that can be used to virtualize and manage networks and security functions. These paradigms introduce several advantages compared to classical approaches, such as the dynamic provisioning of functionality or the implementation of scalable and reliable services (e.g., by adding new instances to support higher request volumes). NFV also allows the deployment of security controls, like firewalls or VPN gateways, as virtualized network functions.

However, currently, the level of security automation and optimization is quite limited with respect to what could be potentially achieved with these new paradigms. For example, currently there is no automatic way to select the security functions and configure them according to a set of user's security requirements (also ensuring that some desired network properties or invariants are always guaranteed) or to dynamically reconfigure the security functions to mitigate a network attack.

The objective of the thesis is to address one of the specific problems related to Security Automation and Optimization in NFV and SDN, and to design and implement techniques and algorithms that extend the existing state of the art in this field, by extending the existing frameworks already developed by the Netgroup (i.e., VEREFOO and VERIGRAPH)

VEREFOO: https://github.com/netgroup-polito/verifoo
VERIGRAPH: https://github.com/netgroup-polito/verigraph

More specifically, the thesis may address one of the following aspects:
- integrate the different VEREFOO components, which currently are standalone, so that a unique framework is presented to the user
- improve how the framework works, by enabling not only automatic configuration from scratch, but also re-configuration based on variations in security policies or in network features
- extend the framework so that it can manage a larger variety of security functions, including the min types of security functions that are used in modern networks
integrate the framework within cloud environments like Kubernetes or Network Function Virtualization Orchestrators like Open Source MANO or ONAP.

Required skills Reti di Calcolatori, Cybersecurity, Programmazione Java


Deadline 13/09/2022      PROPONI LA TUA CANDIDATURA




© Politecnico di Torino
Corso Duca degli Abruzzi, 24 - 10129 Torino, ITALY
Contatti