Politecnico di Torino (logo)

User-friendly Security Automation for Domotic Networks

Vincenzo Marino

User-friendly Security Automation for Domotic Networks.

Rel. Riccardo Sisto, Lorenzo De Carli, Daniele Bringhenti, Fulvio Valenza. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2023

PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (4MB) | Preview

The Network Functions Virtualization (NFV) paradigm revolutionizes networking technology by enabling the installation of software processes as service functions on general-purpose servers. Through NFV, a Service Graph is created, offering improved flexibility and performance by enabling multiple paths between endpoints. However, the manual creation and configuration of Service Graphs, especially when it involves security functions, present challenges. Security functions, such as firewalls and parental controls, play a crucial role in ensuring network safety. Misconfigurations and delays in updating security defenses to meet evolving security requirements are common risks associated with manual operations. To overcome these challenges, this thesis contributes to the development of VEREFOO (VErified REFinement and Optimized Orchestration). VEREFOO aims to automate Network and Security Management by automatically allocating and configuring Network Security Functions on a Service Graph. It achieves this by addressing a set of network security requirements expressed by the security administrator using a high-level security language and a refinement process. The proposed approach involves the formulation of a MaxSMT problem, with the objective of maximizing the sum of weights assigned to satisfied soft clauses while adhering to hard constraints, that always require to be satisfied. This formulation provides a formal verification of the solution’s correctness. The significant contribution of this thesis work lies in extending the functionality of VEREFOO’s ADP module to enable automatic allocation and/or configuration of Parental Control Systems. These systems can be implemented either within a device with full internet capabilities or within an Allocation Place along the path between the source and destination of the requirement. This thesis has introduced two types of Parental Control Systems. The first type is a simpler system that allows traffic customization for each user based on predefined filter levels. The second type is a more advanced system that enables device-level constraints, such as setting a daily time limit for device usage. Extensive testing of the implementation has been conducted in various network scenarios, demonstrating that the proposed approach provides a viable alternative to manual allocation and configuration of Parental Control Systems. Furthermore, the approach has been designed to be extensible, allowing for future enhancements such as defining requirements for specific categories of websites and incorporating other features commonly found in current Parental Control solutions.

Relators: Riccardo Sisto, Lorenzo De Carli, Daniele Bringhenti, Fulvio Valenza
Academic year: 2022/23
Publication type: Electronic
Number of Pages: 87
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Ente in cotutela: University of Calgary (CANADA)
Aziende collaboratrici: University Of Calgary
URI: http://webthesis.biblio.polito.it/id/eprint/27681
Modify record (reserved for operators) Modify record (reserved for operators)