KEYWORD |
Network security automation
keywords CYBERSECURITY, NETWORKING, NFV, SDN, CLOUD COMPUTING, SECURITY, MODELS, ANALYSIS TOOLS
Reference persons DANIELE BRINGHENTI, RICCARDO SISTO, FULVIO VALENZA
Research Groups DAUIN - GR-03 - COMPUTER NETWORKS GROUP - NETGROUP
Description In modern computer networks, manual security configuration has become an error-prone, unoptimized, and time-consuming task because of the increasing dynamism, size, and heterogeneity of the networks. In view of this problem, network security configuration automation started to be investigated in literature. In this research field, the Netgroup at the Politecnico di Torino is developing the VEREFOO framework (https://github.com/netgroup-polito/verifoo), which makes this automation possible. There, the administrator supplies the network topology and defines the security policies, while VEREFOO decides autonomously which security functions to allocate, where, and with which configuration, providing the formal guarantee that the found solution correctly and optimally enforces the desired policies.
VEREFOO is an ambitious project. It is under development but already working. Currently, it can manage only some security controls (packet filtering firewalls and IPsec VPN gateways) and some implementations (Iptables, StrongSwan). Therefore, we are planning to extend it in multiple directions:
• supporting the automatic configuration of complex functions (e.g., stateful firewalls, protection against web attacks);
• achieving fast, optimized reconfiguration against different attack classes;
• providing automatic policy extraction and specification (where the policies are automatically generated from the interpretation of SIEM/IDS alerts and logs) to avoid manual policy specification;
• improving the performance by investigating heuristic algorithms;
• introducing ML/AL in network security configuration automation.
Required skills Computer Networks, Cybersecurity, Java
Deadline 19/11/2025
PROPONI LA TUA CANDIDATURA