Risultati finali Documents, reports (13) Programmable Components and Context Models Report detailing the programming models and the technologies chosen to embed programmable resources in the service graph that will be at the foundation of the project. This report is delivered rather early with respect to the ASTRID timeline in order to document the conceptual outcome of the project with respect to the above topics. The documentation about the implementation of the components (e.g., monitoring probes, packet filters, etc.) that will be used in the project will be part of deliverable D2.7. Final ASTRID architecture Final specification of the ASTRID architecture, including the possible refinements incurred within the lifetime of the project. Validation and demonstration scenarios Report presenting a) the KPI chosen to measure the project results and their correspondence with project objectives and requirements, and b) the procedures used to perform the project assessment defined in T4.1. Access and Privacy Control Architecture and Models Report presenting the models and the resulting architecture for access and privacy control within the ASTRID architecture. This report is delivered rather early with respect to the ASTRID timeline in order to document the conceptual view of the project with respect to the above topics. The documentation about the implementation will be part of deliverable D2.7. Final assessment of the ASTRID project Report presenting the results of the final project assessment enlightening the correspondence between project objectives user requirements and the outcome of the project This document presents also the outcome of the tests and issues raised by the users with the technical support usage data and feedback collected from users and administrators involved in the validation tests Possible remaining issues will be documented in order to indicate directions for future work ASTRID architecture Specification of the ASTRID architecture, to be used as a blueprint by the other WPs to define and develop the components under their responsibility. This will be a live specification, initially defined at M10 and then continuously updated according to the progress of the technical activities, using a spiral-like approach where the initial specification is coarse and at high-level and, as the time passes, gets refined with more details. The final architecture will be captured by D1.3. State of the art, project concept and requirements This report includes the additional information that are needed to design the ASTRID architecture and that have been collected at the beginning of the project, namely the work produced by tasks T1.1-T1.4 (state of the art, project concepts and application scenarios, requirements). Requirements of the different stakeholders, which is one of the inputs to the design of the architecture, and the assessment procedures and metrics will be obtained through standard techniques (e.g. interviews with key stakeholders, focus groups, public consultations). Secure orchestration infrastructure Report presenting algorithms, interfaces between components, and the detailed architecture of the secure orchestration platform. This complements the release of the source code with a more detailed explanation of the internals, interfaces, and overall architecture. Finally, it documents also the implementation of the components presented in deliverables D2.1, D2.2 and D2.3 that were released early in time and that did not include any implementation detail. Forensic Architecture Report presenting the components and their interactions with respect to the forensic architecture foreseen in ASTRID. This report is delivered rather early with respect to the ASTRID timeline in order to document the conceptual view of the project with respect to the above topic. The documentation about the implementation will be part of deliverable D2.7. Initial assessment of the ASTRID project Report presenting the results of the initial project assessment, enlightening the correspondence between project objectives, user requirements and the outcome of the project. This document presents also the outcome of the tests, feedback to the technical WPs, issues raised by the users with the technical support, usage data and feedback collected from users and administrators involved in the validation tests. First report on security algorithms and tools This report collects and presents all the algorithms and tools dedicated to the detection and management of vulnerabilities, threats, and anomalies, which are fed by events generated by the infrastructure and possibly by policies coming from ASTRID stakeholders. This report freezes the current status in the mid-lifespan of the project. Data handling: Collection, Fusion, Harmonization Report detailing all the data-related algorithms and techniques that have been studied and prototyped in task T2.2. Final report on security algorithms and tools This report collects and presents all the algorithms and tools dedicated to the detection and management of vulnerabilities, threats, and anomalies, which are feed by events generated by the infrastructure and possibly by policies coming from ASTRID stakeholders. This document reports the status of the project at the end of its lifespan (the following months are dedicated mainly to validation). Websites, patent fillings, videos etc. (2) First public demonstrator of ASTRID framework (software prototype plus running demos) This deliverable documents the initial deployment of the ASTRID framework in the planned demonstrators and it is composed of a set of videos showing the behaviour of the system under different operating conditions and when fed with different external inputs. Videos will be accompanied by a short report giving more details about the demonstrating conditions. Videos will be released without restrictions, in order to demonstrate the potential of the ASTRID platform even if some of the (software) components have not been released in the open source domain. Final public demonstrator of ASTRID framework (software prototype plus running demos) This deliverable documents the final deployment of the ASTRID platform in the planned demonstrators and it is composed by a set of videos showing the behaviour of the system under different operating conditions and when fed with different external inputs. Videos will be accompanied by a short report giving more details about the demonstrating conditions. Videos will be released without restrictions, in order to demonstrate the potential of the ASTRID platform even if some of the (software) components have not been released in the open source domain. Other (3) First public release of the secure orchestration components First public release of the software components of the secure orchestration platform. This prototype will be accompanied by a short report explaining how to install and use the software. Final public release of the secure orchestration components Second (and final) public release of the software components of the secure orchestration platform, which includes all the work done in the project. Minor updates may be released as amendment in case the final validation brings the necessity of small changes (e.g., bug fixing) in the above components. This prototype will be accompanied by a short report explaining how install and use the software. Public release of the user-oriented GUI (security awareness) First release of the graphical user interface that allow to (1) build and show the (security-oriented) situational awareness for the different ASTRID stakeholders, and (2) possibly specify additional policies/actions in order to influence the future behaviour of the secure orchestration platform/algorithms. Pubblicazioni Conference proceedings (26) Feature Selection Evaluation towards a Lightweight Deep Learning DDoS Detector Autori: Odnan Ref Sanchez, Matteo Repetto, Alessandro Carrega, Raffaele Bolla, Jane Frances Pajo Pubblicato in: ICC 2021 - IEEE International Conference on Communications, 2021, Pagina/e 1-6, ISBN 978-1-7281-7122-7 Editore: IEEE DOI: 10.1109/icc42927.2021.9500458 Feature Selection Evaluation towards a Lightweight Deep Learning DDoS Detector Autori: O. R. Sanchez, M. Repetto, A. Carrega, R. Bolla, and J. F. Pajo Pubblicato in: 2021 Editore: IEEE Evaluating ML-based DDoS Detection with Grid Search Hyperparameter Optimization Autori: Odnan Ref Sanchez, Matteo Repetto, Alessandro Carrega, Raffaele Bolla Pubblicato in: 2021 IEEE 7th International Conference on Network Softwarization (NetSoft), 2021, Pagina/e 402-408, ISBN 978-1-6654-0522-5 Editore: IEEE DOI: 10.1109/netsoft51509.2021.9492633 Programmable Data Gathering for Detecting Stegomalware Autori: Alessandro Carrega, Luca Caviglione, Matteo Repetto, Marco Zuppelli Pubblicato in: 2020 6th IEEE Conference on Network Softwarization (NetSoft), 2020, Pagina/e 422-429, ISBN 978-1-7281-5684-2 Editore: IEEE DOI: 10.1109/netsoft48620.2020.9165537 Towards a fully automated and optimized network security functions orchestration Autori: Daniele Bringhenti, Guido Marchetto, Riccardo Sisto, Fulvio Valenza, Jalolliddin Yusupov Pubblicato in: 2019 4th International Conference on Computing, Communications and Security (ICCCS), 2019, Pagina/e 1-7, ISBN 978-1-7281-0875-9 Editore: IEEE DOI: 10.1109/cccs.2019.8888130 An architecture to manage security services for cloud applications Autori: M. Repetto, A. Carrega, G. Lamanna Pubblicato in: 2019 4th International Conference on Computing, Communications and Security (ICCCS), 2019, Pagina/e 1-8, ISBN 978-1-7281-0875-9 Editore: IEEE DOI: 10.1109/cccs.2019.8888061 Data Log Management for Cyber-Security Programmability of Cloud Services and Applications Autori: Alessandro Carrega, Matteo Repetto Pubblicato in: Proceedings of the 1st ACM Workshop on Workshop on Cyber-Security Arms Race - CYSARM'19, 2019, Pagina/e 47-52, ISBN 9781450368407 Editore: ACM Press DOI: 10.1145/3338511.3357351 Introducing programmability and automation in the synthesis of virtual firewall rules Autori: Daniele Bringhenti, Guido Marchetto, Riccardo Sisto, Fulvio Valenza, Jalolliddin Yusupov Pubblicato in: 2020 6th IEEE Conference on Network Softwarization (NetSoft), 2020, Pagina/e 473-478, ISBN 978-1-7281-5684-2 Editore: IEEE DOI: 10.1109/netsoft48620.2020.9165434 Securing V2X Communications for the Future - Can PKI Systems offer the answer? Autori: Thanassis Giannetsos, Ioannis Krontiris Pubblicato in: Proceedings of the 14th International Conference on Availability, Reliability and Security, 2019, Pagina/e 1-8, ISBN 9781450371643 Editore: ACM DOI: 10.1145/3339252.3340523 Leveraging the 5G architecture to mitigate amplification attacks Autori: Matteo Repetto, Alessandro Carrega, Guerino Lamanna, Jaloliddin Yusupov, Orazio Toscano, Gianmarco Bruno, Michele Nuovo, Marco Cappelli Pubblicato in: 2021 IEEE 7th International Conference on Network Softwarization (NetSoft), 2021, Pagina/e 443-449, ISBN 978-1-6654-0522-5 Editore: IEEE DOI: 10.1109/netsoft51509.2021.9492545 Towards Novel Security Architectures for Network Functions Virtualization Autori: M. Repetto, A. Carrega, G. Lamanna Pubblicato in: 2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), 2019, Pagina/e 1-5, ISBN 978-1-7281-4545-7 Editore: IEEE DOI: 10.1109/nfv-sdn47374.2019.9040068 Direct anonymous attestation on the road - efficient and privacy-preserving revocation in C-ITS Autori: Benjamin Larsen, Thanassis Giannetsos, Ioannis Krontiris, Kenneth Goldman Pubblicato in: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2021, Pagina/e 48-59, ISBN 9781450383493 Editore: ACM DOI: 10.1145/3448300.3467832 Code Augmentation for Detecting Covert Channels Targeting the IPv6 Flow Label Autori: Luca Caviglione, Marco Zuppelli, Wojciech Mazurczyk, Andreas Schaffhauser, Matteo Repetto Pubblicato in: 2021 IEEE 7th International Conference on Network Softwarization (NetSoft), 2021, Pagina/e 450-456, ISBN 978-1-6654-0522-5 Editore: IEEE DOI: 10.1109/netsoft51509.2021.9492661 Automated optimal firewall orchestration and configuration in virtualized networks Autori: Daniele Bringhenti, Guido Marchetto, Riccardo Sisto, Fulvio Valenza, Jalolliddin Yusupov Pubblicato in: NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, 2020, Pagina/e 1-7, ISBN 978-1-7281-4973-8 Editore: IEEE DOI: 10.1109/noms47738.2020.9110402 Short Paper - Automatic Configuration for an Optimal Channel Protection in Virtualized Networks Autori: Daniele Bringhenti, Guido Marchetto, Riccardo Sisto, Fulvio Valenza Pubblicato in: Proceedings of the 2nd Workshop on Cyber-Security Arms Race, 2020, Pagina/e 25-30, ISBN 9781450380911 Editore: ACM DOI: 10.1145/3411505.3418439 A Service-Agnostic Software Framework for Fast and Efficient in-Kernel Network Services Autori: Sebastiano Miano, Matteo Bertrone, Fulvio Risso, Mauricio Vasquez Bernal, Yunsong Lu, Jianwen Pi, Aasif Shaikh Pubblicato in: 2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), 2019, Pagina/e 1-9, ISBN 978-1-7281-4387-3 Editore: IEEE DOI: 10.1109/ancs.2019.8901880 bccstego: A Framework for Investigating Network Covert Channels Autori: Matteo Repetto, Luca Caviglione, Marco Zuppelli Pubblicato in: The 16th International Conference on Availability, Reliability and Security, 2021, Pagina/e 1-7, ISBN 9781450390514 Editore: ACM DOI: 10.1145/3465481.3470028 An abstraction layer for cybersecurity context Autori: R. Bolla, A. Carrega, M. Repetto Pubblicato in: 2019 International Conference on Computing, Networking and Communications (ICNC), 2019, Pagina/e 214-218, ISBN 978-1-5386-9223-3 Editore: IEEE DOI: 10.1109/iccnc.2019.8685665 A New Paradigm to Address Threats for Virtualized Services Autori: Stefan Covaci, Matteo Repetto, Fulvio Risso Pubblicato in: 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Numero July, 23rd-27th, 2018, Pagina/e 689-694, ISBN 978-1-5386-2666-5 Editore: IEEE DOI: 10.1109/compsac.2018.10320 Situational Awareness in Virtual Networks: The ASTRID Approach Autori: A. Carrega, M. Repetto, F. Risso, S. Covaci, A. Zafeiropoulos, T. Giannetsos, O Toscano Pubblicato in: 2018 IEEE 7th International Conference on Cloud Networking (CloudNet), 2018, Pagina/e 1-6, ISBN 978-1-5386-6831-3 Editore: IEEE DOI: 10.1109/cloudnet.2018.8549540 Creating Complex Network Services with eBPF: Experience and Lessons Learned Autori: Miano; Bertrone; Risso; Tumolo; Vasquez Bernal Pubblicato in: IEEE International Conference on High Performance Switching and Routing (HPSR 2018), 2018 Editore: IEEE DOI: 10.5281/zenodo.3293686 Toward an eBPF-based clone of iptables Autori: Bertrone; Miano; Risso; Tumolo; Pi Pubblicato in: Netdev 0x12, The Technical Conference on Linux Networking, 2018 Editore: Linux Foundation DOI: 10.5281/zenodo.3293345 Accelerating Linux Security with eBPF iptables Autori: Matteo Bertrone, Sebastiano Miano, Fulvio Risso, Massimo Tumolo Pubblicato in: Proceedings of the ACM SIGCOMM 2018 Conference on Posters and Demos - SIGCOMM '18, 2018, Pagina/e 108-110, ISBN 9781-450359153 Editore: ACM Press DOI: 10.1145/3234200.3234228 Automated Security Management for Virtual Services Autori: M. Repetto, A. Carrega, J. Yusupov, F. Valenza, F. Risso, G. Lamanna Pubblicato in: 2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), 2019, Pagina/e 1-2, ISBN 978-1-7281-4545-7 Editore: IEEE DOI: 10.1109/nfv-sdn47374.2019.9040069 Towards Efficient Control-Flow Attestation with Software-Assisted Multi-level Execution Tracing Autori: D. Papamartzivanos, S. Menesidou, P. Gouvas, T. Giannetsos Pubblicato in: 2021 Editore: IEEE DOI: 10.5281/zenodo.5336142 BLINDTRUST: Oblivious Remote Attestation for Secure Service Function Chains Autori: Heini Bergsson Debes, Thanassis Giannetsos, Ioannis Krontiris Pubblicato in: 2021 Editore: IEEE Non-peer reviewed articles (7) Hybrid Deep Learning: An Efficient Reconnaissance and Surveillance Detection Mechanism in SDN Autori: Jahanzaib Malik, Adnan Akhunzada, Iram Bibi, Muhammad Imran, Arslan Musaddiq, Sung Won Kim Pubblicato in: IEEE Access, Numero 8, 2020, Pagina/e 134695-134706, ISSN 2169-3536 Editore: Institute of Electrical and Electronics Engineers Inc. DOI: 10.1109/access.2020.3009849 Securing Cyberspace of Future Smart Cities with 5G Technologies Autori: Adnan Akhunzada, Saif ul Islam, Sherali Zeadally Pubblicato in: IEEE Network, Numero 34/4, 2020, Pagina/e 336-342, ISSN 0890-8044 Editore: Institute of Electrical and Electronics Engineers DOI: 10.1109/mnet.001.1900559 A Dynamic DL-Driven Architecture to Combat Sophisticated Android Malware Autori: Iram Bibi, Adnan Akhunzada, Jahanzaib Malik, Javed Iqbal, Arslan Musaddiq, Sungwon Kim Pubblicato in: IEEE Access, Numero 8, 2020, Pagina/e 129600-129612, ISSN 2169-3536 Editore: Institute of Electrical and Electronics Engineers Inc. DOI: 10.1109/access.2020.3009819 SDN orchestration to combat evolving cyber threats in Internet of Medical Things (IoMT) Autori: Shahzana Liaqat, Adnan Akhunzada, Fatema Sabeen Shaikh, Athanasios Giannetsos, Mian Ahmad Jan Pubblicato in: Computer Communications, Numero 160, 2020, Pagina/e 697-705, ISSN 0140-3664 Editore: Elsevier BV DOI: 10.1016/j.comcom.2020.07.006 QoS-aware service provisioning in fog computing Autori: Faizan Murtaza, Adnan Akhunzada, Saif ul Islam, Jalil Boudjadar, Rajkumar Buyya Pubblicato in: Journal of Network and Computer Applications, Numero 165, 2020, Pagina/e 102674, ISSN 1084-8045 Editore: Academic Press DOI: 10.1016/j.jnca.2020.102674 A hybrid DL-driven intelligent SDN-enabled malware detection framework for Internet of Medical Things (IoMT) Autori: Soneila Khan, Adnan Akhunzada Pubblicato in: Computer Communications, Numero 170, 2021, Pagina/e 209-216, ISSN 0140-3664 Editore: Elsevier BV DOI: 10.1016/j.comcom.2021.01.013 Guest editorial: Special issue on novel cyber-security paradigms for software-defined and virtualized systems Autori: Fulvio Valenza, Matteo Repetto, Stavros Shiaeles Pubblicato in: Computer Networks, Numero 193, 2021, Pagina/e 108126, ISSN 1389-1286 Editore: Elsevier BV DOI: 10.1016/j.comnet.2021.108126 Peer reviewed articles (8) An Autonomous Cybersecurity Framework for Next-generation Digital Service Chains Autori: Matteo Repetto, Domenico Striccoli, Giuseppe Piro, Alessandro Carrega, Gennaro Boggia, Raffaele Bolla Pubblicato in: Journal of Network and Systems Management, Numero 29/4, 2021, ISSN 1064-7570 Editore: Kluwer Academic Publishers DOI: 10.1007/s10922-021-09607-7 Introducing SmartNICs in Server-Based Data Plane Processing: The DDoS Mitigation Use Case Autori: Sebastiano Miano, Roberto Doriguzzi-Corin, Fulvio Risso, Domenico Siracusa, Raffaele Sommese Pubblicato in: IEEE Access, Numero 7, 2019, Pagina/e 107161-107170, ISSN 2169-3536 Editore: Institute of Electrical and Electronics Engineers Inc. DOI: 10.1109/access.2019.2933491 An architecture to manage security operations for digital service chains Autori: Matteo Repetto; Alessandro Carrega; Riccardo Rapuzzi Pubblicato in: Future Generation Computer Systems, Numero Volume 115, 2021, Pagina/e 251-266, ISSN 0167-739X Editore: Elsevier BV DOI: 10.1016/j.future.2020.08.044 Securing Linux with a faster and scalable iptables Autori: Sebastiano Miano, Matteo Bertrone, Fulvio Risso, Mauricio Vásquez Bernal, Yunsong Lu, Jianwen Pi Pubblicato in: ACM SIGCOMM Computer Communication Review, Numero 49/3, 2019, Pagina/e 2-17, ISSN 0146-4833 Editore: ACM DOI: 10.1145/3371927.3371929 Towards Autonomous Security Assurance in 5G Infrastructures Autori: Stefan COVACI, Matteo REPETTO, Fulvio RISSO Pubblicato in: IEICE Transactions on Communications, Numero E102.B/3, 2019, Pagina/e 401-409, ISSN 0916-8516 Editore: Oxford University Press DOI: 10.1587/transcom.2018nvi0001 Kernel-level tracing for detecting stegomalware and covert channels in Linux environments Autori: Luca Caviglione, Wojciech Mazurczyk, Matteo Repetto, Andreas Schaffhauser, Marco Zuppelli Pubblicato in: Computer Networks, Numero 191, 2021, Pagina/e 108010, ISSN 1389-1286 Editore: Elsevier BV DOI: 10.1016/j.comnet.2021.108010 Formally specifying and checking policies and anomalies in service function chaining Autori: Fulvio Valenza, Serena Spinoso, Riccardo Sisto Pubblicato in: Journal of Network and Computer Applications, Numero 146, 2019, Pagina/e 102419, ISSN 1084-8045 Editore: Academic Press DOI: 10.1016/j.jnca.2019.102419 A Framework for Verification-Oriented User-Friendly Network Function Modeling Autori: Guido Marchetto, Riccardo Sisto, Fulvio Valenza, Jalolliddin Yusupov Pubblicato in: IEEE Access, Numero 7, 2019, Pagina/e 99349-99359, ISSN 2169-3536 Editore: Institute of Electrical and Electronics Engineers Inc. DOI: 10.1109/access.2019.2929325 Book chapters (1) CrowdLED: Towards Crowd-Empowered and Privacy-Preserving Data Sharing Using Smart Contracts Autori: Constantinos Pouyioukka, Thanassis Giannetsos, Weizhi Meng Pubblicato in: Trust Management XIII - 13th IFIP WG 11.11 International Conference, IFIPTM 2019, Copenhagen, Denmark, July 17-19, 2019, Proceedings, Numero 563, 2019, Pagina/e 147-161, ISBN 978-3-030-33715-5 Editore: Springer International Publishing DOI: 10.1007/978-3-030-33716-2_12 Diritti di proprietà intellettuale Patent (2) METHODS AND APPARATUS FOR OPERATING A CONSTRAINED DEVICE Numero candidatura/pubblicazione: 20 19055755 Data: 2019-03-07 Candidato/i: ERICSSON TELECOMUNICAZIONI SPA METHODS AND APPARATUSES FOR NETWORK MANAGEMENT Numero candidatura/pubblicazione: 20 20052761 Data: 2020-02-04 Candidato/i: ERICSSON TELECOMUNICAZIONI SPA È in corso la ricerca di dati su OpenAIRE... Si è verificato un errore durante la ricerca dei dati su OpenAIRE Nessun risultato disponibile