AddreSsing ThReats for virtualIseD services

Leistungen

Programmable Components and Context Models

Report detailing the programming models and the technologies chosen to embed programmable resources in the service graph that will be at the foundation of the project. This report is delivered rather early with respect to the ASTRID timeline in order to document the conceptual outcome of the project with respect to the above topics. The documentation about the implementation of the components (e.g., monitoring probes, packet filters, etc.) that will be used in the project will be part of deliverable D2.7.

Final ASTRID architecture

Final specification of the ASTRID architecture, including the possible refinements incurred within the lifetime of the project.

Validation and demonstration scenarios

Report presenting a) the KPI chosen to measure the project results and their correspondence with project objectives and requirements, and b) the procedures used to perform the project assessment defined in T4.1.

Access and Privacy Control Architecture and Models

Report presenting the models and the resulting architecture for access and privacy control within the ASTRID architecture. This report is delivered rather early with respect to the ASTRID timeline in order to document the conceptual view of the project with respect to the above topics. The documentation about the implementation will be part of deliverable D2.7.

Final assessment of the ASTRID project

Report presenting the results of the final project assessment enlightening the correspondence between project objectives user requirements and the outcome of the project This document presents also the outcome of the tests and issues raised by the users with the technical support usage data and feedback collected from users and administrators involved in the validation tests Possible remaining issues will be documented in order to indicate directions for future work

ASTRID architecture

Specification of the ASTRID architecture, to be used as a blueprint by the other WPs to define and develop the components under their responsibility. This will be a live specification, initially defined at M10 and then continuously updated according to the progress of the technical activities, using a spiral-like approach where the initial specification is coarse and at high-level and, as the time passes, gets refined with more details. The final architecture will be captured by D1.3.

State of the art, project concept and requirements

This report includes the additional information that are needed to design the ASTRID architecture and that have been collected at the beginning of the project, namely the work produced by tasks T1.1-T1.4 (state of the art, project concepts and application scenarios, requirements). Requirements of the different stakeholders, which is one of the inputs to the design of the architecture, and the assessment procedures and metrics will be obtained through standard techniques (e.g. interviews with key stakeholders, focus groups, public consultations).

Secure orchestration infrastructure

Report presenting algorithms, interfaces between components, and the detailed architecture of the secure orchestration platform. This complements the release of the source code with a more detailed explanation of the internals, interfaces, and overall architecture. Finally, it documents also the implementation of the components presented in deliverables D2.1, D2.2 and D2.3 that were released early in time and that did not include any implementation detail.

Forensic Architecture

Report presenting the components and their interactions with respect to the forensic architecture foreseen in ASTRID. This report is delivered rather early with respect to the ASTRID timeline in order to document the conceptual view of the project with respect to the above topic. The documentation about the implementation will be part of deliverable D2.7.

Initial assessment of the ASTRID project

Report presenting the results of the initial project assessment, enlightening the correspondence between project objectives, user requirements and the outcome of the project. This document presents also the outcome of the tests, feedback to the technical WPs, issues raised by the users with the technical support, usage data and feedback collected from users and administrators involved in the validation tests.

First report on security algorithms and tools

This report collects and presents all the algorithms and tools dedicated to the detection and management of vulnerabilities, threats, and anomalies, which are fed by events generated by the infrastructure and possibly by policies coming from ASTRID stakeholders. This report freezes the current status in the mid-lifespan of the project.

Data handling: Collection, Fusion, Harmonization

Report detailing all the data-related algorithms and techniques that have been studied and prototyped in task T2.2.

Final report on security algorithms and tools

This report collects and presents all the algorithms and tools dedicated to the detection and management of vulnerabilities, threats, and anomalies, which are feed by events generated by the infrastructure and possibly by policies coming from ASTRID stakeholders. This document reports the status of the project at the end of its lifespan (the following months are dedicated mainly to validation).

First public demonstrator of ASTRID framework (software prototype plus running demos)

This deliverable documents the initial deployment of the ASTRID framework in the planned demonstrators and it is composed of a set of videos showing the behaviour of the system under different operating conditions and when fed with different external inputs. Videos will be accompanied by a short report giving more details about the demonstrating conditions. Videos will be released without restrictions, in order to demonstrate the potential of the ASTRID platform even if some of the (software) components have not been released in the open source domain.

Final public demonstrator of ASTRID framework (software prototype plus running demos)

This deliverable documents the final deployment of the ASTRID platform in the planned demonstrators and it is composed by a set of videos showing the behaviour of the system under different operating conditions and when fed with different external inputs. Videos will be accompanied by a short report giving more details about the demonstrating conditions. Videos will be released without restrictions, in order to demonstrate the potential of the ASTRID platform even if some of the (software) components have not been released in the open source domain.

First public release of the secure orchestration components

First public release of the software components of the secure orchestration platform. This prototype will be accompanied by a short report explaining how to install and use the software.

Final public release of the secure orchestration components

Second (and final) public release of the software components of the secure orchestration platform, which includes all the work done in the project. Minor updates may be released as amendment in case the final validation brings the necessity of small changes (e.g., bug fixing) in the above components. This prototype will be accompanied by a short report explaining how install and use the software.

Public release of the user-oriented GUI (security awareness)

First release of the graphical user interface that allow to (1) build and show the (security-oriented) situational awareness for the different ASTRID stakeholders, and (2) possibly specify additional policies/actions in order to influence the future behaviour of the secure orchestration platform/algorithms.

Veröffentlichungen

Feature Selection Evaluation towards a Lightweight Deep Learning DDoS Detector

Autoren: Odnan Ref Sanchez, Matteo Repetto, Alessandro Carrega, Raffaele Bolla, Jane Frances Pajo
Veröffentlicht in: ICC 2021 - IEEE International Conference on Communications, 2021, Seite(n) 1-6, ISBN 978-1-7281-7122-7
Herausgeber: IEEE
DOI: 10.1109/icc42927.2021.9500458

Feature Selection Evaluation towards a Lightweight Deep Learning DDoS Detector

Autoren: O. R. Sanchez, M. Repetto, A. Carrega, R. Bolla, and J. F. Pajo
Veröffentlicht in: 2021
Herausgeber: IEEE

Evaluating ML-based DDoS Detection with Grid Search Hyperparameter Optimization

Autoren: Odnan Ref Sanchez, Matteo Repetto, Alessandro Carrega, Raffaele Bolla
Veröffentlicht in: 2021 IEEE 7th International Conference on Network Softwarization (NetSoft), 2021, Seite(n) 402-408, ISBN 978-1-6654-0522-5
Herausgeber: IEEE
DOI: 10.1109/netsoft51509.2021.9492633

Programmable Data Gathering for Detecting Stegomalware

Autoren: Alessandro Carrega, Luca Caviglione, Matteo Repetto, Marco Zuppelli
Veröffentlicht in: 2020 6th IEEE Conference on Network Softwarization (NetSoft), 2020, Seite(n) 422-429, ISBN 978-1-7281-5684-2
Herausgeber: IEEE
DOI: 10.1109/netsoft48620.2020.9165537

Towards a fully automated and optimized network security functions orchestration

Autoren: Daniele Bringhenti, Guido Marchetto, Riccardo Sisto, Fulvio Valenza, Jalolliddin Yusupov
Veröffentlicht in: 2019 4th International Conference on Computing, Communications and Security (ICCCS), 2019, Seite(n) 1-7, ISBN 978-1-7281-0875-9
Herausgeber: IEEE
DOI: 10.1109/cccs.2019.8888130

An architecture to manage security services for cloud applications

Autoren: M. Repetto, A. Carrega, G. Lamanna
Veröffentlicht in: 2019 4th International Conference on Computing, Communications and Security (ICCCS), 2019, Seite(n) 1-8, ISBN 978-1-7281-0875-9
Herausgeber: IEEE
DOI: 10.1109/cccs.2019.8888061

Data Log Management for Cyber-Security Programmability of Cloud Services and Applications

Autoren: Alessandro Carrega, Matteo Repetto
Veröffentlicht in: Proceedings of the 1st ACM Workshop on Workshop on Cyber-Security Arms Race - CYSARM'19, 2019, Seite(n) 47-52, ISBN 9781450368407
Herausgeber: ACM Press
DOI: 10.1145/3338511.3357351

Introducing programmability and automation in the synthesis of virtual firewall rules

Autoren: Daniele Bringhenti, Guido Marchetto, Riccardo Sisto, Fulvio Valenza, Jalolliddin Yusupov
Veröffentlicht in: 2020 6th IEEE Conference on Network Softwarization (NetSoft), 2020, Seite(n) 473-478, ISBN 978-1-7281-5684-2
Herausgeber: IEEE
DOI: 10.1109/netsoft48620.2020.9165434

Securing V2X Communications for the Future - Can PKI Systems offer the answer?

Autoren: Thanassis Giannetsos, Ioannis Krontiris
Veröffentlicht in: Proceedings of the 14th International Conference on Availability, Reliability and Security, 2019, Seite(n) 1-8, ISBN 9781450371643
Herausgeber: ACM
DOI: 10.1145/3339252.3340523

Leveraging the 5G architecture to mitigate amplification attacks

Autoren: Matteo Repetto, Alessandro Carrega, Guerino Lamanna, Jaloliddin Yusupov, Orazio Toscano, Gianmarco Bruno, Michele Nuovo, Marco Cappelli
Veröffentlicht in: 2021 IEEE 7th International Conference on Network Softwarization (NetSoft), 2021, Seite(n) 443-449, ISBN 978-1-6654-0522-5
Herausgeber: IEEE
DOI: 10.1109/netsoft51509.2021.9492545

Towards Novel Security Architectures for Network Functions Virtualization

Autoren: M. Repetto, A. Carrega, G. Lamanna
Veröffentlicht in: 2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), 2019, Seite(n) 1-5, ISBN 978-1-7281-4545-7
Herausgeber: IEEE
DOI: 10.1109/nfv-sdn47374.2019.9040068

Direct anonymous attestation on the road - efficient and privacy-preserving revocation in C-ITS

Autoren: Benjamin Larsen, Thanassis Giannetsos, Ioannis Krontiris, Kenneth Goldman
Veröffentlicht in: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2021, Seite(n) 48-59, ISBN 9781450383493
Herausgeber: ACM
DOI: 10.1145/3448300.3467832

Code Augmentation for Detecting Covert Channels Targeting the IPv6 Flow Label

Autoren: Luca Caviglione, Marco Zuppelli, Wojciech Mazurczyk, Andreas Schaffhauser, Matteo Repetto
Veröffentlicht in: 2021 IEEE 7th International Conference on Network Softwarization (NetSoft), 2021, Seite(n) 450-456, ISBN 978-1-6654-0522-5
Herausgeber: IEEE
DOI: 10.1109/netsoft51509.2021.9492661

Automated optimal firewall orchestration and configuration in virtualized networks

Autoren: Daniele Bringhenti, Guido Marchetto, Riccardo Sisto, Fulvio Valenza, Jalolliddin Yusupov
Veröffentlicht in: NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, 2020, Seite(n) 1-7, ISBN 978-1-7281-4973-8
Herausgeber: IEEE
DOI: 10.1109/noms47738.2020.9110402

Short Paper - Automatic Configuration for an Optimal Channel Protection in Virtualized Networks

Autoren: Daniele Bringhenti, Guido Marchetto, Riccardo Sisto, Fulvio Valenza
Veröffentlicht in: Proceedings of the 2nd Workshop on Cyber-Security Arms Race, 2020, Seite(n) 25-30, ISBN 9781450380911
Herausgeber: ACM
DOI: 10.1145/3411505.3418439

A Service-Agnostic Software Framework for Fast and Efficient in-Kernel Network Services

Autoren: Sebastiano Miano, Matteo Bertrone, Fulvio Risso, Mauricio Vasquez Bernal, Yunsong Lu, Jianwen Pi, Aasif Shaikh
Veröffentlicht in: 2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), 2019, Seite(n) 1-9, ISBN 978-1-7281-4387-3
Herausgeber: IEEE
DOI: 10.1109/ancs.2019.8901880

bccstego: A Framework for Investigating Network Covert Channels

Autoren: Matteo Repetto, Luca Caviglione, Marco Zuppelli
Veröffentlicht in: The 16th International Conference on Availability, Reliability and Security, 2021, Seite(n) 1-7, ISBN 9781450390514
Herausgeber: ACM
DOI: 10.1145/3465481.3470028

Automated Security Management for Virtual Services

Autoren: M. Repetto, A. Carrega, J. Yusupov, F. Valenza, F. Risso, G. Lamanna
Veröffentlicht in: 2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), 2019, Seite(n) 1-2, ISBN 978-1-7281-4545-7
Herausgeber: IEEE
DOI: 10.1109/nfv-sdn47374.2019.9040069

Towards Efficient Control-Flow Attestation with Software-Assisted Multi-level Execution Tracing

Autoren: D. Papamartzivanos, S. Menesidou, P. Gouvas, T. Giannetsos
Veröffentlicht in: 2021
Herausgeber: IEEE
DOI: 10.5281/zenodo.5336142

BLINDTRUST: Oblivious Remote Attestation for Secure Service Function Chains

Autoren: Heini Bergsson Debes, Thanassis Giannetsos, Ioannis Krontiris
Veröffentlicht in: 2021
Herausgeber: IEEE

Hybrid Deep Learning: An Efficient Reconnaissance and Surveillance Detection Mechanism in SDN

Autoren: Jahanzaib Malik, Adnan Akhunzada, Iram Bibi, Muhammad Imran, Arslan Musaddiq, Sung Won Kim
Veröffentlicht in: IEEE Access, Ausgabe 8, 2020, Seite(n) 134695-134706, ISSN 2169-3536
Herausgeber: Institute of Electrical and Electronics Engineers Inc.
DOI: 10.1109/access.2020.3009849

Securing Cyberspace of Future Smart Cities with 5G Technologies

Autoren: Adnan Akhunzada, Saif ul Islam, Sherali Zeadally
Veröffentlicht in: IEEE Network, Ausgabe 34/4, 2020, Seite(n) 336-342, ISSN 0890-8044
Herausgeber: Institute of Electrical and Electronics Engineers
DOI: 10.1109/mnet.001.1900559

A Dynamic DL-Driven Architecture to Combat Sophisticated Android Malware

Autoren: Iram Bibi, Adnan Akhunzada, Jahanzaib Malik, Javed Iqbal, Arslan Musaddiq, Sungwon Kim
Veröffentlicht in: IEEE Access, Ausgabe 8, 2020, Seite(n) 129600-129612, ISSN 2169-3536
Herausgeber: Institute of Electrical and Electronics Engineers Inc.
DOI: 10.1109/access.2020.3009819

SDN orchestration to combat evolving cyber threats in Internet of Medical Things (IoMT)

Autoren: Shahzana Liaqat, Adnan Akhunzada, Fatema Sabeen Shaikh, Athanasios Giannetsos, Mian Ahmad Jan
Veröffentlicht in: Computer Communications, Ausgabe 160, 2020, Seite(n) 697-705, ISSN 0140-3664
Herausgeber: Elsevier BV
DOI: 10.1016/j.comcom.2020.07.006

QoS-aware service provisioning in fog computing

Autoren: Faizan Murtaza, Adnan Akhunzada, Saif ul Islam, Jalil Boudjadar, Rajkumar Buyya
Veröffentlicht in: Journal of Network and Computer Applications, Ausgabe 165, 2020, Seite(n) 102674, ISSN 1084-8045
Herausgeber: Academic Press
DOI: 10.1016/j.jnca.2020.102674

A hybrid DL-driven intelligent SDN-enabled malware detection framework for Internet of Medical Things (IoMT)

Autoren: Soneila Khan, Adnan Akhunzada
Veröffentlicht in: Computer Communications, Ausgabe 170, 2021, Seite(n) 209-216, ISSN 0140-3664
Herausgeber: Elsevier BV
DOI: 10.1016/j.comcom.2021.01.013

Guest editorial: Special issue on novel cyber-security paradigms for software-defined and virtualized systems

Autoren: Fulvio Valenza, Matteo Repetto, Stavros Shiaeles
Veröffentlicht in: Computer Networks, Ausgabe 193, 2021, Seite(n) 108126, ISSN 1389-1286
Herausgeber: Elsevier BV
DOI: 10.1016/j.comnet.2021.108126

An Autonomous Cybersecurity Framework for Next-generation Digital Service Chains

Autoren: Matteo Repetto, Domenico Striccoli, Giuseppe Piro, Alessandro Carrega, Gennaro Boggia, Raffaele Bolla
Veröffentlicht in: Journal of Network and Systems Management, Ausgabe 29/4, 2021, ISSN 1064-7570
Herausgeber: Kluwer Academic Publishers
DOI: 10.1007/s10922-021-09607-7

Introducing SmartNICs in Server-Based Data Plane Processing: The DDoS Mitigation Use Case

Autoren: Sebastiano Miano, Roberto Doriguzzi-Corin, Fulvio Risso, Domenico Siracusa, Raffaele Sommese
Veröffentlicht in: IEEE Access, Ausgabe 7, 2019, Seite(n) 107161-107170, ISSN 2169-3536
Herausgeber: Institute of Electrical and Electronics Engineers Inc.
DOI: 10.1109/access.2019.2933491

An architecture to manage security operations for digital service chains

Autoren: Matteo Repetto; Alessandro Carrega; Riccardo Rapuzzi
Veröffentlicht in: Future Generation Computer Systems, Ausgabe Volume 115, 2021, Seite(n) 251-266, ISSN 0167-739X
Herausgeber: Elsevier BV
DOI: 10.1016/j.future.2020.08.044

Securing Linux with a faster and scalable iptables

Autoren: Sebastiano Miano, Matteo Bertrone, Fulvio Risso, Mauricio Vásquez Bernal, Yunsong Lu, Jianwen Pi
Veröffentlicht in: ACM SIGCOMM Computer Communication Review, Ausgabe 49/3, 2019, Seite(n) 2-17, ISSN 0146-4833
Herausgeber: ACM
DOI: 10.1145/3371927.3371929

Kernel-level tracing for detecting stegomalware and covert channels in Linux environments

Autoren: Luca Caviglione, Wojciech Mazurczyk, Matteo Repetto, Andreas Schaffhauser, Marco Zuppelli
Veröffentlicht in: Computer Networks, Ausgabe 191, 2021, Seite(n) 108010, ISSN 1389-1286
Herausgeber: Elsevier BV
DOI: 10.1016/j.comnet.2021.108010

Formally specifying and checking policies and anomalies in service function chaining

Autoren: Fulvio Valenza, Serena Spinoso, Riccardo Sisto
Veröffentlicht in: Journal of Network and Computer Applications, Ausgabe 146, 2019, Seite(n) 102419, ISSN 1084-8045
Herausgeber: Academic Press
DOI: 10.1016/j.jnca.2019.102419

A Framework for Verification-Oriented User-Friendly Network Function Modeling

Autoren: Guido Marchetto, Riccardo Sisto, Fulvio Valenza, Jalolliddin Yusupov
Veröffentlicht in: IEEE Access, Ausgabe 7, 2019, Seite(n) 99349-99359, ISSN 2169-3536
Herausgeber: Institute of Electrical and Electronics Engineers Inc.
DOI: 10.1109/access.2019.2929325

CrowdLED: Towards Crowd-Empowered and Privacy-Preserving Data Sharing Using Smart Contracts

Autoren: Constantinos Pouyioukka, Thanassis Giannetsos, Weizhi Meng
Veröffentlicht in: Trust Management XIII - 13th IFIP WG 11.11 International Conference, IFIPTM 2019, Copenhagen, Denmark, July 17-19, 2019, Proceedings, Ausgabe 563, 2019, Seite(n) 147-161, ISBN 978-3-030-33715-5
Herausgeber: Springer International Publishing
DOI: 10.1007/978-3-030-33716-2_12

Rechte des geistigen Eigentums

METHODS AND APPARATUS FOR OPERATING A CONSTRAINED DEVICE

Antrags-/Publikationsnummer: 20 19055755
Datum: 2019-03-07
Antragsteller: ERICSSON TELECOMUNICAZIONI SPA

METHODS AND APPARATUSES FOR NETWORK MANAGEMENT

Antrags-/Publikationsnummer: 20 20052761
Datum: 2020-02-04
Antragsteller: ERICSSON TELECOMUNICAZIONI SPA

Suche nach OpenAIRE-Daten ...

Leistungen

Veröffentlichungen

Rechte des geistigen Eigentums

Diese Seite teilen

Herunterladen