Politecnico di Torino (logo)

Dynamic Network Traffic Monitoring

Michel Sciortino

Dynamic Network Traffic Monitoring.

Rel. Fulvio Giovanni Ottavio Risso, Fulvio Valenza. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2020

PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (2MB) | Preview

The growing adoption of virtualization technologies and micro-services architectures is re-shaping the traditional security paradigms for running software appliances. Services are now designed as graphs of simple applications deployed over a virtualized set of computing resources. Although de-coupling software from the underlying infrastructure brings immediate benefits in terms of elasticity, portability, automation and resiliency, the intermediate hypervisor tier also raises new security concerns about the mutual trustworthiness between those two layers and the potential threats in the virtualization substrate. In order to guarantee security in the virtualized environment it is therefore necessary to integrate the security aspect in the design of the service graph. This reveals the substantial inadequacy of legacy security appliances to effectively protect virtualized systems against cyber-threats, as they do not benefit from the flexibility and optimization capabilities introduced by virtualization. To solve this problems, the ASTRID project proposes to replace the use of explicit security devices with multiple programmable hooks present in the virtualized containers able inspect network traffic and system calls usage. This thesis work focuses on the creation of a Virtual Network Function able to inspect the network traffic that reaches a network interface, meeting the request of the ASTRID project. The main tool behind the proposed solution is Polycube, an open source framework developed by the Computer Networks Group of Politecnico di Torino, which allows the creation of virtual network functions capable of efficiently inspecting and manipulating the network traffic by exploiting the eBPF technology. The main feature of the proposed solution is the possibility to change the packets analysis code at runtime, to permit the execution of a loose monitoring when there are no ongoing attacks, and a more precise monitoring when anomalies are found, in order minimize the overhead on the performance of the monitored host. The tests carried out on the developed prototype allow to attest the advantages deriving from the use of this approach and to analyze the performance of the solution.

Relators: Fulvio Giovanni Ottavio Risso, Fulvio Valenza
Academic year: 2019/20
Publication type: Electronic
Number of Pages: 68
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: UNSPECIFIED
URI: http://webthesis.biblio.polito.it/id/eprint/14515
Modify record (reserved for operators) Modify record (reserved for operators)