KEYWORD |
Security Automation and Optimization in NFV and SDN Cloud Context
keywords CYBERSECURITY, NETWORK FUNCTIONS VIRTUALIZATION, SECURITY AUTOMATION
Reference persons GUIDO MARCHETTO, RICCARDO SISTO, FULVIO VALENZA
External reference persons BRINGHENTI DANIELE
Research Groups COMPUTER NETWORKS GROUP - NETGROUP, DAUIN - GR-03 - COMPUTER NETWORKS GROUP - NETGROUP, GR-03 - COMPUTER NETWORKS GROUP - NETGROUP, NETGROUP
Thesis type THEORETICAL/EXPERIMENTAL
Description Network function virtualization (NFV) and Software-Defined Networking (SDN) are two novel networking paradigms that can be used to virtualize and manage networks and security functions. These paradigms introduce several advantages compared to classical approaches, such as the dynamic provisioning of functionality or the implementation of scalable and reliable services (e.g., by adding new instances to support higher request volumes). NFV also allows the deployment of security controls, like firewalls or VPN gateways, as virtualized network functions.
However, currently, the level of security automation and optimization is quite limited with respect to what could be potentially achieved with these new paradigms. For example, currently there is no automatic way to select the security functions and configure them according to a set of user's security requirements (also ensuring that some desired network properties or invariants are always guaranteed) or to dynamically reconfigure the security functions to mitigate a network attack.
The objective of the thesis is to address one of the specific problems related to Security Automation and Optimization in NFV and SDN, and to design and implement techniques and algorithms that extend the existing state of the art in this field, by extending the existing frameworks already developed by the Netgroup (i.e., VEREFOO and VERIGRAPH)
VEREFOO: https://github.com/netgroup-polito/verifoo
VERIGRAPH: https://github.com/netgroup-polito/verigraph
More specifically, the thesis may address one of the following aspects:
- integrate the different VEREFOO components, which currently are standalone, so that a unique framework is presented to the user
- improve how the framework works, by enabling not only automatic configuration from scratch, but also re-configuration based on variations in security policies or in network features
- extend the framework so that it can manage a larger variety of security functions, including the min types of security functions that are used in modern networks
integrate the framework within cloud environments like Kubernetes or Network Function Virtualization Orchestrators like Open Source MANO or ONAP.
Required skills Reti di Calcolatori, Cybersecurity, Programmazione Java
Deadline 13/09/2022
PROPONI LA TUA CANDIDATURA