Politecnico di Torino (logo)

Automating the Deployment of Security Functions in Virtualized Nerworks

Yasser Hobballah

Automating the Deployment of Security Functions in Virtualized Nerworks.

Rel. Riccardo Sisto, Guido Marchetto, Fulvio Valenza, Daniele Bringhenti. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2022

PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (1MB) | Preview

New frameworks that are developed daily must adhere to a specification, meaning that the framework should ensure certain expectations are satisfied. Usually, a developer goes through a process to establish the correct operation of a particular framework. This process, verification and validation, is typical in software to ensure that the software acts as expected. There are many techniques for verification and validation, one of which is software testing. Others may include testing at the logical level or even deploying the framework/software to be tested in specific conditions that replicate the conditions of a production real environment. However, regarding virtual environment creation, there is no standard process in the literature to create such an environment, and it largely depends on where the testing is performed. Some organizations may reproduce the whole physical environment (thus paying a lot of costs) to test a framework. Other organizations with limited resources may need to find alternative solutions such as virtual machines or containers. Building a virtual environment comes with many challenges, and a complexity that is difficult to manage. This thesis will target this challenges and try to solve them. This thesis contributes to developing and testing VEREFOO (VErified REFinement and Optimized Orchestration), a framework that aims to provide a Security Automation approach. Currently, the VEREFOO framework supports mainly the firewall feature of security automation. The thesis focuses primarily on the following aspects, testing the low-level configurations of firewalls produced by the framework, then developing a testing environment that is cost-effective, dynamic, and can be deployed with minimal resources to test such framework correctly. Although the designed virtual environment is explicitly tailored to test firewall configurations produced by the framework, it can be further extended to test other frameworks. Furthermore, we combine the different stand-alone parts (GUI-virtual environment VEREFOO firewall output...) of the VEREFOO framework into a single process through a demo demonstration. This thesis will show how framework testing in virtual environments can be improved, extended, and better classified concerning automation aspects. The main contribution lays in the investigation of, and the improvement in, issues related to achieving a high level of automation, which will be evident at the end of this thesis by presenting a developed translator algorithm customized for creating a virtual environment exploiting automation to the maximum.

Relators: Riccardo Sisto, Guido Marchetto, Fulvio Valenza, Daniele Bringhenti
Academic year: 2022/23
Publication type: Electronic
Number of Pages: 107
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: UNSPECIFIED
URI: http://webthesis.biblio.polito.it/id/eprint/24644
Modify record (reserved for operators) Modify record (reserved for operators)